{"id":17746,"date":"2026-06-26T08:55:32","date_gmt":"2026-06-26T15:55:32","guid":{"rendered":"https:\/\/jasonsblog.ddns.net\/?p=17746"},"modified":"2026-06-26T08:55:32","modified_gmt":"2026-06-26T15:55:32","slug":"linux-foundation-launches-akrites-as-ai-makes-open-source-vulnerabilities-easier-to-find","status":"publish","type":"post","link":"https:\/\/jasonsblog.ddns.net\/index.php\/2026\/06\/26\/linux-foundation-launches-akrites-as-ai-makes-open-source-vulnerabilities-easier-to-find\/","title":{"rendered":"Linux Foundation Launches Akrites as AI Makes Open Source Vulnerabilities Easier to Find"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Given that the Linux Foundation is a captured entity by big tech and their donations, not really advocating for Linux, you have to treat anything from them as suspect. And the list of megacorps behind this effort also raises suspicion. Throw in the Linux Kernel project accepting a lot of AI code now, and I might be moving to BSD before too long. And the &#8220;maintainer of last resort&#8221; also peaked my suspicions. <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\">Akrites is a coordinated effort to help secure critical open source software before newly discovered vulnerabilities can be exploited. The project launches with backing from a long list of heavy hitters, including Amazon Web Services, Anthropic, Cisco, Google, IBM, Microsoft, NVIDIA, OpenAI, Red Hat, JPMorganChase, Citi, Sonatype, Vodafone, Zscaler, and several others.<\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/nerds.xyz\/2026\/06\/linux-foundation-launches-akrites-as-ai-makes-open-source-vulnerabilities-easier-to-find\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/nerds.xyz\/2026\/06\/linux-foundation-launches-akrites-as-ai-makes-open-source-vulnerabilities-easier-to-find\/<\/a><\/p>\n\n\n<div class=\"wp-block-ub-divider ub_divider ub-divider-orientation-horizontal\" id=\"ub_divider_67aec050-a45d-4b51-a39e-8fcc8b10c89d\"><div class=\"ub_divider_wrapper\" style=\"position: relative; margin-bottom: 2px; width: 100%; height: 2px; \" data-divider-alignment=\"center\"><div class=\"ub_divider_line\" style=\"border-top: 2px solid #ccc; margin-top: 2px; \"><\/div><\/div><\/div>\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/nerds.xyz\/wp-content\/uploads\/2026\/06\/Akrites.png\" alt=\"Akrites\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">By Brian Fagioli<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Artificial intelligence is changing cybersecurity in ways that aren\u2019t all positive. While AI can help security researchers identify software flaws faster than ever, it can also give attackers the same advantage. That\u2019s the problem the Linux Foundation hopes to address with a new initiative called <a href=\"https:\/\/akrites.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Akrites<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Akrites is a coordinated effort to help secure critical open source software before newly discovered vulnerabilities can be exploited. The project launches with backing from a long list of heavy hitters, including Amazon Web Services, Anthropic, Cisco, Google, IBM, Microsoft, NVIDIA, OpenAI, Red Hat, JPMorganChase, Citi, Sonatype, Vodafone, Zscaler, and several others.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019ve followed open source security over the years, the premise will sound familiar. Large companies often discover the same vulnerability at roughly the same time, then independently contact maintainers or develop their own fixes. That can create duplicate reports, conflicting patches, and extra work for developers who are often maintaining important software in their spare time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Akrites aims to clean up that process. Instead of dozens of organizations working separately, the initiative establishes a shared Security Incident Response Team and a standardized coordinated vulnerability disclosure process. In theory, maintainers get one trusted partner instead of a flood of overlapping security reports.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">One aspect that caught my attention is Akrites\u2019 promise to act as a \u201cmaintainer of last resort\u201d for abandoned but widely used open source packages. That\u2019s an ambitious goal. Plenty of aging projects still power production systems around the world despite having little or no active maintenance.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The urgency is understandable. The companies behind Akrites argue that advanced AI models can now analyze large codebases and uncover potential vulnerabilities in minutes. Whether those same capabilities ultimately benefit defenders more than attackers remains an open question, but it\u2019s clear the security landscape is changing quickly.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I think this effort has real potential, but success will depend on whether independent maintainers actually embrace it. Open source has never been short on corporate-backed security initiatives. What\u2019s harder is earning the trust of the volunteers who maintain many of the projects everyone else depends on. If Akrites can make their lives easier without adding bureaucracy, it could become an important piece of the open source security ecosystem. If not, the impressive list of founding members won\u2019t matter nearly as much.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For now, it\u2019s an interesting response to a very real problem, and one worth watching as AI continues to reshape software security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Given that the Linux Foundation is a captured entity by big tech and their donations, not really advocating for Linux, you have to treat anything from them as suspect. And the list of megacorps behind this effort also raises suspicion. Throw in the Linux Kernel project accepting a lot of AI code now, and I [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-17746","post","type-post","status-publish","format-standard","hentry","category-tech"],"blocksy_meta":[],"featured_image_src":null,"author_info":{"display_name":"Jason","author_link":"https:\/\/jasonsblog.ddns.net\/index.php\/author\/jturning\/"},"_links":{"self":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/comments?post=17746"}],"version-history":[{"count":1,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17746\/revisions"}],"predecessor-version":[{"id":17747,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/posts\/17746\/revisions\/17747"}],"wp:attachment":[{"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/media?parent=17746"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/categories?post=17746"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasonsblog.ddns.net\/index.php\/wp-json\/wp\/v2\/tags?post=17746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}