Linux Foundation and Industry Leaders Launch Akrites to Defend Critical Open Source Software Against AI-Enabled Cyber Threats

2026-06-25 · Source: The AI Journal · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning, Software Development & Engineering · Depth: Intermediate, long

Summary

The Linux Foundation, in collaboration with major industry leaders including Amazon Web Services, Anthropic, Google, IBM, Microsoft, NVIDIA, and OpenAI, announced Akrites on June 25, 2026. This new initiative is a coordinated effort to strengthen the security of critical open source software against AI-enabled cyber threats. Akrites establishes a shared Security Incident Response Team (SIRT) and a standardized Coordinated Vulnerability Disclosure (CVD) process, emphasizing confidentiality and industry-standard tooling. Founding members, which also include Chainguard, Cisco, Citi, Endor Labs, Ericsson, JPMorganChase, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler, are committing engineering talent, security expertise, and funding. The goal is to find, fix, and responsibly disclose vulnerabilities in widely used open source projects that underpin essential sectors like banking, healthcare, and government, before they can be exploited by increasingly sophisticated AI-powered attacks.

Key takeaway

For AI Security Engineers and Directors of AI/ML concerned about supply chain risks, Akrites offers a critical framework. You should consider participating in this initiative by contributing resources or expertise to proactively address AI-accelerated open source vulnerabilities. This coordinated approach ensures timely, confidential remediation and standardized disclosure, protecting your organization's reliance on open source infrastructure from increasingly sophisticated threats. Engage with Akrites to secure your critical systems before adversaries exploit newly discovered flaws.

Key insights

Akrites coordinates industry efforts to secure critical open source software against AI-accelerated vulnerabilities through a unified response.

Principles

• Confidentiality-first vulnerability disclosure.
• Coordinated remediation prevents fragmentation.
• Maintainers retain control of fixes.

Method

Akrites provides a shared Security Incident Response Team (SIRT) and a standardized Coordinated Vulnerability Disclosure (CVD) process. It coordinates with upstream maintainers to fix vulnerabilities and acts as a maintainer of last resort.

In practice

• Join Akrites to contribute security expertise.
• Utilize Akrites' CVD process for disclosures.
• Support upstream maintainers with coordinated fixes.

Topics

• Open-Source Security
• AI-Enabled Cyber Threats
• Coordinated Vulnerability Disclosure
• Software Supply Chain
• Critical Infrastructure
• Linux Foundation

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Security Engineer, Director of AI/ML

Related on AIssential

• The find out stage of AI is just supply chain and password protection​​​​‌‍​‍​‍‌‍‌​‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍​‍​‍​‍‍​‍​‍‌​‌‍​‌‌‍‍‌‍‍‌‌‌​‌‍‌​‍‍‌‍‍‌‌‍​‍​‍​‍​​‍​‍‌‍‍​‌​‍‌‍‌‌‌‍‌‍​‍​‍​‍‍​‍​‍‌‍‍​‌‌​‌‌​‌​​‌​​‍‍​‍​‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‍‌‌‍‍‌‌​‌‍‌‌‌‍‍‌‌​​‍‌‍‌‌‌‍‌​‌‍‍‌‌‌​​‍‌‍‌‌‍‌‍‌​‌‍‌‌​‌‌​​‌​‍‌‍‌‌‌​‌‍‌‌‌‍‍‌‌​‌‍​‌‌‌​‌‍‍‌‌‍‌‍‍​‍‌‍‍‌‌‍‌​​‌‌‍‌‍‌‍​‌​‍‌​​‌‌‍‌‍​‌‍‌‍​‌​‍​​‍‌​‌​‌‍​‍‌‍‌‍​​​​‍‌​‌​‌‍​‌​‌​‌‍​‌​‍‌‌‍​‌‌‍​​​​​‌​‍‌​‍​‌‍‌‌​‌‌‍‌‌‌‍‌‍‌‍‌​‌‍‌‌​‌​​‍​​​‌‌‌‍‌‍​‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‌‍​‍‌‍​‌‌​‌‍‌‌‌‌‌‌‌​‍‌‍​​‌‌‍‍​‌‌​‌‌​‌​​‌​​‍‌‌​​‌​​‌​‍‌‌​​‍‌​‌‍​‍‌‌​​‍‌​‌‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‌‍‍‌‌‍‌​​‌‌‍‌‍‌‍​‌​‍‌​​‌‌‍‌‍​‌‍‌‍​‌​‍​​‍‌​‌​‌‍​‍‌‍‌‍​​​​‍‌​‌​‌‍​‌​‌​‌‍​‌​‍‌‌‍​‌‌‍​​​​​‌​‍‌​‍​‌‍‌‌​‌‌‍‌‌‌‍‌‍‌‍‌​‌‍‌‌​‌​​‍​​​‌‌‌‍‌‍​‍‌‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‍‌‍‌​​‌‍‌‌‌​‍‌​‌​​‌‍‌‌‌‍​‌‌​‌‍‍‌‌‌‍‌‍‌‌​‌‌​​‌‌‌‌‍​‍‌‍​‌‍‍‌‌​‌‍‍​‌‍‌‌‌‍‌​​‍​‍‌‌ — Securing and governing AI agentic systems requires robust supply chain management and advanced identity protection.
• Our latest investment in open source security for the AI era — Industry leaders are investing $12.5 million and AI tools to proactively secure open source against AI-driven threats.
• Aikido launches Endpoint to secure AI-native developer workflows — Aikido Endpoint secures developer workstations by proactively blocking malicious packages and extensions, especially critical with AI-driven threats.
• Mend.io Releases AI Security Governance Framework Covering Asset Inventory, Risk Tiering, AI Supply Chain Security, and Maturity Model — Mend.io's framework provides a structured approach to AI security governance, from inventory to maturity.
• North Korean Threat Actors Target AI Supply Chains: Lessons From the Mastra AI Attack — North Korean threat actors are exploiting AI supply chains, making secure development and dependency management critical.
• IBM 2026 X-Force Threat Index: AI-Driven Attacks are Escalating as Basic Security Gaps Leave Enterprises Exposed — AI tools are accelerating cyberattacks by enabling faster vulnerability exploitation and lowering barriers to entry for threat actors.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The AI Journal.