The Linux Foundation has launched Akrites, bringing together leading technology companies to protect critical open source software from AI-enabled cyber threats through a unified vulnerability response framework.
The Linux Foundation has launched Akrites, a new industry-wide initiative designed to strengthen the security of critical open source software as artificial intelligence dramatically accelerates vulnerability discovery. The initiative establishes a shared Security Incident Response Team (SIRT) and a standardized Coordinated Vulnerability Disclosure (CVD) process to identify, coordinate, remediate and responsibly disclose vulnerabilities before attackers can exploit them.
The move comes as frontier AI models are now capable of identifying software vulnerabilities within minutes, compressing the time between discovery and potential exploitation. Akrites aims to ensure defenders can respond at the same speed by providing a confidential, coordinated framework for upstream security fixes.
The initiative focuses on protecting the open source software that underpins banking, healthcare, energy, power grids, telecommunications, transportation, government services, AI platforms and cloud infrastructure. It promotes upstream-first patching, responsible disclosure and the use of established security standards including CVE, CWE, CVSS, EPSS, SSVC, VEX and TLP.
A key feature of Akrites is its ability to serve as a “maintainer of last resort” for critical open source projects without active maintainers, ensuring security patches continue to reach users while preserving maintainer control wherever possible. The framework also replaces fragmented security responses with a single trusted disclosure channel, reducing duplicate reports and conflicting patches.
Founding members include Amazon Web Services, Anthropic, Cisco, Google, IBM, JPMorganChase, Microsoft, GitHub, NVIDIA, OpenAI, Red Hat and several other technology and cybersecurity leaders. Seed funding comes from the Linux Foundation’s Alpha-Omega fund, while additional organizations contributing engineering expertise, funding or security resources are invited to join the initiative.
