The Linux Foundation has announced that it has secured $12.5 million in funding from Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to support open source software security efforts. The money will be managed through Alpha-Omega and the Open Source Security Foundation, and go towards helping maintainers handle the growing volume of AI-generated vulnerability reports.
AI systems are increasing how quickly vulnerabilities are discovered across open source projects, but the people responsible for fixing those issues are struggling to keep up.
SEE ALSO: Linux Foundation warns Europe risks falling behind without stronger open source strategy
Many of those findings are generated automatically, creating large queues of reports that require review, prioritization, and remediation. Without better tools and support, that workload can quickly become unmanageable.
Linux Foundation funding
The $12.5 million in funding will be directed toward improving how maintainers process and act on those findings, with an emphasis on tools and workflows that fit into existing projects. Alpha-Omega and OpenSSF will work directly with maintainers to make newer security capabilities usable in day-to-day development.
Alpha-Omega co-founder Michael Winser said: “Alpha-Omega was built on the idea that open source security should be both normal and achievable. By funding audits and embedding security experts directly into the ecosystem, we’ve proven that targeted investment works.” He added: “We are excited to bring maintainer-centric AI security assistance to the hundreds of thousands of projects that power our world.”
The scale of the problem is already visible in large projects. Greg Kroah-Hartman of the Linux kernel project said: “Grant funding alone is not going to help solve the problem that AI tools are causing today on open source security teams. OpenSSF has the active resources needed to support numerous projects that will help these overworked maintainers with the triage and processing of the increased AI-generated security reports they are currently receiving.”
Those comments reflect a growing issue across open source development. Many widely used projects rely on small teams or individual contributors, even as they support critical parts of the global software stack. As AI tools increase the number of reported vulnerabilities, the gap between discovery and resolution is becoming harder to stay on top of.
Steve Fernandez, general manager of OpenSSF, said: “Our commitment remains focused: to sustainably secure the entire lifecycle of open source software.” He added that the goal is to ensure maintainers “have the tools and standards to take preventative measures to stay ahead of issues and build a more resilient ecosystem for everyone.”
The companies backing the funding are also involved in building and deploying AI systems that are improving vulnerability discovery, which shows how the same technology can increase both risk and defensive capability, depending on how it is applied.
What do you think about this push to support open source maintainers? Let us know in the comments.
