[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSy62nQr5DVhv9fIiEcm3Sz96Y3Ir89C843mTaLEVpa8":3},{"article":4,"iocs":53},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"e600a620-c209-4574-affe-988b879ebc43","Linux Foundation Unveils New Open Source Security Project Akrites","linux-foundation-unveils-new-open-source-security-project-akrites-969751","It will provide the tools and channels to report, patch, and disclose open source software vulnerabilities. The post Linux Foundation Unveils New Open Source Security Project Akrites appeared first on SecurityWeek.","The Linux Foundation has launched Akrites, a new initiative to create a shared Security Incident Response Team (SIRT) for the open source software ecosystem. The project aims to provide tools and channels for coordinated vulnerability discovery, patching, and disclosure, with a focus on confidentiality to prevent exploitation before fixes are deployed. Akrites is supported by a broad coalition of major tech companies and aims to act as a maintainer of last resort for unmaintained packages.","Linux Foundation launches Akrites to streamline OSS vulnerability reporting and patching.","The Linux Foundation on Thursday announced a new industry effort aimed at efficiently addressing vulnerabilities in the open source software (OSS) ecosystem. Named Akrites, it establishes a shared Security Incident Response Team (SIRT) for coordinated discovery, patching, and public disclosure of OSS security defects. If it sounds familiar, it should. Less than two weeks ago, Chainguard announced Athena, a coalition of over two dozen fintech and technology organizations aimed at addressing OSS bugs before public disclosure. At the time, Chainguard said it would work with the Linux Foundation on a coordinated SIRT, noting that the increased use of AI in cyberattacks is essentially closing the window between public disclosure and patching. While the Linux Foundation’s new announcement makes no mention of Athena, Akrites walks the same path: it offers the tools and channels to report, validate, and address OSS vulnerabilities before their coordinated public disclosure. Akrites is supported by Anthropic, AWS, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler, many of which were mentioned as members of Athena.Advertisement. Scroll to continue reading. Seed funding to support Akrites comes from the Linux Foundation’s directed fund Alpha-Omega, with other organizations providing engineering resources and additional funding. In addition to establishing a confidential, trusted partner for vulnerability disclosure, eliminating hundreds of uncoordinated independent reports, Akrites will also work with critical infrastructure to help deploy fixes before in-the-wild exploitation. “When patches are released to the public, adversaries are able to utilize AI to rapidly reverse engineer the underlying vulnerabilities, develop exploits, and launch attacks. The success of our efforts, therefore, will be measured in patch deployment, not publication,” the Linux Foundation said. Akrites was created with a focus on confidentiality, to prevent vulnerability weaponization before patches are delivered, and to act as the maintainer of last resort, ensuring that fixes can still be delivered for packages that are no longer maintained. Related: IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” Related: Tech Giants Invest $12.5 Million in Open Source Security Related: RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool Related: OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire GitLab Patches Code Execution, Information Disclosure Vulnerabilities25-Year-Old Vulnerability Patched in CurlNIST Opens Updated IoT Security Guidance to Public ReviewChrome 149 Update Resolves 18 Severe VulnerabilitiesCritical Ubiquiti Vulnerabilities in Attackers’ CrosshairsNew ‘Mistic’ RAT Opens Door to Several Ransomware FamiliesExploitable CI\u002FCD Vulnerabilities Expose Millions of Repositories to HijackingBeyondTrust, LastPass Impacted by Klue-Salesforce Incident Latest News $3 Million Reportedly Stolen in Polymarket HackRussian APT Deploys ‘StockStay’ Backdoor Against Ukrainian TargetsFirst-Ever Exploitation of PTC Windchill Vulnerability Discovered in the WildNew Enterprise-Ready MCP Specification Brings New Security ChallengesPhilip Martin Joins Uber as Chief Information Security OfficerRunlayer Raises $30 Million in Series A FundingCal Water Says No OT Systems Breached in Iranian Handala CyberattackLantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MovePhilip Martin has joined Uber as Chief Information Security Officer.Fable Security has appointed Jacob Berry as Chief Information Security Officer.iCOUNTER has named Ali Waezzadah as Chief Information Security Officer.More People On The MoveExpert Insights When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told the Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Flinux-foundation-unveils-new-open-source-security-project-akrites\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F02\u002Fopen-source.jpeg","2026-06-26T11:28:20+00:00","2026-06-26T12:00:07.562377+00:00",7,[18,21,24,26,28,30],{"name":19,"type":20},"Akrites","product",{"name":22,"type":23},"Linux Foundation","vendor",{"name":25,"type":20},"Athena",{"name":27,"type":23},"Chainguard",{"name":29,"type":23},"Anthropic",{"name":31,"type":23},"AWS","ade75414-7914-4e23-a450-48b64546ee70",{"id":32,"icon":34,"name":35,"slug":36},null,"Open Source","open-source",[38,43,48],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":49},{"id":50,"icon":34,"name":51,"slug":52},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]