Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them

Follow ZDNET: Add us as a preferred source on Google.

As everyone in IT knows, or should know anyway, AI has opened up a new front in attacking open-source code security. Hacking used to require real skill. Now, anyone with a sufficiently advanced AI model can pry open programs and infect them with AI-custom-made malware. The software company Chainguard, which specializes in zero-CVE container images and security-hardened open-source code, is joining with others to beat the attackers to the punch with Athena.

As Chainguard puts it, "The gap between a vulnerability being discovered and being exploited has collapsed from years to hours, and a growing share of exploits are weaponized before the bug is ever publicly disclosed. Coordinated disclosure was built for a world in which finding a serious flaw took weeks, and the targets were few. That world is gone." Chainguard is right. It is.

Also: Treat your AI agents like eager but misguided human interns - before you lose control

Something had to be done. As the company's CEO and co-founder, Dan Lorenc, wrote on LinkedIn, we had a "choice between letting open-source security fragment into a dozen rival patch sets nobody can reconcile, or doing the hard, coordinated thing instead. I said it would only work if we built it together, and admitted I had no idea if we actually would. Here's the update: the industry showed up. It's called Athena, and it's live."