Linux Foundation and 20 tech giants launch Akrites to fix open-source flaws before AI-powered attacks hit

About twenty tech companies, AI labs, and banks are joining forces through Akrites to fix vulnerabilities in critical open-source software before AI tools can exploit them.

The Linux Foundation has announced Akrites, a coordinated industry initiative to patch security flaws in widely used open-source software alongside maintainers before attackers can take advantage. Founding members include Amazon Web Services, Anthropic, Cisco, Citi, Google, IBM, JPMorganChase, Microsoft, NVIDIA, OpenAI, Red Hat, the Rust Foundation, Vodafone, and Zscaler.

The reason is a shift in the balance of power: finding and fixing serious bugs in open-source code used to require comparable expertise on both sides. Modern AI models can now scan a large project in minutes instead of weeks, exposing flaws far faster. Once those abilities are widely available, even attackers without deep technical skills get the tools for sophisticated exploits.

The Linux Foundation describes the current security response model as patchwork. Many organizations scan the same packages independently, report the same findings multiple times, and sometimes deliver conflicting patches. Maintainers get buried under duplicates while real, exploitable bugs get lost in AI-generated noise. Endor Labs CEO Varun Badhwar put the urgency in sharp terms: of thousands of validated open-source vulnerabilities from recent months, fewer than five percent have been patched.