SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Ai security shield open source code blocks guarding neural brain
#
Hyperscale
#
Cloud Security
#
Supply Chain

Linux Foundation secures USD $12.5m for AI security

Wed, 18th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

The Linux Foundation has secured USD $12.5 million in grant funding from Anthropic, Amazon Web Services, GitHub, Google, Google DeepMind, Microsoft and OpenAI to support open source software security work.

Alpha-Omega and the Open Source Security Foundation (OpenSSF) will manage the funding. Both are security initiatives within the Linux Foundation.

The announcement comes amid growing concern across the software industry about the number of vulnerabilities found in widely used open source components. It also highlights the strain on volunteer maintainers and small teams responsible for disclosures, prioritisation and patch development.

AI-driven volume

The Linux Foundation tied the new funding to changes in vulnerability discovery, noting that advances in AI have increased the speed and scale at which issues are found in open source codebases.

Maintainers are receiving more security reports, including findings generated by automated systems. Many projects lack the staffing and processes to review large volumes of submissions and separate genuine issues from false positives. This can delay remediation of critical flaws and contribute to maintainer burnout.

Michael Winser, co-founder of Alpha-Omega, described the programme as a continuation of earlier work. Alpha-Omega has funded security audits and placed security experts into open source projects.

"Alpha-Omega was built on the idea that open source security should be both normal and achievable. By funding audits and embedding security experts directly into the ecosystem, we've proven that targeted investment works," Winser said. "Now, we're scaling that expertise. We are excited to bring maintainer-centric AI security assistance to the hundreds of thousands of projects that power our world."

Maintainer pressure

Greg Kroah-Hartman of the Linux kernel project said funding alone would not address the workload created by automated tooling.

"Grant funding alone is not going to help solve the problem that AI tools are causing today on open source security teams," Kroah-Hartman said. "OpenSSF has the active resources needed to support numerous projects that will help these overworked maintainers with the triage and processing of the increased AI-generated security reports they are currently receiving."

OpenSSF General Manager Steve Fernandez said the work would extend beyond incident response and patching, arguing that maintainers also need standards and tools that reduce risk earlier in the software lifecycle.

"Our commitment remains focused: to sustainably secure the entire lifecycle of open source software," Fernandez said. "By directly empowering the maintainers, we have an extraordinary opportunity to ensure that those at the front lines of software security have the tools and standards to take preventative measures to stay ahead of issues and build a more resilient ecosystem for everyone."

Backers' view

The funders include major cloud platforms, developer tooling providers and AI labs. Several framed the grants as a response to software supply-chain risks.

Anthropic Chief Information Security Officer Vitaly Gudanets said the open source ecosystem underpins most software systems.

"The open source ecosystem underpins nearly every software system in the world, and its security can't be taken for granted. This investment reflects our belief that the best way to improve security outcomes is to work directly with maintainers and give them the resources and tooling to address threats at scale. Ensuring the world safely navigates the transition to transformative AI means investing in the foundations it runs on," Gudanets said.

AWS Director of Security Mark Ryland pointed to prior work with open source communities and package registries.

"Over the past four years, our work with Alpha-Omega has proven it can deliver real results for the open source ecosystem at scale-from helping the Rust Foundation deploy Trusted Publishing to enabling critical vulnerability fixes across Node.js and PyPI. We are excited to increase our investment in Alpha-Omega and to work with our collaborators and directly with maintainers to provide not just funding, but the right tools and expertise that projects actually need to handle AI-generated security reports at scale," Ryland said.

AWS also disclosed an additional USD $2.5 million investment in Alpha-Omega. Stormy Peters, head of open source strategy and marketing at AWS, said new security challenges have emerged as AI changes vulnerability discovery.

"Building on our initial commitment alongside Google and Microsoft four years ago, we're now confronting new security challenges as AI transforms vulnerability discovery. That's why AWS is investing an additional $2.5 million in Alpha-Omega. We believe the same advanced models creating these challenges can also solve them through better tooling and automation, but only through collaboration between industry leaders and the open source security community," Peters said.

GitHub Chief Operating Officer Kyle Daigle linked the initiative to the software supply chain, and cited training and AI-powered tools.

"As the home for open source, GitHub knows that code is only as strong as the community behind it. Supporting the Linux Foundation's Alpha-Omega initiative extends our longstanding commitment to securing the global software supply chain. Through funding, training, and AI-powered tools, we're empowering maintainers to identify risks faster and prevent burnout," Daigle said.

Microsoft Azure CTO Mark Russinovich said the collaboration responds to AI accelerating both development and vulnerability discovery.

"Open source software is a critical part of the modern technology landscape. As AI accelerates both software development and the discovery of vulnerabilities, the industry must step up to protect this shared infrastructure. This collaboration represents an important step in democratizing AI-powered defenses, and we're proud to support Alpha-Omega and the OpenSSF in delivering scalable, maintainer-first solutions that secure the code powering our digital society," Russinovich said.

Alpha-Omega has issued more than 70 grants totalling over USD $20 million across open source ecosystems, package registries and individual projects, the backers said. The new funding will support work with maintainers and their communities, with an emphasis on triage and remediation workflows as AI-generated reporting increases.

Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding