Akrites launched to coordinate industry response to AI-driven open source software vulnerabilities

Akrites, a new coordinated industry effort to remediate critical vulnerabilities in open source software exposed by AI, was publicly launched June 25 by the Linux Foundation and founding members including Amazon Web Services, Google, Microsoft, and OpenAI ^{[1, 2]}.

AI has drastically accelerated the discovery of serious flaws in open source projects, cutting detection times from weeks to minutes. Varun Badhwar, CEO of Endor Labs and an Akrites founding member, said, "AI tools have already surfaced thousands of vulnerabilities, accelerating the need for coordinated defense" ^{[3, 2]}.

The initiative aims to create shared tools, a Security Incident Response Team (SIRT), and a standardized Coordinated Vulnerability Disclosure (CVD) process that prioritizes confidentiality to reduce risk of leaks before patches are issued ^{[1, 4]}. Akrites will also act as maintainer of last resort for critical open source projects without active maintainers to ensure timely fixes reach users ^{[1, 4]}.

Multiple independent scans often overwhelm open source maintainers and increase the chance of premature exposure of exploits. Akrites seeks to unify private sector defenders with government efforts to respond faster to vulnerabilities that AI can expose and attackers can quickly exploit by reverse engineering patches ^{[1, 4, 2]}.

The effort includes about 20 founding members from technology, telecom, and financial sectors including Cisco, Red Hat, NVIDIA, Vodafone, Citi, and JPMorganChase ^{[3, 1, 2]}. The Linux Foundation will serve as the central coordinating body ^{[1, 2]}.

The launch follows recent moves in AI-assisted cybersecurity. In April, Anthropic released its Claude Mythos model to trusted partners. Early June saw Anthropic launch Fable 5 and Mythos 5 models with built-in guardrails before the US government suspended their availability after misuse was found to aid cyberattacks ^[2].

Akrites will begin rolling out shared tooling and coordination mechanisms soon, aiming to close the gap between AI-accelerated discovery of vulnerabilities and deployment of patches.