Cybersecurity News Kinetic Potential

Linux Foundation Unveils New Open Source Security Project Akrites

Fri, 06/26/2026 - 09:24 / 0 Comments

The Linux Foundation on Thursday announced a new industry effort aimed at efficiently addressing vulnerabilities in the open source software (OSS) ecosystem.

Named Akrites, it establishes a shared Security Incident Response Team (SIRT) for coordinated discovery, patching, and public disclosure of OSS security defects.

If it sounds familiar, it should. Less than two weeks ago, Chainguard announced Athena, a coalition of over two dozen fintech and technology organizations aimed at addressing OSS bugs before public disclosure.

At the time, Chainguard said it would work with the Linux Foundation on a coordinated SIRT, noting that the increased use of AI in cyberattacks is essentially closing the window between public disclosure and patching.

While the Linux Foundation’s new announcement makes no mention of Athena, Akrites walks the same path: it offers the tools and channels to report, validate, and address OSS vulnerabilities before their coordinated public disclosure.

Akrites is supported by Anthropic, AWS, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler, many of which were mentioned as members of Athena.

Seed funding to support Akrites comes from the Linux Foundation’s directed fund Alpha-Omega, with other organizations providing engineering resources and additional funding.

In addition to establishing a confidential, trusted partner for vulnerability disclosure, eliminating hundreds of uncoordinated independent reports, Akrites will also work with critical infrastructure to help deploy fixes before in-the-wild exploitation.

“When patches are released to the public, adversaries are able to utilize AI to rapidly reverse engineer the underlying vulnerabilities, develop exploits, and launch attacks. The success of our efforts, therefore, will be measured in patch deployment, not publication,” the Linux Foundation said.

Akrites was created with a focus on confidentiality, to prevent vulnerability weaponization before patches are delivered, and to act as the maintainer of last resort, ensuring that fixes can still be delivered for packages that are no longer maintained.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
8 + 8 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts