The Linux Foundation has launched Akrites, a new initiative with 19 founding members including Amazon, Google, Microsoft, OpenAI, and major banks. The goal is to coordinate the rapid patching of critical open-source software before AI-powered attackers can exploit newly discovered flaws.
The move addresses a critical speed gap. Advanced AI models can now scan major open-source projects and identify multiple confirmed vulnerabilities in minutes, a task that previously took human researchers weeks. Anthropic Deputy CISO Jason Clinton stated the old coordinated disclosure model "has been outpaced by how quickly AI can now find vulnerabilities."
According to Endor Labs CEO Varun Badhwar, of the thousands of AI-surfaced vulnerabilities in recent months, fewer than 5% have been patched. Akrites aims to fix this by creating a single, confidential Security Incident Response Team to manage reports and coordinate fixes directly with maintainers.
JPMorganChase CISO Pat Opet emphasized the core challenge: adversaries can now reverse-engineer a published patch and build an exploit in near real time. Success for Akrites means "patch deployment, not patch publication."
The initiative launches alongside OpenAI's separate "Patch the Planet" effort, which focuses on AI-assisted discovery. Akrites will build the industry-wide coordination layer. Alpha-Omega, a Linux Foundation fund, is providing seed funding.