← Back to news

We all depend on open source. We will defend it together

Original article
akrites.org|400 points|196 comments|by dhruv3006|Jun 26, 2026

We All Depend on Open Source. We Will Defend it Together

Akrites

An Open Letter Regarding the Launch of Akrites

For several decades, open source software (OSS) has stood as a monumental achievement in human collaboration. We have collectively built a digital foundation that the entire modern world now relies upon. Today, the critical infrastructure that keeps society functioning—including telecommunications, banking, and public utilities—is powered by these shared libraries.

The AI Paradigm Shift

Historically, there was a stable equilibrium between those defending software and those attacking it. However, the advent of Artificial Intelligence has shattered this balance.

In the past, identifying a critical flaw in a major project required an expert's intuition and weeks of manual labor. Now, a machine can achieve the same result in minutes. Often, a single AI pass yields multiple vulnerabilities.

We can express this shift in the "discovery equation" as: Discovery Time=Complexity of CodeAI Processing Power×Automation\text{Discovery Time} = \frac{\text{Complexity of Code}}{\text{AI Processing Power} \times \text{Automation}}

While AI can be used to harden code, in the hands of adversaries, it transforms vulnerability discovery into an automated pipeline. This acceleration has created a crisis: the speed of discovery is now far outstripping the capacity of human maintainers to issue patches.

Introducing Akrites: A Unified Defense

To combat this systemic risk, we are announcing Akrites. This represents the most significant coordinated effort in history to deploy tools and systems that harness community power to enhance global security.

Our Coalition

We are joined by a powerhouse of industry leaders committed to finding, fixing, and responsibly disclosing flaws in critical OSS:

  • Cloud & Infrastructure: Amazon Web Services, Google, Microsoft, GitHub
  • AI Leaders: OpenAI, Anthropic
  • Enterprise & Finance: Citi, JPMorganChase, IBM, Cisco
  • Telecom & Hardware: Ericsson, Vodafone, NVIDIA
  • Security & Specialized Tooling: Chainguard, Endor Labs, RapidFort, Sonatype, Zscaler
  • Open Source Stewardship: Red Hat, Rust Foundation

Why Coordination is Mandatory

Because so much of our global tech stack is built from the same components, we all share the same latent defects. Individual corporate firewalls are no longer sufficient; no single vendor can solve this in isolation.

The Old Approach (Fragmented)The Akrites Approach (Coordinated)
Patchwork of disconnected teamsA single, trusted coordination hub
Multiple reports for the same bugOne streamlined report to maintainers
Conflicting patches and noiseUnified, verified remediation
High risk of leaks before fixesStrict, non-negotiable confidentiality

Our Strategic Commitments

Akrites is a pledge to act upstream—working directly where the code lives and where maintainers operate. Our goal is to match or exceed the velocity of AI-assisted attackers.

Our core operational tenets include:

  1. Prioritizing Deployment over Publication: We recognize that once a patch is public, AI can be used to reverse-engineer the flaw and create exploits. Therefore, success is measured by how many systems are patched, not how many bugs are published.
  2. The Maintainer of Last Resort: In cases where a critical package is abandoned (no active maintainer), Akrites will step in to ensure fixes are still developed and distributed.
  3. Government Alignment: We will synchronize with public sector defenders to ensure a cohesive response across private and public boundaries.

Action Plan

  • Contribute high-level engineering talent.
  • Provide deep security expertise for vulnerability research.
  • Provide direct funding for the engineers performing the work.
  • Establish a shared Security Incident Response Team (SIRT).

A Final Word on Responsibility

We have spent years benefiting from the selfless work of open source maintainers. It is now our turn to return that value. The window to get ahead of this new risk profile is open, but it is closing quickly.

"Frontier AI models have given defenders the ability to find and fix vulnerabilities in open source software at a speed and scale that were never possible before. That’s an enormous opportunity for defenders, and Akrites ensures we seize it together. Maintainers deserve a coordinated partnership, not a flood of reports. AWS is committed to securing the projects our customers depend on and building this shared infrastructure alongside the community." — Matt Wilson, Vice President and Distinguished Engineer, AWS

By acting as partners, we can secure the world's technology systems for generations to come.

Signed, June 25, 2026 The Undersigned Participants of Akrites