The Linux Foundation announced $12.5 million in grant funding from a coalition of major technology companies to strengthen the security of the open source software ecosystem, as artificial intelligence accelerates both software development and vulnerability discovery.
The funding comes from Anthropic, Amazon Web Services, GitHub, Google, Google DeepMind, Microsoft, and OpenAI, and will be managed through the Linux Foundation’s Alpha-Omega initiative and the Open Source Security Foundation. The goal is to build long-term, sustainable security solutions that directly support open source maintainers and communities.
The announcement highlights a growing challenge in the open source ecosystem. Advances in AI are increasing the speed and scale at which vulnerabilities are discovered, resulting in a surge of automated security reports. Maintainers, many of whom are volunteers, are struggling to keep up with triaging and resolving these issues.
The funding will be used to expand programs that embed security expertise into projects, improve tooling, and make AI-driven security capabilities more accessible and practical for maintainers. The initiative aims to integrate these capabilities into existing workflows, helping projects manage rising security demands while improving overall resilience.
Alpha-Omega, which has already distributed more than $20 million across over 70 grants, will play a central role in deploying the funding. The OpenSSF will support coordination across industry stakeholders and open source communities to ensure that security improvements scale effectively.
The collaboration reflects a broader industry push to address systemic risks in the global software supply chain. Open source software underpins much of modern infrastructure, and ensuring its security is increasingly seen as a shared responsibility among major technology providers.
Companies involved in the funding emphasized that financial support alone is not enough. The initiative also focuses on delivering practical tools, training, and AI-powered solutions that can help maintainers handle the growing volume of security findings without burnout.
The effort is positioned as a long-term investment in the foundations of the digital ecosystem, with a particular emphasis on empowering maintainers who operate at the front lines of open source security.
KEY QUOTES
“Alpha-Omega was built on the idea that open source security should be both normal and achievable. By funding audits and embedding security experts directly into the ecosystem, we’ve proven that targeted investment works. Now, we’re scaling that expertise. We are excited to bring maintainer-centric AI security assistance to the hundreds of thousands of projects that power our world.”
Michael Winser, Co-Founder, Alpha-Omega
“Grant funding alone is not going to help solve the problem that AI tools are causing today on open source security teams. OpenSSF has the active resources needed to support numerous projects that will help these overworked maintainers with the triage and processing of the increased AI-generated security reports they are currently receiving.”
Greg Kroah-Hartman, Linux Kernel Project Maintainer
“Our commitment remains focused: to sustainably secure the entire lifecycle of open source software. By directly empowering the maintainers, we have an extraordinary opportunity to ensure that those at the front lines of software security have the tools and standards to take preventative measures to stay ahead of issues and build a more resilient ecosystem for everyone.”
Steve Fernandez, General Manager, OpenSSF
“The open source ecosystem underpins nearly every software system in the world, and its security can’t be taken for granted. This investment reflects our belief that the best way to improve security outcomes is to work directly with maintainers and give them the resources and tooling to address threats at scale. Ensuring the world safely navigates the transition to transformative AI means investing in the foundations it runs on.”
Vitaly Gudanets, Chief Information Security Officer, Anthropic
“Over the past four years, our work with Alpha-Omega has proven it can deliver real results for the open source ecosystem at scale, from helping the Rust Foundation deploy Trusted Publishing to enabling critical vulnerability fixes across Node.js and PyPI. We are excited to increase our investment in Alpha-Omega and to work with our collaborators and directly with maintainers to provide not just funding, but the right tools and expertise that projects actually need to handle AI-generated security reports at scale. Building on our initial commitment alongside Google and Microsoft four years ago, we’re now confronting new security challenges as AI transforms vulnerability discovery. That’s why AWS is investing an additional $2.5 million in Alpha-Omega. We believe the same advanced models creating these challenges can also solve them through better tooling and automation, but only through collaboration between industry leaders and the open source security community.”
Stormy Peters, Head of Open Source Strategy and Marketing, Amazon Web Services; Mark Ryland, Director, AWS Security
“As the home for open source, GitHub knows that code is only as strong as the community behind it. Supporting the Linux Foundation’s Alpha-Omega initiative extends our longstanding commitment to securing the global software supply chain. Through funding, training, and AI-powered tools, we’re empowering maintainers to identify risks faster and prevent burnout.”
Kyle Daigle, Chief Operating Officer, GitHub
“Securing the open source ecosystem is a shared responsibility that requires more than just capital, it also requires giving maintainers the right tools to stay ahead of evolving threats. By combining AI-driven innovation with the proven frameworks of Alpha-Omega and OpenSSF, we are empowering the community to not just react to threats, but build systemic resilience.”
Evan Kotsovinos, Vice President of Privacy, Safety and Security, Google
“Securing open source is a shared responsibility, and we have to move as fast as the technology does. We’re focused on turning AI’s ability to find and patch vulnerabilities into a massive defensive advantage. Supporting Alpha-Omega and OpenSSF is an important step for us, right alongside our work on OSS-Fuzz, Big Sleep and CodeMender. We’re going to keep building on this to put these capabilities into the hands of maintainers, leveraging AI to help scale society’s collective resistance to cyber attacks.”
Four Flynn, Vice President of Security and Privacy, Google DeepMind
“Open source software is a critical part of the modern technology landscape. As AI accelerates both software development and the discovery of vulnerabilities, the industry must step up to protect this shared infrastructure. This collaboration represents an important step in democratizing AI-powered defenses, and we’re proud to support Alpha-Omega and the OpenSSF in delivering scalable, maintainer-first solutions that secure the code powering our digital society.”
Mark Russinovich, Chief Technology Officer, Deputy Chief Information Security Officer and Technical Fellow, Microsoft Azure
“This is a critical moment for global cybersecurity that requires unprecedented levels of collaboration across the industry, and sustained commitment. For artificial intelligence to benefit us all, we need to listen closely to maintainers and strengthen the open source foundations we all depend on. Maintainers make an extraordinary contribution, and this program is an important step in providing them the support they need.”
Dane Stuckey, Chief Information Security Officer, OpenAI
