It's going to be a "messy" summer for security folks, especially when it comes to fixing the open source code that underpins their organizations.
That's according to Dan Lorenc, CEO and co-founder of Chainguard, a software supply-chain security company leading Athena, a newly formed coalition of about two dozen companies that wants to make the process of finding and fixing open source bugs "as easy to consume as possible."
The members have committed to using AI to prevent attacks on open source software. In addition to Chainguard, other founding member companies include BNY, Cisco, Cloudflare, Corridor, DepthFirst, Docker, JPMorganChase, Kyndryl, LTM, and PwC.
Many of these member companies are also partners with Anthropic's Project Glasswing and OpenAI Daybreak, which allow them to try out the pair's most advanced bug-hunting models. The coalition accepts vulnerability findings generated by all frontier models, according to Lorenc.
Athena has already processed more than 20,000 findings and developed over 2,000 patches across 500 open source projects.
In about three weeks, the coalition's first wave of bug disclosures will begin.
"This is going to be a messy summer for everyone," Lorenc told The Register in a phone interview.
"I know there's still a percentage of people who think it's all fake and marketing," he said, talking about the newest, most advanced frontier models like Anthropic's Mythos and OpenAI's GPT‑5.5‑Cyber.
"The stats and data we're seeing are so scary – if you just keep running scans on the same libraries and same code, it just keeps finding more [vulnerabilities]," Lorenc said. "We haven't seen that curve start to bottom out yet."
Chainguard isn't part of Glasswing or Daybreak, but many of its customers and partners are.
"Put yourself in the shoes of someone with Glasswing access," he said. "You get this crazy, new model that can find vulnerabilities everywhere, that no one had seen and you had missed for years with all of your other tooling. You run it on your code, and it finds tons of stuff in your first-party code, the stuff that you've written, and you fix all of that."
After running Mythos Preview on all of your organization's proprietary code, imagine pointing the model at an application. Most modern apps contain a mixture of code from different sources, mostly third-party. According to Lorenc, 95 percent of the code in any of these codebases is open source.
"When you run [advanced models] at the application level, you find a ton of vulnerabilities in open source code that you can't fix for yourself the same way you can that first-party code," Lorenc said. "So then you're left with: what to do?"
By now, most people are familiar with vulnerability disclosure processes and know they need to report these flaws to open source project maintainers.
"But when the numbers start getting this large, and you're finding thousands of these [bugs] at a time, and they're across tons of projects you didn't even know you were using before you ran this tool, and you don't even know how to contact the people, you kind of get stuck," he said.
The only guarantee in the entire disclosure process is that attackers are moving quickly and the time to exploit – that's the time between a CVE's public disclosure and first confirmed in-the-wild exploitation – has essentially collapsed.
A clearinghouse for bug reports
This may mean that your application is vulnerable to attack even before someone develops a patch. "Then you're putting yourself at risk – and you were already at risk before you ran these scans, but no one else knew about it," Lorenc said. "In an unintended way, [AI] has created this pickle for everyone."
In May, Anthropic said it used Mythos Preview to scan more than 1,000 open-source projects, which also underpin much of its own infrastructure, and found an estimated 6,202 high or critical-severity vulnerabilities in these projects.
"It's a super awkward, strange world and timeline we are all living in," Lorenc said. "There's a ton of pressure because all of the frontier models are getting better, and the open models are getting better, and they're going to be able to start discovering these at the same time, too. So, that's what we're trying to help with: to be that clearinghouse for critical industry."
Athena coalition members submit vulnerabilities they find in open source code using any frontier model. Sometimes they find these bugs while scanning their own apps. In other cases they discover them after pointing Mythos or GPT‑5.5‑Cyber at a commonly used library, Lorenc said.
The companies submit a full report to Chainguard, which acts as a clearinghouse, deduplicating, correlating, and addressing findings from members in batches across entire libraries, hardening them against classes of vulnerabilities instead of just one bug.
Affected projects are rebuilt as private, hardened versions available to Athena members through Chainguard Libraries before vulnerabilities are publicly disclosed – and hopefully addressed upstream – a month later. For maintainers that can't make a permanent fix, Athena acts as a "maintainer of last resort," according to Lorenc.
On Thursday, the Linux Foundation joined the effort and announced Akrites, an industry coalition to defend open source software against AI-enabled threats, by finding and fixing vulnerabilities. Akrites establishes a shared Security Incident Response Team (SIRT) and a standardized Coordinated Vulnerability Disclosure (CVD) process.
Founding companies include Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, Nvidia, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler.
"As AI finds more vulnerabilities, the industry will rush to patch them. Without coordination, those fixes will fragment across different patches and forks, and maintainers who are already overwhelmed, unreachable, or haven't touched a project in years," Lorenc said, adding that Akrites provides a coordinated way to fix flaws upstream before criminals exploit them.
Plus having a dedicated SIRT gives maintainers a single partner - and disclosure -to work with on remediation instead of a hundred uncoordinated reports.
"Now the work is making sure there's always someone on the other end to catch them," Lorenc said. ®