SAN FRANCISCO — The Linux Foundation said Tuesday that major technology and AI companies are backing a $12.5 million effort to improve the security of open-source software, as developers face growing pressure from automated vulnerability discovery and software supply chain threats.
The funding, provided by Anthropic, Amazon Web Services, GitHub, Google, Google DeepMind, Microsoft, and OpenAI, targets the growing complexity of the digital supply chain. The Open Source Security Foundation (OpenSSF) and the Alpha-Omega initiative will manage the capital to develop sustainable security tools for maintainers.
“Our commitment remains focused: to sustainably secure the entire lifecycle of open source software,” said Steve Fernandez, general manager of OpenSSF.
The announcement reflects a broader shift in cybersecurity, with open-source software now viewed as a frontline risk rather than a background infrastructure issue. Because so much enterprise and security software depends on shared libraries and components, even a flaw in a small upstream project can create downstream exposure across industries. The investment also signals a push to use AI not only as a source of new risk, but as part of the defensive response.
