What happened
On June 25, 2026, the Linux Foundation launched Akrites — a shared Security Incident Response Team (SIRT) and Coordinated Vulnerability Disclosure (CVD) process for critical open-source software, backed by AWS, Anthropic, Cisco, Google, IBM, JPMorganChase, Microsoft/GitHub, NVIDIA, OpenAI, Red Hat, Zscaler and 10+ others. The initiative directly responds to AI tools accelerating exploit discovery faster than maintainers can patch.
Why it matters
Provides the first industry-scale coordinated IR and CVD structure specifically designed for the AI-accelerated threat tempo, closing the gap between AI-assisted bug discovery and responsible disclosure/patching for infrastructure-critical OSS.
Applicability
All enterprises depending on open-source infrastructure (finance, healthcare, telco, government) should align vulnerability management processes with Akrites disclosures; OSS maintainers can register projects immediately.