Coordinated vulnerability disclosure (CVD) for open-source AI

A structured process in which security researchers who discover vulnerabilities in open-source AI software privately notify the project maintainers before going public, giving them time to release a fix before attackers can exploit the flaw. The Linux Foundation's Akrites initiative is the first industry-scale CVD framework specifically designed for the accelerated threat tempo created by AI-assisted attack tools.

AI-powered attack tools are compressing the time between a vulnerability being discovered and being exploited, often to hours; CVD frameworks that match this tempo are now critical to preventing widespread harm before patches are deployed. Organisations using open-source AI components should verify those components are covered by an active CVD programme.