AI finds thousands of hidden vulnerabilities, overwhelming security teams with unprecedented discoveries

It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns

It's going to be a "messy" summer for security folks, especially when it comes to fixing the open source code that underpins their organizations. That's according to Dan Lorenc, CEO and co-founder of Chainguard, a software supply-chain security company leading Athena, a newly formed coalition of about two dozen companies that wants to make the process of finding and fixing open source bugs "as easy to consume as possible." The members have committed to using AI to prevent attacks on open source software. In addition to Chainguard, other founding member companies include BNY, Cisco, Cloudflare, Corridor, DepthFirst, Docker, JPMorganChase, Kyndryl, LTM, and PwC. Many of these member companies are also partners with Anthropic's Project Glasswing and OpenAI Daybreak, which allow them to try out the pair's most advanced bug-hunting models. The coalition accepts vulnerability findings generated by all frontier models, according to Lorenc. Athena has already processed more than 20,000 findings and developed over 2,000 patches across 500 open source projects. In about three weeks, the coalition's first wave of bug disclosures will begin. "This is going to be a messy summer for everyone," Lorenc told The Register in a phone interview. "I know there's still a percentage of people who think it's all fake and marketing," he said, talking about the newest, most advanced frontier models like Anthropic's Mythos and OpenAI's GPT‑5.5‑Cyber. "The stats and data we're seeing are so scary - if you just keep running scans on the same libraries and same code, it just keeps finding more [vulnerabilities]," Lorenc said. "We haven't seen that curve start to bottom out yet." Chainguard isn't part of Glasswing or Daybreak, but many of its customers and partners are. "Put yourself in the shoes of someone with Glasswing access," he said. "You get this crazy, new model that can find vulnerabilities everywhere, that no one had seen and you had missed for years with all of your other tooling. You run it on your code, and it finds tons of stuff in your first-party code, the stuff that you've written, and you fix all of that." After running Mythos Preview on all of your organization's proprietary code, imagine pointing the model at an application. Most modern apps contain a mixture of code from different sources, mostly third-party. According to Lorenc, 95 percent of the code in any of these codebases is open source. "When you run [advanced models] at the application level, you find a ton of vulnerabilities in open source code that you can't fix for yourself the same way you can that first-party code," Lorenc said. "So then you're left with: what to do?" By now, most people are familiar with vulnerability disclosure processes and know they need to report these flaws to open source project maintainers. "But when the numbers start getting this large, and you're finding thousands of these [bugs] at a time, and they're across tons of projects you didn't even know you were using before you ran this tool, and you don't even know how to contact the people, you kind of get stuck," he said. The only guarantee in the entire disclosure process is that attackers are moving quickly and the time to exploit - that's the time between a CVE's public disclosure and first confirmed in-the-wild exploitation - has essentially collapsed. A clearinghouse for bug reports This may mean that your application is vulnerable to attack even before someone develops a patch. "Then you're putting yourself at risk - and you were already at risk before you ran these scans, but no one else knew about it," Lorenc said. "In an unintended way, [AI] has created this pickle for everyone." In May, Anthropic said it used Mythos Preview to scan more than 1,000 open-source projects, which also underpin much of its own infrastructure, and found an estimated 6,202 high or critical-severity vulnerabilities in these projects. "It's a super awkward, strange world and timeline we are all living in," Lorenc said. "There's a ton of pressure because all of the frontier models are getting better, and the open models are getting better, and they're going to be able to start discovering these at the same time, too. So, that's what we're trying to help with: to be that clearinghouse for critical industry." Athena coalition members submit vulnerabilities they find in open source code using any frontier model. Sometimes they find these bugs while scanning their own apps. In other cases they discover them after pointing Mythos or GPT‑5.5‑Cyber at a commonly used library, Lorenc said. The companies submit a full report to Chainguard, which acts as a clearinghouse, deduplicating, correlating, and addressing findings from members in batches across entire libraries, hardening them against classes of vulnerabilities instead of just one bug. Affected projects are rebuilt as private, hardened versions available to Athena members through Chainguard Libraries before vulnerabilities are publicly disclosed - and hopefully addressed upstream - a month later. For maintainers that can't make a permanent fix, Athena acts as a "maintainer of last resort," according to Lorenc. On Thursday, the Linux Foundation joined the effort and announced Akrites, an industry coalition to defend open source software against AI-enabled threats, by finding and fixing vulnerabilities. Akrites establishes a shared Security Incident Response Team (SIRT) and a standardized Coordinated Vulnerability Disclosure (CVD) process. Founding companies include Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, Nvidia, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler. "As AI finds more vulnerabilities, the industry will rush to patch them. Without coordination, those fixes will fragment across different patches and forks, and maintainers who are already overwhelmed, unreachable, or haven't touched a project in years," Lorenc said, adding that Akrites provides a coordinated way to fix flaws upstream before criminals exploit them. Plus having a dedicated SIRT gives maintainers a single partner - and disclosure -to work with on remediation instead of a hundred uncoordinated reports. "Now the work is making sure there's always someone on the other end to catch them," Lorenc said. ®

Linux Foundation, Tech Giants Launch Akrites to Defend Open Source Against AI-Powered Attacks

Fewer than 5% of the thousands of open-source vulnerabilities surfaced by AI in recent months have been patched, according to Endor Labs CEO Varun Badhwar. The Linux Foundation launched Akrites on Thursday alongside 19 founding organizations -- Amazon, Anthropic, Citi, Google, JPMorganChase, Microsoft, NVIDIA, OpenAI, and others -- to coordinate the patching of critical open-source software before AI-powered attackers can exploit it. The initiative addresses a timeline problem that AI has made urgent. Frontier models can now scan a major open-source project and return multiple confirmed vulnerabilities in minutes -- work that used to take a skilled security researcher weeks. As Decrypt has reported, Claude Opus 4.8 uncovered a critical flaw in Zcash's Orchard privacy pool within a day, exposing a bug that had survived four years of cryptographer review. If white hat hackers find those flaws, everything is ok. If malicious actors do, things can go really messy, really fast. Anthropic Deputy CISO Jason Clinton said in the letter that the existing model for coordinated disclosure "has been outpaced by how quickly AI can now find vulnerabilities" -- and that reaching a fix upstream requires coordinating on findings "before they're disclosed and exploited." The coordinated disclosure model that predated Akrites was not built for that speed. Multiple organizations would independently scan the same libraries and go through long bureaucratic processes before fixing bugs -- a process that an open letter signed by all 19 founding organizations called burying "the maintainers under noise." Endor Labs CEO Varun Badhwar went further: Of the thousands of validated open-source vulnerabilities AI has surfaced in recent months, "fewer than 5% have been patched." Akrites replaces that process with a single, confidential Security Incident Response Team -- one predictable partner for maintainers rather than a flood of uncoordinated reports. Fixes return to each project's original repository on maintainers' terms, using standards for vulnerability tracking. When a critical package has no active maintainer, Akrites commits to stepping in as maintainer of last resort. The program was built first to prevent leaks -- the open letter called an undisclosed flaw in a widely deployed package "a weapon." Rust Foundation CEO Rebecca Rumbul said the goodwill of open-source maintainers has for too long been taken for granted and this initiative will help them work in coordination. "Akrites promises meaningful coordination with upstream maintainers, financial, and full-time support to find, fix and disclose security vulnerabilities responsibly, and a genuine commitment from the most influential companies across tech and finance to solve this problem," she said. JPMorganChase CISO Pat Opet outlined what success actually requires for the effort. "AI has massively compressed the time between vulnerability discovery and exploitation to near real time," Opet said -- meaning adversaries can reverse-engineer a published patch and build a working exploit before many downstream systems have deployed the fix. Success, per Opet, is "patch deployment, not patch publication." OpenAI had launched its own parallel effort, Patch the Planet, three days before Akrites -- a first sprint using GPT-5.5-Cyber and Trail of Bits engineers across 19 open-source projects that merged dozens of patches. OpenAI Cyber Lead Clint Gibler called securing open source "a long-term commitment" for the company and said Akrites helps "strengthen coordination across the industry." Though similar, the two efforts differ in scope: Patch the Planet focuses on AI-assisted discovery and patch delivery with expert human review; Akrites builds the coordination layer that routes validated findings upstream across the industry. Alpha-Omega, a Linux Foundation directed fund, will provide seed funding for Akrites. The fund has issued over 70 grants totaling more than $20 million to open-source security projects since 2022. Other organizations can join by contributing engineering resources or funding at akrites.org.