When the Whole Industry Builds the Same Fire Department: Inside Akrites

In March, we wrote about Anthropic's Claude Mythos leak and the warning that frontier AI models could find and exploit software vulnerabilities faster than defenders could patch them. In May, we covered the UK AI Security Institute confirming that both Claude Mythos and OpenAI's GPT-5.5 had crossed the threshold of autonomous offensive cyber capability. The thesis in both pieces was that AI was compressing the time between vulnerability discovery and exploitation toward zero, and that defenders needed AI-native tooling just to keep pace.

On June 25, the industry responded with institutional infrastructure. The Linux Foundation launched Akrites, a coordinated effort backed by 19 founding organizations, including every major AI lab and several of the largest banks in the world, to find, fix, and responsibly disclose vulnerabilities in critical open-source software before AI-powered attackers can exploit them.

This is a significant development, and not just for the open-source community. It is a real-world test of whether the institutions building the most powerful offensive AI capabilities can coordinate fast enough to defend the software those same capabilities threaten.

The Problem Akrites Solves

The core issue is a timeline collapse. For decades, open-source security rested on a rough balance. Attackers, researchers, vendors, and maintainers all operated under similar constraints of limited time and expertise. A serious flaw in a widely used library might sit undiscovered for years, but once surfaced, the challenge was to verify it, patch it, disclose it responsibly, and get downstream users to update before it was weaponized.

AI broke that balance. Frontier models can now scan a major open-source project and return multiple confirmed vulnerabilities in minutes, work that previously took a skilled researcher weeks. As Decrypt reported, Claude Opus 4.8 uncovered a critical flaw in Zcash's Orchard privacy pool within a day, exposing a bug that had survived four years of expert cryptographer review.

The defensive side has not kept up. Endor Labs CEO Varun Badhwar noted that of the thousands of validated open-source vulnerabilities AI has surfaced in recent months, fewer than 5% have been patched. Linux Foundation CEO Jim Zemlin put the danger even more starkly at the UN Open Source Week conference, stating that the mean time to exploit a vulnerability is now "negative seven days." In other words, by the time a flaw is discovered, attackers have often already had a week to exploit it.

That is the coordination gap Akrites is built to close.

How It Works

The old model was fragmented by design. Multiple organizations would independently scan the same libraries, then move through long bureaucratic disclosure processes, often shipping conflicting patches or burying volunteer maintainers under duplicate reports. The open letter signed by all 19 founding members described this as burying maintainers "under noise."

Akrites replaces that with a single, confidential Security Incident Response Team and one standardized Coordinated Vulnerability Disclosure process. The design principles are specific and worth noting.

Maintainers get one predictable partner rather than a flood of uncoordinated reports. Fixes flow back into each project's original repository, on the maintainers' terms, using industry-standard vulnerability tracking. Confidentiality is central, because the founding letter called an undisclosed flaw in a widely deployed package "a weapon." And critically, when a widely used package has no active maintainer, Akrites commits to stepping in as "maintainer of last resort," a genuinely ambitious promise given how many aging, unmaintained projects still quietly power production systems worldwide.

The Coalition Is the Story

The most striking feature of Akrites is who signed on. The 19 founding organizations include Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, the Rust Foundation, Sonatype, Vodafone, and Zscaler.

Look at the composition. Every major AI lab is there: Anthropic, OpenAI, Google, Microsoft. The largest cloud providers are there. Two of the biggest banks in the world, JPMorganChase and Citi, are there. Leading security vendors and the foundations that steward critical languages and packages are there.

There is a notable irony in this lineup, and the participants acknowledge it. The same AI labs whose models are accelerating vulnerability discovery are now funding the institution designed to defend against that acceleration. Anthropic's Deputy CISO Jason Clinton stated plainly that the existing model for coordinated disclosure "has been outpaced by how quickly AI can now find vulnerabilities," and that getting fixes upstream before exploitation now requires industry-wide coordination. The companies building the offensive capability are openly conceding they need to build the defensive coordination layer alongside it.

The presence of JPMorgan and Citi is its own signal. These are not open-source charity participants. They are among the most heavily targeted institutions in the world, and they run enormous amounts of open-source software in their critical systems. Their involvement reflects a hard commercial reality: the security of the open-source commons is now directly material to the stability of the global financial system.

Patch Deployment, Not Patch Publication

One of the sharpest insights came from JPMorganChase CISO Pat Opet, and it reframes what success actually means. AI, Opet noted, has compressed the time between vulnerability discovery and exploitation to near real time. Adversaries can now reverse-engineer a published patch and build a working exploit before many downstream systems have even deployed the fix.

That inverts a long-standing assumption. Publishing a patch used to be the finish line. In an AI-accelerated environment, publishing a patch can be the starting gun for attackers, because the patch itself reveals the vulnerability. Opet's framing of success is therefore precise: "patch deployment, not patch publication."

This is a meaningful shift for how enterprises should think about their own security posture. The window between a fix being available and a fix being installed is now an active attack surface. Organizations that patch slowly are not just behind, they are exposed precisely because the patch exists and signals the flaw.

A Crowded but Coordinating Field

Akrites is not the only response to this problem, and that is worth flagging honestly. OpenAI launched its own parallel effort, Patch the Planet, three days before Akrites, running a first sprint using GPT-5.5-Cyber and Trail of Bits engineers across 19 open-source projects and merging dozens of patches. Chainguard has its Athena coalition. IBM and Red Hat run Project Lightwell. As the Linux Foundation's own SVP of Legal acknowledged, the space is crowded and the track record of such initiatives is mixed.

The encouraging signal is that the efforts are coordinating rather than competing. OpenAI, despite running Patch the Planet, is a founding member of Akrites, and its cyber lead framed the two as complementary: Patch the Planet focuses on AI-assisted discovery and patch delivery with expert review, while Akrites builds the coordination layer that routes validated findings upstream across the entire industry. Many of the companies with their own initiatives are also backing Akrites.

What This Means for Markets

Three observations matter for institutional allocators tracking the AI and cybersecurity convergence.

First, this validates the cybersecurity spending and restructuring thesis we have tracked all year. When the Claude Mythos and GPT-5.5 capabilities emerged, we argued the cybersecurity spending cycle would not just accelerate but restructure around AI-native defense. Akrites is institutional confirmation. The largest technology and financial firms are now committing engineering talent and capital to a shared defensive layer because the old model is provably broken. The companies building AI-native security tooling, vulnerability management, and patch-deployment automation sit in the path of that spending.

Second, the open-source security layer is now recognized as systemic infrastructure. The involvement of JPMorgan and Citi reframes open-source maintenance from a developer-community concern into a financial-stability concern. This elevates the strategic importance of software supply chain security vendors, SBOM and dependency-tracking tools, and the broader category of companies that secure the commons everyone builds on.

Third, the dual-use tension is becoming an operational reality, not just a talking point. The same labs producing offensive capability are funding the defensive coordination. For investors, this reinforces that the AI safety and governance layer is not a soft, reputational concern. It is becoming hard infrastructure with real budgets, real institutional commitments, and real competitive implications for which labs and vendors are trusted to operate at the center of critical systems.

Akrites will succeed or fail on whether it can stay "boringly effective" when the next severe vulnerability lands, and on whether independent maintainers actually trust a corporate-backed coalition with their projects. Those are open questions. But the launch itself is the clearest institutional acknowledgment yet of a thesis we have been building for months: AI has fundamentally changed the economics of cyber offense and defense, and the institutions that build the coordination layer for defense will be as important as the ones that build the models.

The fire department is being built by the same people who handed everyone matches. Whether that is unsettling or reassuring, it is unquestionably necessary.