In a Linux Foundation announcement, the group said Anthropic, AWS, GitHub, Google, Microsoft and OpenAI together provided $12.5 million in grants for a project to help open source maintainers cope with a rise in AI-generated bug and security reports.
KEY FACTS
- Funding $12.5 million in grants
- Donors Anthropic, AWS, GitHub, Google, Microsoft and OpenAI
- Organisers Alpha-Omega project alongside the Open Source Security Foundation
- Purpose help maintainers triage and remediate AI-generated security findings
Alpha-Omega, a foundation project focused on open source supply chain security, will run the new effort with the Open Source Security Foundation.
The announcement included a quote from Greg Kroah-Hartman that began “Grant funding alone is not going to help solve the problem that AI tools are causing today on open source security teams” and continued that OpenSSF has resources needed to support projects that aid maintainers with triage and processing.
The initiative is intended to make emerging security capabilities accessible and aligned with existing project workflows, according to the announcement. No further technical details or a timeline were provided.
The problem predates this funding. The Python Software Foundation complained about AI-generated bug reports in late 2024. The maintainer of the cURL project ended its bug bounty programme after a flood of AI-generated contributions. One major code hosting platform has previously considered measures to limit low-quality AI contributions.
WHY IT MATTERS
The grants aim to reduce the workload on maintainers facing a surge of automated reports and to improve the resilience of the open source ecosystem. How effective the effort will be and when its tools or processes will appear are currently unknown.