Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Chainguard and friends will use AI to protect open-source code from attackers.
- Athena uses the resources of open-source users, developers, and maintainers.
- Chainguard isn’t the only one seeking to secure open-source code with AI.
As everyone in IT knows, or should know anyway, AI has opened up a new front in attacking open-source code security. Hacking used to require real skill. Now, anyone with a sufficiently advanced AI model can pry open programs and infect them with AI-custom-made malware. The software company Chainguard, which specializes in zero-CVE container images and security-hardened open-source code, is joining with others to beat the attackers to the punch with Athena.
As Chainguard puts it, “The gap between a vulnerability being discovered and being exploited has collapsed from years to hours, and a growing share of exploits are weaponized before the bug is ever publicly disclosed. Coordinated disclosure was built for a world in which finding a serious flaw took weeks, and the targets were few. That world is gone.” Chainguard is right. It is.
Also: Treat your AI agents like eager but misguided human interns – before you lose control
Something had to be done. As the company’s CEO and co-founder, Dan Lorenc, wrote on LinkedIn, we had a “choice between letting open-source security fragment into a dozen rival patch sets nobody can reconcile, or doing the hard, coordinated thing instead. I said it would only work if we built it together, and admitted I had no idea if we actually would. Here’s the update: the industry showed up. It’s called Athena, and it’s live.”
Anthony Grieco, Cisco’s SVP, chief security and trust officer, agrees. “For decades, Cisco has helped secure the open-source ecosystem. That work now faces new urgency; frontier AI has accelerated the vulnerability discovery cycle beyond what traditional coordinated disclosure was built to handle. Chainguard’s Athena Coalition represents an important evolution, the coordination of open-source vulnerability intelligence and defense at the pace these threats demand.”
Chainguard bets on AI as a defensive shield
Athena comes with two parts. The first is a coalition of more than two dozen companies that will collaborate to hunt down and remediate flaws in widely used open-source software using cutting-edge AI models. Its supporters are a who’s who of finance and enterprise infrastructure companies such as JPMorgan Chase, Cisco, Cloudflare, Docker, Kyndryl, and PwC.
Also: 5 security tactics your business can’t get wrong in the age of AI – and why they’re critical
These companies already face stringent regulatory and customer pressure around software supply-chain risk. The coalition gives them a way to pool data, AI capabilities, and remediation work on vulnerabilities that cut across their stacks. The aim is to shift from one-off, project-specific fixes to a coordinated model in which critical AI-identified open-source software flaws can be found and addressed before they appear in attacker playbooks.
Fixing flaws before attackers can find them
Technically, Athena’s core promise is speed. It will find and patch open-source vulnerabilities “before attackers can find them.” Under the program, AI systems will sift through massive volumes of open-source code and dependency graphs to flag potential weaknesses so they can be validated and fixed upstream.
Also: 5 ways to fortify your network against the new speed of AI attacks
Sometimes, however, the patches aren’t available as quickly as we’d want or need. To address this, Chainguard explains: “Athena stacks independent layers of protection so that coverage exists even where a clean patch does not yet, and stays on every flaw until a durable upstream fix is in place.”
This approach looks like this:
- Discovery — Vetted findings are pooled from across the coalition, including frontier research programs such as Anthropic’s Project Glasswing and OpenAI’s Daybreak. Athena accepts findings generated by all frontier models.
- Pre-embargo remediation — Private forks and rebuilt, hardened versions are made available to members through Chainguard Libraries before disclosure: Findings are addressed in batches across an entire library, hardening it against whole classes of issues rather than a single bug. If a model happens to surface a flaw first, it stays quiet even when a more capable model arrives.
- Continuous reconciliation — Every finding is reconciled against upstream activity throughout the embargo, catching independent discovery and keeping fixes current as projects move ahead.
- Platform, network, and infrastructure mitigations — Partners that operate infrastructure, platform, network, and security layers push non-patch mitigations ahead of disclosure: detection signatures, traffic-level rules, and platform-side blocks that neutralize a flaw without the affected software ever being touched, at machine speed and broad reach.
- Detections and vendor mitigations — Cybersecurity partners add their own detections, signatures, and virtual patching as a further independent layer.
- Upstream disclosure and hard forks — The coalition drives coordinated upstream disclosure, and Chainguard hopes to work with the Linux Foundation on a coordinated Security Incident Response Team for open source and a maintainer-of-last-resort program.
Also: Linus Torvalds on the AI claim that makes him angry, and what security researchers should never do
Chainguard is tying the initiative directly to its secure-by-default product line, which includes SLSA Level 3-compliant builds, signed artifacts with Software Bill of Materials, minimal images, and packages rebuilt from source daily to keep vulnerability counts near zero. By feeding Athena’s findings into this factory, the company says it can rapidly ship hardened containers, libraries, virtual machines (VMs), and open-source packages that incorporate fixes. Simultaneously, this gives customers a clear provenance trail for compliance regimes ranging from FedRAMP and HIPAA to the EU’s Cyber Resilience Act and NIS2.
A new front in the open-source AI security race
Chainguard and its friends aren’t the only ones trying to get everyone on the same page when it comes to securing open-source code. IBM and Red Hat are throwing billions of dollars and thousands of engineers at the problem.
The Open Source Security Foundation (OpenSSF) is also working on OSS-CRS as a new open-source project within the AI/ML Security Working Group. This is a standard orchestration framework for building and running LLM-based autonomous bug-finding and bug-fixing systems.
Also: Open-source security is a mess – IBM and Red Hat bet $5 billion and 20,000 engineers can fix it
For CISOs and regulators watching the AI security story unfold, Athena will be a test case of whether AI-augmented collaboration on open-source vulnerabilities can scale beyond marketing slogans into measurable reductions in exploitable bugs. Personally, I think Chainguard and company can pull it off.
After all, as Lorenc pointed out, “Athena is operational today. More than 20,000 findings processed, 2,000 patches across 500 projects, first coordinated disclosures in about a month.”
However, as Lorenc said, “Will it be perfect? No, and no one should pretend otherwise. But fragmentation is worse, standing still isn’t survivable, and the more of the industry that’s in, the less any attacker has left to find. Join us.” You should. If anything’s going to save our code, it will be efforts like Athena.
