惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

AWS Open Source Blog

Building secure AI agents at scale: Introducing Loom for AWS | Amazon Web Services Introducing MCP server for Registry of Open Data on AWS | Amazon Web Services Building a Stateful IT Service Desk Agent with LangGraph on Amazon EKS | Amazon Web Services Open Governance for MySQL: A Step Forward for the Community | Amazon Web Services Governing AI Assets at Scale with MCP Gateway and Registry | Amazon Web Services Introducing Trusted Remote Execution: Policy-Enforced Scripts for AI Agents and Humans | Amazon Web Services Decoupling Authorization at Scale: MongoDB Atlas and Cedar-Based Resource Policies | Amazon Web Services Deploying cloud-based engineering workbenches with the Virtual Engineering Workbench on AWS | Amazon Web Services OCSF Achieves ITU Support: Powering AI-Ready Security Operations | Amazon Web Services Introducing Strands Labs: Get hands-on today with state-of-the-art, experimental approaches to agentic development | Amazon Web Services Cedar Joins CNCF as a Sandbox Project | Amazon Web Services Building intelligent physical AI: From edge to cloud with Strands Agents, Bedrock AgentCore, Claude 4.5, NVIDIA GR00T, and Hugging Face LeRobot | Amazon Web Services Shaping the future of MCP: AWS’s commitment and vision | Amazon Web Services Introducing Strands Agent SOPs – Natural Language Workflows for AI Agents | Amazon Web Services Announcing ml-container-creator for easy BYOC on SageMaker | Amazon Web Services The Swift AWS Lambda Runtime moves to AWSLabs | Amazon Web Services Jupyter Deploy: Create a JupyterLab application with real-time collaboration in the cloud in minutes | Amazon Web Services Introducing CLI Agent Orchestrator: Transforming Developer CLI Tools into a Multi-Agent Powerhouse | Amazon Web Services Strands Agents and the Model-Driven Approach | Amazon Web Services AWS joins the DocumentDB project to build interoperable, open source document database technology | Amazon Web Services Open Protocols for Agent Interoperability Part 4: Inter-Agent Communication on A2A | Amazon Web Services Powering AI-Driven Security with the Open Cybersecurity Schema Framework | Amazon Web Services Introducing Strands Agents 1.0: Production-Ready Multi-Agent Orchestration Made Simple | Amazon Web Services Open Protocols for Agent Interoperability Part 3: Strands Agents & MCP | Amazon Web Services Open Protocols for Agent Interoperability Part 2: Authentication on MCP | Amazon Web Services Introducing AWS CDK Community Meetings | Amazon Web Services Secure your Express application APIs in 5 minutes with Cedar | Amazon Web Services
AWS and Others Invest $12.5M to Defend the Open Source Ecosystem from AI Threats | Amazon Web Services
2026-03-18 · via AWS Open Source Blog

AWS and Others Invest $12.5M to Defend the Open Source Ecosystem from AI Threats

AWS, Anthropic, Google, Microsoft, and OpenAI today announced a joint $12.5 million investment with the Linux Foundation to help open source projects address a surge in AI-enhanced and AI-generated security vulnerability reports. Both the Alpha Omega initiative and the Open Source Security Foundation (OpenSSF) will receive funding through the Linux Foundation grants.

Software security is at a critical juncture in which foundation models are beginning to outpace security researchers in their ability to find bugs in critical code. Anthropic reported last month that its latest Claude Opus 4.6 model, for example, found and validated more than 500 high-severity vulnerabilities in open source projects in an initial round of research.

With this new funding, building on past multi-million dollar commitments of AWS, Google, and Microsoft to Alpha Omega, we will provide tools, automation, and resources to help open source maintainers quickly validate and remediate legitimate vulnerabilities while filtering out low-quality submissions. The investment builds on Alpha Omega’s proven track record of strengthening open source security across ecosystems over the past four years.

Together with Alpha Omega members, the Linux Foundation, the OpenSSF, and the broader open source security community, we seek to ensure that the same AI capabilities creating new challenges will also build more robust defenses for the software supply chain that powers global digital infrastructure.

AI Increasingly Finds Vulnerabilities in Open Source Projects

Producing security-related bug reports was once painstaking work that used specialized tools to conduct application fuzzing and pen-testing, validating and reporting issues, and remediating vulnerabilities, a process often taking many months if not longer. This process has now become a race against the clock to outpace potential threat actors who have equal access to powerful AI models that identify potential exploits, using widely available generative AI tools.

Open source maintainers have also raised alarms that AI-generated bug reports are overwhelming their ability to review them. Many of the reports are of very low quality—a reality given rise to the new industry term “AI slop.” Many projects have already elected to put guidelines in place for AI submissions, while others have shut down upstream contributions entirely to prevent a flood of AI-generated pull requests.

Whether AI is finding legitimate vulnerabilities or submitting slop reports, the need to respond quickly and at scale is fast becoming an industry-wide issue. While projects need to patch their code, the responsibility cannot and should not fall entirely on overwhelmed maintainers.

AWS, Open Source, and Artificial Intelligence

As the world’s leading cloud provider, and a company that has invested deeply in open source supply chain security, tooling, and best practices, AWS will step up to help address the new security challenges that come with ubiquitous AI. AWS adopts, contributes to, and releases core technologies as open source, like countless companies, to build and run our cloud services. Secure open source projects are the foundation on which we deliver the cloud services that power our customers’ next great AI-enabled innovations.

AWS already provides a number of valuable tools and technologies for building and maintaining advanced AI systems. The Amazon Bedrock service for secure model hosting and the Amazon Bedrock AgentCore framework provide a rich set of building blocks for advanced, secure agentic applications. These capabilities include a secure, isolated compute platform for agents based on Firecracker, IAM and OAuth-based identity management, centralized tool access mediated by AgentCore Gateway and a Cedar-based policy engine, and rich observability and evaluation capabilities. Kiro leverages the power of frontier AI models, bringing structure to AI coding with specification-driven development, backed by AWS security best practices.

Amazon’s Frontier Agents provide not only automated software development but Security and DevOps agents to provide more comprehensive AI support for the software development and deployment lifecycle. With our additional investment in Alpha-Omega, we will help to extend the power of AI across the broader open source ecosystem.

Finding and fixing bugs

While AI-generated bug reports can create problems for open source projects, they are also invaluable for improving supply chain security. Never before have we been able to find and fix bugs at this speed or scale. We believe the same advanced models and tools that are finding the issues, can also be leveraged to fix them through better tooling and automation.

However, no single company can solve this problem, a problem that will increase as more advanced models are released. Industry leaders must work together to ensure remediation is done quickly and in a manner that helps open source maintainers sustain the health of their projects over the long term. In doing so, we are helping to secure the software supply chain for everyone.

To this end, AWS has joined with Alpha Omega platinum members Google, and Microsoft, as well as new members Anthropic and OpenAI, to announce an additional $12.5 million in funding. The $2.5 million investment from AWS is part of a larger pool of funds earmarked specifically to help open source projects, and the maintainers who work on them, to more quickly fix security vulnerabilities. With this new funding, Alpha Omega aims to provide tools, automation, training, and other resources that will help open source projects keep pace with the rate at which foundation models are reporting new vulnerabilities.

Alpha Omega has improved open source security

For the past four years, Alpha Omega has provided grants to open source projects and foundations to fund security improvements. These improvements include things such as hiring full-time security engineers, conducting security audits, improving release tooling, and much more. Through Alpha Omega, the investing companies can work together, and with project maintainers and others in the open source security community to make sure the funds go to the most critical projects and initiatives.

The organization, which is housed inside the OpenSSF at the Linux Foundation, has already achieved significant security improvements that affect entire ecosystems. Over the past four years, Alpha Omega has delivered security reports, mediated vulnerabilities, and forged partnerships with organizations such as the Internet Security Research Group, Apache Software Foundation, Rust Foundation, Python Software Foundation and Eclipse Software Foundation.

As the result of Alpha Omega’s funding in 2025, for example, the Rust Foundation fully deployed Trusted Publishing on crates.io and became an official CVE Numbering Authority. Node.js fixed two high-severity vulnerabilities. The Python Software Foundation enhanced PyPI’s malware detection and account security. The FreeBSD Foundation improved third-party software security in FreeBSD’s base system, successfully upgrading OpenSSL from 3.0 to 3.5 LTS (extending support until 2030). The Eclipse Foundation addressed vulnerabilities in OpenVSX.

AWS is committed to working with the other Alpha Omega members and the projects they fund to help solve the issues arising from emerging AI technologies and unknown challenges in the future.  We hope you’ll join us. Visit https://alpha-omega.dev/ for more information on the project and its initiatives and to get involved.