惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
博客园_首页
H
Help Net Security
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
GbyAI
GbyAI
Scott Helme
Scott Helme
D
Docker
Hacker News: Ask HN
Hacker News: Ask HN
P
Privacy & Cybersecurity Law Blog
Jina AI
Jina AI
雷峰网
雷峰网
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
G
GRAHAM CLULEY
C
Cisco Blogs
The Hacker News
The Hacker News
F
Full Disclosure
Y
Y Combinator Blog
Blog — PlanetScale
Blog — PlanetScale
Recent Announcements
Recent Announcements
G
Google Developers Blog
量子位
K
Kaspersky official blog
Cisco Talos Blog
Cisco Talos Blog
The Cloudflare Blog
A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
Last Week in AI
Last Week in AI
博客园 - 三生石上(FineUI控件)
Microsoft Security Blog
Microsoft Security Blog
Martin Fowler
Martin Fowler
T
Tenable Blog
P
Palo Alto Networks Blog
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
Schneier on Security
Schneier on Security
The Register - Security
The Register - Security
F
Fortinet All Blogs
Stack Overflow Blog
Stack Overflow Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
The Blog of Author Tim Ferriss
N
News and Events Feed by Topic
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
V
V2EX
爱范儿
爱范儿

Latest news

Why I'm recommending last year's phones over 2026 models - with one exception This powerful Gemini setting made my AI results way more personal and accurate After testing this HP laptop, I get why its 'boring' design is adored by business users The best TV antenna of 2026: Expert tested Your old iPad or Android tablet can be your new smart home panel - here's how Apple's original AirTag still tracks effectively, and you can get a 4-pack for its best price ever How to qualify for Apple's education discount - and get a $499 MacBook Neo for school T-Mobile will give you a Samsung Galaxy Watch 8 for free - how to get yours Prolonged AI use can be hazardous to your health and work: 4 ways to stay safe Verizon will give you a free iPad or Apple Watch with your next iPhone - how the deal works The best laptops of 2026: Expert tested and reviewed I hid 4 Bluetooth trackers (including AirTags) to test their reliability - here's how Android rivals compared I stopped using my iPhone's hotspot after testing this 5G router - and that won't change The best Kindles in 2026: Expert recommended Does Best Buy price match? Everything to know about matching prices online and in-store The best WordPress hosting services of 2026: Expert tested and reviewed The best Apple Watch of 2026: Expert tested and reviewed The best TV screen cleaners of 2026: Expert recommended The best 50-inch TVs of 2026: Expert tested I traded my Sonos Era 300 for Denon's new home speaker - and see no reason to go back AI-powered website builders have come a long way - here's your best option in 2026 Amazon just slashed $250 off the Google Pixel 10 - and a Prime subscription isn't required I found the apps slowing down my PC - how to kill the biggest memory hogs These companies are actually upskilling their workers for AI - here's how they do it Verizon will give you Meta Ray-Bans for free with this Fios Internet deal - how to get yours I tried the new Gemini app for Mac - it has one major advantage over the web version How Google's updated AI Mode will ease your tab clutter when you search Why this MagSafe battery pack is our readers' favorite model right now - especially at its price T-Mobile will give you a Google Pixel 10a for free - plus an extra gift OpenAI's Codex Desktop can run your computer now - and has its own browser Want to build a startup that gets acquired? This founder shares 5 proven tips Google to pay $135M settlement to Android phone users - how to claim your share if you qualify Want to stand out on LinkedIn? Try this career strategist's top 3 tips for strengthening your profile I've used Dell's new XPS 16 for a week, and it's the Windows laptop to beat in 2026 You can get 50% off YouTube Premium for 1 year right now - but the deal ends soon Tidal vs. Qobuz: I tried both hi-res streaming services, and they couldn't be more different This stroller turns into a carry on-suitcase, and I recommend it for traveling parents The best small business VoIP providers of 2026: Expert tested and reviewed Protect your devices with our pick for the best antivirus software, now over 60% off MacBook Neo vs. Surface: Why spiraling RAM prices are bruising Microsoft's PC business but not Apple's I tried Google's new desktop app for Windows, and I'll never search the old way again Microsoft's Windows 11 laptop deal for students comes with a $500 bonus - what's included You can buy an LG B5 OLED for $1,500 off at Best Buy - and it comes with a free 4K TV Why Zorin OS 18.1 is simply the best Linux distro - for anyone Why Netgear just got the first FCC router ban exemption in the US Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works Can this $70 Linux app make up for the lack of Photoshop? I tried it to find out 'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source iPhone charging slowly? 6 quick fixes to try before blaming your battery Roku TV vs. Fire Stick: Why I'm looking beyond streaming resolution when comparing the two AI is getting better at your job, but you have time to adjust, according to MIT The best internal communication tools of 2026: Expert tested and reviewed Half of all US employees use AI at work now - and waste almost 8 hours a week doing it The latest Google Home update brings Gemini fixes that I'm actually excited to try again I've been subscribed to a data removal service a month now - what I wish I knew sooner You can use Linux 7.0 on these 7 distros today - here's what to expect How I share audio from my Android phone to multiple earbuds (and why it's a big deal) Why the Apple Watch's 20-minute calibration test is worth your time - especially if you're data curious Meta is selling refurbished Ray-Bans for as low as $197 right now - but they're going fast Setting a MagSafe charger on my nightstand was the iPhone upgrade I didn't know I needed I swapped my Sony WH-1000XM6 for lower-end JBL headphones, and they still sounded great I tested ChatGPT Plus vs. Gemini Pro to see which is better - and if it's worth switching I used the 'Plus Five' rule to fix my iPhone's slow wireless charging - here's how it works The new rules for AI-assisted code in the Linux kernel: What every dev needs to know 'Job seekers have to be detectives': 3 signs that listing is a scam How the latest Netrunner distro delivers a Linux productivity powerhouse This Linux distro offers an easy DNS switcher - but there's more to it that I like I tested Artix Linux: An enjoyable systemd-free distro for experienced users (and ChromeOS speeds) I spent two years testing wind power at home - here's why solar is still my preferred source I camera-tested the Samsung Galaxy S26 Ultra with Oppo and Xiaomi - this model won it for me How I boosted my portable solar panels' power by up to 30% - 11 expert-approved tips I see why Ubuntu 26.04 is more than just a performance bump for thrill-seeking gamers France is ditching Windows for digital sovereignty - and its new Linux stack is taking shape KDE Linux is the purest form of Plasma I've used in months - but there's a catch LG C6 vs. LG C5: Why the 2025 model is still the smarter OLED TV model buy for me How I disabled 'fast startup' on my Windows 11 laptop to stop overnight battery drain 30 years later, I returned to Enlightenment Linux to test the Elive beta - and it's much better Here's my favorite email trick for cleaning up inbox clutter - automatically The $30 Google TV stick may be the budget Chromecast successor we've been waiting for The best AR and MR glasses in 2026: Expert tested and reviewed This handy electric screwdriver is now 50% off - here's where to snag the deal This Ryobi yard essentials bundle packs a free power tool - how to get yours After trying these boomless headphones in the office, I'm feeling hopeful for the future of work tech I used this EcoFlow battery to run my 3,000-sq-ft home in a blackout - here's how it kept my AC on Microsoft's Windows Insider Program is no longer a confusing mess Forget Shokz: I tried the Suunto Spark earbuds for a month, and they've sold me on air conduction iOS 26.4 brings essential upgrades to your iPhone - including a vital security fix YouTube Premium is getting a price increase in June - but you can save $32 with one change Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now I walked 3,000 steps with my Apple Watch, Google Pixel, and Oura Ring - this tracker was most accurate I stopped guessing which AA batteries are dead - this charging station keeps them in check for me My favorite Android Auto find is these hidden shortcuts that are highly customizable AirDrop is coming to older Samsung phones - is yours supported? How to get it early I'm no longer using Google Photos as just a cloud storage - 5 tools that elevate the app The best data removal services of 2026: Expert tested and reviewed The best Samsung TVs of 2026: Expert tested and reviewed The best mobile scanning apps of 2026: Expert tested and reviewed The best HP laptops of 2026: Expert tested and reviewed After using Lenovo's new Yoga laptop, I'm wondering if Windows makers are running out of ideas Samsung S95H vs. Samsung S95F: I compared the OLED TVs and wasn't prepared for the upset
Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them
Steven Vaughan-Nichols · 2026-06-16 · via Latest news
Chainguard Athena
Chainguard / ZDNET

Follow ZDNET: Add us as a preferred source on Google.


ZDNET's key takeaways

  • Chainguard and friends will use AI to protect open-source code from attackers.
  • Athena uses the resources of open-source users, developers, and maintainers.
  • Chainguard isn't the only one seeking to secure open-source code with AI.

As everyone in IT knows, or should know anyway, AI has opened up a new front in attacking open-source code security. Hacking used to require real skill. Now, anyone with a sufficiently advanced AI model can pry open programs and infect them with AI-custom-made malware. The software company Chainguard, which specializes in zero-CVE container images and security-hardened open-source code, is joining with others to beat the attackers to the punch with Athena.

As Chainguard puts it, "The gap between a vulnerability being discovered and being exploited has collapsed from years to hours, and a growing share of exploits are weaponized before the bug is ever publicly disclosed. Coordinated disclosure was built for a world in which finding a serious flaw took weeks, and the targets were few. That world is gone." Chainguard is right. It is.

Also: Treat your AI agents like eager but misguided human interns - before you lose control

Something had to be done. As the company's CEO and co-founder, Dan Lorenc, wrote on LinkedIn, we had a "choice between letting open-source security fragment into a dozen rival patch sets nobody can reconcile, or doing the hard, coordinated thing instead. I said it would only work if we built it together, and admitted I had no idea if we actually would. Here's the update: the industry showed up. It's called Athena, and it's live."

Anthony Grieco, Cisco's SVP, chief security and trust officer, agrees. "For decades, Cisco has helped secure the open-source ecosystem. That work now faces new urgency; frontier AI has accelerated the vulnerability discovery cycle beyond what traditional coordinated disclosure was built to handle. Chainguard's Athena Coalition represents an important evolution, the coordination of open-source vulnerability intelligence and defense at the pace these threats demand."

Chainguard bets on AI as a defensive shield

Athena comes with two parts. The first is a coalition of more than two dozen companies that will collaborate to hunt down and remediate flaws in widely used open-source software using cutting-edge AI models. Its supporters are a who's who of finance and enterprise infrastructure companies such as JPMorgan Chase, Cisco, Cloudflare, Docker, Kyndryl, and PwC.

Also: 5 security tactics your business can't get wrong in the age of AI - and why they're critical

These companies already face stringent regulatory and customer pressure around software supply-chain risk. The coalition gives them a way to pool data, AI capabilities, and remediation work on vulnerabilities that cut across their stacks. The aim is to shift from one-off, project-specific fixes to a coordinated model in which critical AI-identified open-source software flaws can be found and addressed before they appear in attacker playbooks.

Fixing flaws before attackers can find them

Technically, Athena's core promise is speed. It will find and patch open-source vulnerabilities "before attackers can find them." Under the program, AI systems will sift through massive volumes of open-source code and dependency graphs to flag potential weaknesses so they can be validated and fixed upstream.

Also: 5 ways to fortify your network against the new speed of AI attacks

Sometimes, however, the patches aren't available as quickly as we'd want or need. To address this, Chainguard explains: "Athena stacks independent layers of protection so that coverage exists even where a clean patch does not yet, and stays on every flaw until a durable upstream fix is in place."

This approach looks like this:

  • Discovery -- Vetted findings are pooled from across the coalition, including frontier research programs such as Anthropic's Project Glasswing and OpenAI's Daybreak. Athena accepts findings generated by all frontier models.
  • Pre-embargo remediation -- Private forks and rebuilt, hardened versions are made available to members through Chainguard Libraries before disclosure: Findings are addressed in batches across an entire library, hardening it against whole classes of issues rather than a single bug. If a model happens to surface a flaw first, it stays quiet even when a more capable model arrives.
  • Continuous reconciliation -- Every finding is reconciled against upstream activity throughout the embargo, catching independent discovery and keeping fixes current as projects move ahead.
  • Platform, network, and infrastructure mitigations -- Partners that operate infrastructure, platform, network, and security layers push non-patch mitigations ahead of disclosure: detection signatures, traffic-level rules, and platform-side blocks that neutralize a flaw without the affected software ever being touched, at machine speed and broad reach.
  • Detections and vendor mitigations -- Cybersecurity partners add their own detections, signatures, and virtual patching as a further independent layer.
  • Upstream disclosure and hard forks -- The coalition drives coordinated upstream disclosure, and Chainguard hopes to work with the Linux Foundation on a coordinated Security Incident Response Team for open source and a maintainer-of-last-resort program.

Also: Linus Torvalds on the AI claim that makes him angry, and what security researchers should never do

Chainguard is tying the initiative directly to its secure-by-default product line, which includes SLSA Level 3-compliant builds, signed artifacts with Software Bill of Materials, minimal images, and packages rebuilt from source daily to keep vulnerability counts near zero. By feeding Athena's findings into this factory, the company says it can rapidly ship hardened containers, libraries, virtual machines (VMs), and open-source packages that incorporate fixes. Simultaneously, this gives customers a clear provenance trail for compliance regimes ranging from FedRAMP and HIPAA to the EU's Cyber Resilience Act and NIS2.

A new front in the open-source AI security race

Chainguard and its friends aren't the only ones trying to get everyone on the same page when it comes to securing open-source code. IBM and Red Hat are throwing billions of dollars and thousands of engineers at the problem.

The Open Source Security Foundation (OpenSSF) is also working on OSS-CRS as a new open-source project within the AI/ML Security Working Group. This is a standard orchestration framework for building and running LLM-based autonomous bug-finding and bug-fixing systems.

Also: Open-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it

For CISOs and regulators watching the AI security story unfold, Athena will be a test case of whether AI-augmented collaboration on open-source vulnerabilities can scale beyond marketing slogans into measurable reductions in exploitable bugs. Personally, I think Chainguard and company can pull it off.

After all, as Lorenc pointed out, "Athena is operational today. More than 20,000 findings processed, 2,000 patches across 500 projects, first coordinated disclosures in about a month."

However, as Lorenc said, "Will it be perfect? No, and no one should pretend otherwise. But fragmentation is worse, standing still isn't survivable, and the more of the industry that's in, the less any attacker has left to find. Join us." You should. If anything's going to save our code, it will be efforts like Athena.

Featured