Open-source security firm Chainguard has brought together dozens of partners in a new industry coalition to protect open-source software from AI attacks.
The initiative, called Athena, was announced by Chainguard on June 16. Its founding members include BNY, Chainguard, Cisco, Cloudflare, Corridor, DepthFirst, Docker, JPMorganChase, Kyndryl, LTIMindtree and PwC.
Based on preliminary work at Chainguard, Athena provides a vulnerability intelligence sharing platform and tools to fix the vulnerabilities frontier AI models, like Anthropic’s Mythos and OpenAI’s GPT-5.5.-Cyber, find before attackers can exploit them.
Here’s how Athena works, according to Chainguard’s CEO Dan Lorenc:
- Coalition members pool vulnerabilities affecting open-source projects they have discovered and packages into the Athena platform using frontier AI programs they have access to, including Anthropic’s Project Glasswing and OpenAI’s Daybreak
- Chainguard patches them privately and affected projects are rebuilt as private, hardened versions, available to members through Chainguard Libraries before disclosure
- Coalition members that operate infrastructure, platform, network and security layers push non-patch mitigations ahead of disclosure so that coverage exists even where a clean patch does not yet
- Cybersecurity partners add their own detections, signatures and virtual patching
- The Athena coalition drives coordinated upstream disclosure
Additionally, Chainguard hopes to work with the Linux Foundation on a coordinated Security Incident Response Team (SIRT) for open source and a maintainer of last resort program.
Announcing the project on LinkedIn, Lorenc said Athena allows for every vulnerability one member discovers to get remediated and pushed upstream, “becoming a fix the entire ecosystem inherits, often before disclosure.”
“And for the parts of the world that can’t patch on an attacker’s timeline, partners who sit in front of much of the internet push mitigations out ahead of disclosure, blocking the issue for people who never knew there was anything to block,” he added.
Chainguard also highlighted that the Athena model acts as “an AI cybersecurity clearinghouse” like the one the US government has been asked to build following the Trump Administration’s latest Executive Order, Promoting Advanced Artifical Intelligence Innovation and Security, published on June 2.
“It’s even more relevant since the US government declared Mythos too dangerous for public access on Friday,” the open-source security company added.
Athena is operational and has already processed over 20,000 findings and shipped more than 2000 patches across 500 open-source projects.
The initiative will begin publishing its first wave of disclosures in July and continues to welcome new partners.
“Will it be perfect? No, and no one should pretend otherwise,” said Lorenc. “But fragmentation is worse, standing still isn’t survivable, and the more of the industry that’s in, the less any attacker has left to find. Join us.”
