Early results: Within days of launch, Athena had already shipped roughly 2,000 patches across 500 open-source projects, processing more than 20,000 findings .
Goal: Make finding and fixing open-source bugs "as easy to consume as possible" to stay ahead of attackers who are also using AI to find flaws, according to Chainguard CEO and co-founder Dan Lorenc .
Announced June 25, 2026, Akrites is a Linux Foundation–led effort backed by 20 founding members including AWS, Google, Microsoft, OpenAI, NVIDIA, IBM, Red Hat, Cisco, JPMorganChase, Anthropic, and Chainguard itself .
Shared SIRT: Akrites establishes a single, shared Security Incident Response Team (SIRT) that handles vulnerability discovery, remediation, and disclosure across critical open-source projects . Instead of dozens of organizations independently filing duplicate reports that overwhelm maintainers, all findings route through the SIRT for deduplication, validation, and coordinated patch development
.
Standardized CVD process: It provides one coordinated vulnerability disclosure (CVD) pipeline so patches are developed and released in a controlled, responsible manner rather than chaotically .
AI-speed focus: Akrites was created explicitly because frontier AI models can find software vulnerabilities in minutes, so the response infrastructure must operate at the same velocity . The initiative acts as a "maintainer of last resort" for abandoned but widely used packages
.
Scope: Targets critical open-source software used globally, with a mission to "find, fix, and responsibly disclose" flaws before AI-powered exploits can weaponize them .
Project Lightwell was announced in late May 2026 as a $5 billion, 20,000-engineer joint initiative by IBM and Red Hat . On June 24, Palo Alto Networks joined; on June 26, Deloitte announced its collaboration
.
Enterprise clearinghouse model: Lightwell functions as an AI-driven security clearinghouse for open-source software in enterprise supply chains — it identifies vulnerabilities and deploys validated patches at scale .
Deloitte's role: Deloitte is collaborating to scale automated vulnerability patching across regulated software supply chains (finance, healthcare, critical infrastructure) where manual patching lags .
Palo Alto Networks integration: The expanded collaboration integrates Palo Alto Networks' Virtual Patching capability with Lightwell, combining rapid network-level protection with software remediation across open-source software, commercial applications, and operational technology .
Athena and Akrites are complementary. Chainguard is a founding member of both Athena and Akrites . Athena focuses on the operational pipeline of AI-driven patch production, while Akrites provides the neutral, cross-industry governance and disclosure framework. One SecurityWeek analysis notes that "while the Linux Foundation's new announcement makes no mention of Athena, Akrites walks the same path" — offering the tools and channels to report, validate, and address OSS vulnerabilities
.
Lightwell is commercial and enterprise-focused. Unlike the coalition models, Project Lightwell is a commercial subscription offering that sells AI-driven vulnerability management to large enterprises .
Common thread: All three recognize that AI has collapsed the time window between vulnerability discovery and exploitation. Frontier AI models can now scan major software projects and surface vulnerabilities in minutes for as little as $1 . The entire find-patch-disclose cycle must be compressed from weeks to hours or minutes
.
Deloitte's involvement in Lightwell is significant for regulated industries. The collaboration aims to bring automated patching to sectors where manual patching processes are slow and compliance-heavy, potentially closing a critical gap in financial services, healthcare, and critical infrastructure .