Chainguard and Athena face 20,000 AI-found vuln reports, with first disclosures starting in 3 weeks

Summer isn’t just hot. For security teams, it’s about to get messy fast because AI is finding vulnerabilities at an accelerating rate in the open source code that powers modern apps.

Chainguard CEO and co-founder Dan Lorenc told The Register that Athena, a newly formed coalition of about two dozen companies, has already processed more than 20,000 vulnerability findings and developed over 2,000 patches across 500 open source projects. In about three weeks, the coalition’s first wave of bug disclosures will begin. Lorenc’s warning is blunt: if you keep running scans on the same libraries and code, “it just keeps finding more [vulnerabilities],” and they have not seen that curve bottom out yet.

So what exactly is Athena doing, and why does it matter to executives who normally think of “security” as tickets and SLAs? Athena is trying to make vulnerability research and remediation “as easy to consume as possible.” The coalition includes founding member companies such as BNY, Cisco, Cloudflare, Corridor, DepthFirst, Docker, JPMorganChase, Kyndryl, LTM, and PwC, with Chainguard leading the effort. Many of these companies also participate as partners with Anthropic’s Project Glasswing and OpenAI Daybreak, which let them test frontier bug-hunting models. Athena’s process accepts vulnerability findings generated by all frontier models.

This is the critical detail: the coalition is not just collecting alerts. Athena submits vulnerability reports to Chainguard, which acts as a clearinghouse, deduplicating, correlating, and addressing findings from members in batches across entire libraries. The goal is not one-off fixes. It is hardening against classes of vulnerabilities instead of just one bug. Athena then rebuilds affected open source projects as private, hardened versions available to members through Chainguard Libraries before vulnerabilities are publicly disclosed, and ideally the upstream projects are patched about a month later. For projects where maintainers cannot deliver a permanent fix, Athena positions itself as a “maintainer of last resort.”

Why does this feel like it’s snowballing? Because most applications are mixtures of code, and the open source portion is huge. Lorenc says 95 percent of the code in these codebases is open source. After running advanced models on proprietary code, you still hit the application-level reality: the third-party dependencies you cannot change are where a large share of risk lives. At that point, you get stuck in the old disclosure treadmill, except now the number of findings can jump orders of magnitude.

The source of the urgency is also time. The only guarantee in vulnerability disclosure, Lorenc says, is that attackers move quickly, and the “time to exploit,” defined as the time between a CVE’s public disclosure and first confirmed exploitation in the wild, has essentially collapsed. That means an organization can be vulnerable even before a patch exists, and in a world where AI discovery is speeding up, the window between “we found it” and “someone could exploit it” can shrink dramatically. Lorenc called it an “awkward, strange world and timeline,” with pressure building because frontier models are getting better, and open models are getting better too, potentially discovering issues at the same time.

You can also see the scale problem in Anthropic’s own disclosure. In May, Anthropic said it used Mythos Preview to scan more than 1,000 open-source projects and found an estimated 6,202 high or critical-severity vulnerabilities in those projects. Lorenc framed Athena’s work as a clearinghouse for the critical industry problem created when organizations generate massive numbers of bug reports they cannot easily route, prioritize, or coordinate, especially when they do not even know how to contact the right maintainers.

And Athena is not the only coalition leaning into coordination. On Thursday, the Linux Foundation joined the effort and announced Akrites, an industry coalition to defend open source software against AI-enabled threats by finding and fixing vulnerabilities. Akrites establishes a shared Security Incident Response Team (SIRT) and a standardized Coordinated Vulnerability Disclosure (CVD) process. Founding companies include Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, Nvidia, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler.

Lorenc’s argument for Akrites is that AI will push everyone to patch at speed, but without coordination, fixes can fragment across different patches and forks. That fragmentation can also burden maintainers who are already overwhelmed, unreachable, or have not touched a project in years. Akrites, he said, provides a coordinated way to fix flaws upstream before criminals exploit them, and the dedicated SIRT gives maintainers a single partner to work with for remediation instead of a hundred uncoordinated reports. In other words, the strategic goal is to make disclosure and remediation less chaotic when vulnerability discovery ramps up.

For boards and C-suite leaders, the takeaway is uncomfortable but actionable. This is not only a technical issue. It is an operational capacity issue, a coordination issue, and increasingly a timeline issue. If the “attack surface” is mostly open source and AI keeps finding new issues faster than upstream can respond, then security programs will need to treat vulnerability management and disclosure coordination as part of enterprise risk management. Athena’s first wave of disclosures in about three weeks is a near-term stress test for how well the industry can move from massive detection to coherent patching without splintering the ecosystem.