Introducing Athena: the industry coalition to protect open source software from AI attacks.
Athena is operational today. More than two dozen members. It's processed 20,000+ findings and generated 2,000+ patches across 500+ open source projects.
Join us: https://t.co/PFpmpzkU9W
“They can’t scope work accurately, can’t set realistic expectations and can’t coach their teams on these tools. They’re leading a transformation they haven’t experienced themselves.”
Chainguard CEO and cofounder @lorenc_dan was featured in @Bloomberg on why leaders need to model AI usage for their teams: https://t.co/ccHRfGFKvK
Attackers don't need to be better than your defenses anymore... they just need to be faster 💨 And right now, they are.
@lorenc_dan shares more on @MTSlive 👇
SITUATION EXPLAINED: What does it mean that models have surpassed humans at finding exploits in open source code?
We asked @lorenc_dan, co-founder and CEO of @chainguard_dev:
"Models have surpassed the ability of humans to find exploits and to find vulnerabilities in code. They're getting found incredibly quickly, and they're being weaponized incredibly quickly too."
"All of those systems and tools that people have had for years to deal with this kind of update cycle and patch cycle now aren't keeping up."
"There's been a margin call on 10 years of tech debt. It's tech debt that's been around that people have just been refinancing over and over, and now all of a sudden you have to figure out a way to pay that tech debt."
"But all of a sudden, overnight almost, this became one of the most pressing problems for the world of software."
Between March 1 and May 31, we examined 2,400 unique container image projects, 18,016 total vulnerability instances, and 886 unique CVEs. Here's what we learned:
1️⃣ High-severity vulnerabilities accounted for 63.1% of all observed instances (a 13% increase quarter-over-quarter)
2️⃣ AI is helping engineers build and ship faster than ever before, but it is also enabling attackers to launch highly sophisticated, dangerous software supply chain attacks
3️⃣ Last quarter, we remediated 886 unique CVEs, as AI-assisted software development and vulnerability discovery hit the mainstream
4️⃣ 97.0% of all observed vulnerability instances occurred outside the top 20 projects
Get the full details in The State of Trusted Open Source: https://t.co/e03uvzCMgs
🪚 "AI showed up and gave everyone a circular saw. It's way faster, but also a lot easier to lose a finger. Today, everyone is figuring out what guardrails to put in place to do this safely.”
@lorenc_dan talked to @BusinessInsider about the double-edged sword of AI-generated coding: https://t.co/u7sNove4E6
The age of AI requires a new solution to cybersecurity challenges. Today, the Linux Foundation and industry leaders launched Akrites, a coordinated effort to defend critical open source software against AI-enabled cyber threats.
Frontier AI can find software vulnerabilities in minutes. Akrites introduces a shared SIRT and a standardized, confidential disclosure process to remediate vulnerabilities upstream before they are exploited.
Read the open letter and learn why top organizations are joining together in this critical effort
https://t.co/sgyZ7Gajec
Supply Chain security is changing fast, and frontier models are accelerating that change in a way most teams aren't prepared for yet.
Chainguard just dropped the event lineup for their first-ever "Innovation Week: AI Readiness" and some caught my eye:
TODAY! Tuesday June 23: Founder/CEO @lorenc_dan is hosting a live AMA on how to defend your open source against frontier AI model attacks. Open Q&A on frontier models, Athena, and the future of open source.
Thursday June 25: Chainguard, @cursor_ai, and KKR are hosting 'AI Tech Talks' to discuss what engineering and security teams need to do now to stay ahead of security risk and build safely with AI
These are important conversations to be having right now. Looking forward to checking these out 👀
Thanks to my friends at @chainguard_dev for sharing this with me.
https://t.co/DBIWJ9ujZ6
Chainguard 🤝 @wiz_io
Customers can now use Wiz to scan Chainguard Libraries for Python and Java. That means:
✨ Less CVE noise
✨ Malware gets blocked before it reaches your environment
✨ Verifiable proof your pinned dependencies are safe
Learn more: https://t.co/S0asRQ4Dc9
Sat down with @lorenc_dan , CEO and co-founder of @chainguard_dev, and this one got real.
We got into Fable 5 getting banned by the US government and what that actually means for people building with it. He broke down the agent they just shipped, why they built it the way they did, and what's been eating up the team's time lately.
I asked him the obvious one. What happens if Google or Microsoft wake up one day and just build the same thing?
His answer was way calmer than I expected, and it tells you a lot about how they think about their moat.
If you care about where AI agents and supply chain security are headed, give this a watch.
@chainguard_dev #ai #chainguard #security
Chainguard Libraries for JavaScript is now GA. All three of Chainguard's library ecosystems — JavaScript, Java, and Python — are now generally available.
Everyone's shipping agent skills. Almost no one’s securing them⛓️
@psmyth01 explored what's out there: skills stealing credentials, exfiltrating data, and more. And you don't even need a bad actor to be the author. So, we built Chainguard Agent Skills: https://t.co/btOSMF9L08
Join us for our ‘What engineering leaders must get right before scaling AI development’ session tomorrow at 2 PM ET with @iamrita98 from Cursor to see how Chainguard and Cursor help teams move at AI speed - without compromising security. https://t.co/hbUpKmckx3
Chainguard is now on the @cursor_ai Marketplace 🔒
Our new Cursor plugin connects directly to Chainguard Repository, making Chainguard Containers and Chainguard Libraries the secure-by-default choice inside your existing workflow.
Chainguard Containers got several new capabilities and upgrades. From RHEL RPM support to flattened CycloneDX SBOMs to Dependabot compatibility with private https://t.co/aKZauWOZ5s registries, there's a lot to dig into.