Chainguard, BNY Team Up to Secure Open Source from AI Threats
Chainguard, BNY Team Up to Secure Open Source from AI Threats
https://www.infosecurity-magazine.com/news/chainguard-bny-open-source-athena/
Publish Date: 2026-06-16 07:00:00
Source Domain: www.infosecurity-magazine.com
Open-source security firm Chainguard has brought together dozens of partners in a new industry coalition to protect open-source software from AI attacks.
The initiative, called Athena, was announced by Chainguard on June 16. Its founding members include BNY, Chainguard, Cisco, Cloudflare, Corridor, DepthFirst, Docker, JPMorganChase, Kyndryl, LTIMindtree and PwC.
Based on preliminary work at Chainguard, Athena provides a vulnerability intelligence sharing platform and tools to fix the vulnerabilities frontier AI models, like Anthropic’s Mythos and OpenAI’s GPT-5.5.-Cyber, find before attackers can exploit them.
Here’s how Athena works, according to Chainguard’s CEO Dan Lorenc:
- Coalition members pool vulnerabilities affecting open-source projects they have discovered and packages into the Athena platform using frontier AI programs they have access to, including Anthropic’s Project Glasswing and OpenAI’s Daybreak
- Chainguard patches them privately and affected projects are rebuilt as private, hardened versions, available to members through Chainguard Libraries before disclosure
- Coalition members that operate infrastructure, platform, network and security layers push non-patch mitigations ahead of disclosure so that coverage exists even where a clean patch does not yet
- Cybersecurity partners add their own detections, signatures and virtual patching
- The Athena coalition drives coordinated upstream disclosure
Additionally, Chainguard hopes to work with the Linux Foundation on a coordinated Security Incident Response Team (SIRT) for open source and a maintainer of last resort program.
Announcing the project on LinkedIn, Lorenc said Athena allows for every vulnerability one member discovers to get remediated and pushed upstream, “becoming a fix the entire ecosystem inherits, often before disclosure.”
“And for the parts of the world that can’t patch on an attacker’s timeline, partners who sit in front of much of the internet push mitigations…
