AI + ML Linux Foundation kicks off effort to shield FOSS maintainers from AI slop bug reports Big Tech donates $12.5 million to get things rolling Simon Sharwood Wed 18 Mar 2026 // 04:05 UTC Half a dozen Big Tech players have together delivered $12.5 million in grants towards a project that aims to help maintainers of open source projects to cope with AI slop bug reports. “As the security landscape grows more complex, advances in AI are dramatically increasing the speed and scale of vulnerability discovery in open source software,” explains a Linux Foundation announcement about the initiative. “Maintainers are now facing an unprecedented influx of security findings, many of which are generated by automated systems, without the resources or tooling needed to triage and remediate them effectively.” Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI have decided they want to help, by collectively chipping in $12.5 million to the project. Alpha-Omega, the Linux Foundation project that works to improve the security of open source supply chains, will run the new effort alongside the Open Source Security Foundation (OpenSSF). We’re told the two organizations “work directly with maintainers and their communities to make emerging security capabilities accessible, practical, and aligned with existing project workflows.” Further: “The effort will support sustainable strategies that help maintainers manage growing security demands while improving the overall resilience of the open source ecosystem.” The Linux Foundation’s announcement includes a canned quote from Greg Kroah-Hartman of the Linux kernel project, which opens “Grant funding alone is not going to help solve the problem that AI tools are causing today on open source security teams.” Fear not, gentle reader, GKH didn’t dump on this idea. The quote continues: “OpenSSF has the active resources needed to support numerous projects that will help these overworked maintainers with the triage and processing of the increased AI-generated security reports they are currently receiving.” There’s no word on exactly what this project will do, or when it will happen. LibreOffice Online dragged out of the attic, dusted off for another go Open source registries don't have enough money to implement basic security Linux Foundation aims to become the Switzerland of AI agents Whatever legitimate places AI has, inside an OS ain't one The problem of AI-generated bug reports overwhelming FOSS maintainers is not new. The Python Software Foundation complained about it in late 2024. More recently, the maintainer of popular open-source data transfer tool cURL ended the project’s bug bounty program due to difficulties caused by a flood of AI-generated contributions. Even Microsoft’s GitHub has pondered doing something about a torrent of low quality, AI-generated contributions to FOSS projects. ® Share More about AI Bug Bounty FOSS More like these × More about AI Bug Bounty FOSS Linux Foundation Software bug Narrower topics AIOps DeepSeek FOSDEM Gemini Google AI GPT-3 GPT-4 GraphQL Large Language Model Machine Learning MCubed Neural Networks NLP One Way Forward Retrieval Augmented Generation Star Wars Tensor Processing Unit TOPS Xen Broader topics Developer Linux Open Source Richard Stallman Security Self-driving Car Software More about Share POST A COMMENT More about AI Bug Bounty FOSS More like these × More about AI Bug Bounty FOSS Linux Foundation Software bug Narrower topics AIOps DeepSeek FOSDEM Gemini Google AI GPT-3 GPT-4 GraphQL Large Language Model Machine Learning MCubed Neural Networks NLP One Way Forward Retrieval Augmented Generation Star Wars Tensor Processing Unit TOPS Xen Broader topics Developer Linux Open Source Richard Stallman Security Self-driving Car Software TIP US OFF Send us news