Expanding Athena
Three weeks ago, we launched Athena, an industry coalition for the orchestrated defense of open source software. While a lot has been said in this space over the last few weeks, the team has had our heads down building.
Today, we're sharing what's working, what's shipped, new members, and what's on our roadmap. Frontier models are still finding novel, chained zero-days in open source faster than any single team can respond, the gap between discovery and exploitation is still measured in hours, and no one company is going to solve this problem alone. Athena is the coordinated answer.
Three weeks in
To date, Athena has processed more than 40,000 vulnerabilities, doubling our intake since launching three weeks ago.
Of vulnerabilities submitted so far, 42% are critical- or high-severity. While significant, the number understates the real exposure, as frontier AI models can chain low- and medium-severity bugs into more serious attacks that no single CVSS score captures.
86% are network reachable, meaning they can be accessed and triggered by attackers at the network level.
About 7% sit in packages more than five years old. These are latent flaws in mature, widely trusted dependencies that survived extensive expert review without detection. These aren't fresh mistakes. These models are finding latent bugs in mature, widely trusted dependencies. They've been quietly exploitable for years despite a great deal of expert security review.
The shape of the thing
When you look at the end-to-end flow of how Athena works, the value of the coalition becomes clear: Athena provides a place for organizations to find → fix → shield → surface → disclose vulnerabilities that frontier AI models are discovering. Findings come in from across the coalition. We build fixes under embargo. Partners stack non-patch protection around them. We surface exposures that would otherwise stay invisible. And then durable fixes get driven home to the upstream maintainers who can make them permanent.
To make that concrete, follow a single finding through it. Take a memory-corruption bug in a widely used parsing library, the kind of dependency that sits three levels down in software no one thinks about until it breaks. We'll come back to it at each stage.
Find → Fix
We've onboarded more submitting partners since launch. Every additional organization looking for vulnerabilities means more findings are pooled together and de-duplicated, leading to fewer unique flaws left for an attacker to discover first.

For our example bug, this is where it enters the pipeline. It gets submitted through the encrypted portal, deduplicated, enriched — we trace when it was introduced, and everywhere else the same pattern appears — and a hardened fix gets built under embargo, before any of it is public.

Shield → Surface: the cyber partner program
Fixes only help organizations that can apply them before an attacker strikes, and most teams can't move as fast as attackers do today. The cyber partner program closes this gap. They are the largest partner type in Athena and are responsible for two distinct mitigations.
Mitigation. Cyber partners receive a dedicated, direct feed of vulnerabilities as part of the disclosure process — more detail than the anonymized intelligence members get — and use it to build protection that lands even when a clean patch doesn't exist yet or can't be deployed in time.
All of our partners close a gap that others can't. The more of them the coalition covers, the less room an attacker has to operate before a flaw is ever public.
For our example bug: while the embargoed fix works its way toward upstream, cyber partners shield it at the network, traffic, and endpoint layers. Anyone who tries the exploit hits a wall before the flaw is ever public, with no action required from the people being protected.

Visibility. A large share of the vulnerabilities we handle will never get a CVE because they are in older libraries that are already fixed at head by the time they're discovered. Upstream is safe, but every downstream user still pinned to an older version of the vulnerable package is exposed, and there's nothing that tells them they're exposed. Nearly all scanning and vulnerability management tooling keys off CVE and NVD, so the fix exists, and the exposure is invisible at the same time.
Athena publishes OSV records for these so the silent fixes get a machine-readable identity. Cyber partners get a fast path to those records that skips the normal publish-and-ingest latency — the slow cycle of waiting for a database to pick up a record and rebuild — so they can surface the exposure to their customers right away. This is what makes that 11%-over-five-years-old number actionable: those are exactly the bugs that hide in the gap between "fixed upstream" and "anyone knows to upgrade."
For our example bug, let's assume it's a silent one (meaning it's fixed at head and doesn't have a CVE coming). We publish the OSV record, allowing partners to flag every customer still on a vulnerable version and issue protections for them.

How partners plug in. We've built Athena to be asymmetric. Partners tell us what they can prevent, and we route the right types of vulnerabilities to them to mitigate, reducing noise and triage while maximizing industry protection.
A partner submits a capability manifest: a Markdown document that describes the software they care about, the classes of vulnerability they can mitigate, and the lead time they need, with worked examples. We review every manifest by hand to ensure a human confirms the partner and their claimed scope before pre-disclosure details flow.
At publication time, each vulnerability runs through a routing filter that matches it against every manifest and decides who gets it, and when.
Partners acknowledge or decline each vulnerability we send. This feedback tunes future routing. While the manifest says what a partner can do, the ack/nack provides data on what they can actually act on.
Joining the coalition today: Akamai, Black Duck, Cycode, JFrog, Morgan Stanley, Qualys, Upwind, and Zafran, alongside the founding members.
Disclose home: Akrites
The hardest part of this entire process is getting the fix all the way home to the volunteer maintainers who can make it permanent. Many of these developers are unreachable, burned out, buried in low-quality scanner noise, or no longer associated with the project. Today, only about 6% of one major program's findings get upstreamed. Our honest estimate is that coordinated disclosure, done well and under real-time pressure, might reach half of the projects at best. The rest need a backstop.
That work belongs downstream of Athena, and it belongs somewhere neutral. So once a fix is built, shielded, and surfaced, Athena hands the finding off to Akrites for the last stage — the Linux Foundation's coordinated effort to remediate and disclose open source vulnerabilities upstream, launched in late June. Akrites operates a shared Security Incident Response Team and a single, standardized disclosure process. Maintainers get one trusted partner instead of a flood of overlapping reports. This ensures fixes flow back into each project's own home, on the maintainers' terms and not into private forks.
And for critical packages with no one left to receive a fix, Akrites stands as maintainer of last resort: stewarding the package, shipping a coordinated fix for the current version, and carrying disclosures until a real maintainer returns. That isn't our characterization of their role — it's a commitment Akrites makes in its own founding open letter, which names the maintainer-of-last-resort function directly.
We're not running Akrites, and that's the whole point of it being neutral — a fix the entire ecosystem is meant to inherit can't sit inside any one vendor. What we're doing is helping build it. Athena is a backer, contributing funding and engineering resources and working alongside the other participants to stand up the maintainer-of-last-resort function.
For our example bug, this is where it comes to rest: the embargoed fix — already shielded at the network and endpoint, already surfaced to everyone still on a vulnerable version — is handed to Akrites, disclosed upstream, and driven home for good.

What's next
Over the next month:
More fixes, at higher volume, as submitting partners ramp.
The first coordinated upstream wave. We’re working with Akrites on the process to get these fixes to maintainers and expect this to start in July.
The first real end-to-end run of the cyber partner program. We are collecting partner capability manifests, building the routing, and starting to share OSV records. We'll report back on what breaks as the first live wave of non-patch mitigations against real disclosures start to go live.
Get involved
There are two ways in.
If you're finding vulnerabilities through a frontier-model program or any other means, you can join Athena and submit them anonymously into the coalition to have them carried through the full lifecycle to a durable upstream fix.
If you build detections or mitigations, or carry fixes into real environments at scale, you can become a cyber partner and get on the feed.
Most of what Athena does, no one will ever see. The same libraries running inside the world's largest banks also run a rural water plant, or a regional hospital with one overworked IT person, or a school district that can't patch on an attacker's timeline. When a fix goes home, or a mitigation goes out ahead of a flaw, those are the people it quietly protects, most of whom will never know there was anything to protect them from. Every organization that joins widens the net and shortens the attacker's reach.
Learn more or reach out at chainguard.dev/athena.
Share this article
Articles connexes
- open source
The State of Trusted Open Source: June 2026
Sam Katzen, Director, Product Marketing, and Sasha Kelly, Product Analyst
- open source
The Maintainer of Last Resort
Dan Lorenc, Co-founder and CEO
- open source
Docker Hodgepodge Images
Chris Carty, Enterprise Sales Engineer
- open source
Open source died in March. It just doesn't know it yet.
Dan Lorenc, Co-founder and CEO
- open source
The State of Trusted Open Source: March 2026
Ed Sawma, VP of Product Marketing, and Sasha Itkis, Product Analyst
- open source
Be my base image: Introducing Linky’s Matchmaker
Erika Heidi, Staff Developer Experience Engineer