GoKawiilChainguard / ZDNET
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Chainguard and friends will use AI to protect open-source code from attackers.
Athena uses the resources of open-source users, developers, and maintainers.
Chainguard isn't the only one seeking to secure open-source code with AI.
As everyone in IT knows, or should know anyway, AI has opened up a new front in attacking open-source code security. Hacking used to require real skill. Now, anyone with a sufficiently advanced AI model can pry open programs and infect them with AI-custom-made malware. The software company Chainguard, which specializes in zero-CVE container images and security-hardened open-source code, is joining with others to beat the attackers to the punch with Athena.
As Chainguard puts it, "The gap between a vulnerability being discovered and being exploited has collapsed from years to hours, and a growing share of exploits are weaponized before the bug is ever publicly disclosed. Coordinated disclosure was built for a world in which finding a serious flaw took weeks, and the targets were few. That world is gone." Chainguard is right. It is.
Also: Treat your AI agents like eager but misguided human interns - before you lose control
Something had to be done. As the company's CEO and co-founder, Dan Lorenc, wrote on LinkedIn, we had a "choice between letting open-source security fragment into a dozen rival patch sets nobody can reconcile, or doing the hard, coordinated thing instead. I said it would only work if we built it together, and admitted I had no idea if we actually would. Here's the update: the industry showed up. It's called Athena, and it's live."
... continue reading