Google Leads $12.5M Push to Secure Open Source Against AI Threats

Google has announced a new $12.5 million funding initiative to strengthen the security of open-source software, teaming up with Amazon, Anthropic, Microsoft through GitHub, and OpenAI.

The investment comes as AI-driven threats grow more sophisticated, pushing companies to protect what Google calls the “backbone of the modern web.” The funding aims to accelerate real-world fixes, not just detect vulnerabilities.

Funding targets faster fixes and stronger defenses

The funding will support the Alpha-Omega Project under the Linux Foundation, in collaboration with the Open Source Security Foundation (OpenSSF). The initiative focuses on helping maintainers respond quickly to emerging threats.

Instead of only identifying issues, the program prioritizes faster patch deployment and long-term resilience. Maintainers will gain access to advanced security tools designed to handle AI-generated vulnerability reports, which are increasing in both volume and complexity.

AI tools take center stage in security efforts

Google highlighted its growing use of AI in security, showcasing internal tools that already deliver results. One example is Big Sleep, an AI agent that identified a zero-day vulnerability in SQLite before attackers could exploit it.

The company also introduced CodeMender, an AI-powered system capable of automatically rewriting code to fix bugs. These tools demonstrate how AI can move beyond detection and actively secure software ecosystems.

Google argues that combining funding with AI-driven tooling creates a more scalable defense model for open-source projects, which often lack dedicated security resources.

Broader security landscape remains active

The announcement arrives alongside other notable developments in the security space. Google recently faced scrutiny for continuing to promote a malicious browser extension despite prior warnings.

Meanwhile, Microsoft has updated its security recommendations for Defender for Endpoint and released an emergency update for Windows 11 LTSC to address critical issues.

Together, these developments highlight how major tech companies are increasing their focus on security as threats evolve, particularly with AI accelerating both attacks and defenses.

A long-term investment in open-source resilience

With this $12.5 million commitment, Google and its partners are signaling a broader shift toward proactive security in open-source ecosystems.

As AI continues to reshape cybersecurity, initiatives like Alpha-Omega aim to ensure that the foundational software powering the internet remains secure, resilient, and ready to handle the next wave of threats.

In other security news, Google continued promoting a malicious extension despite Microsoft’s warnings. Meanwhile, Microsoft rolled out new Defender for Endpoint recommendations and released the KB5084597 emergency update for Windows 11 LTSC.

Via Neowin