Google has announced a new investment in open-source projects to improve the "stability and security of the open source community." The Mountain View company called open source the "backbone of the modern web," which makes it important to keep it secure, especially in the era of "AI-driven threats."
Billions of people rely on an Internet built on open source software — which is software anyone can use — but that reliance only works if the software beneath it is secure.
Today, as a founding member of the Linux Foundation"s Alpha-Omega Project, we’re pledging $12.5 million collectively with Amazon, Anthropic, Microsoft/GitHub and OpenAI to further invest in the stability and security of the open source community.The funding, managed by Alpha-Omega and OpenSSF, will help maintainers stay ahead of a new generation of AI-driven threats, move security beyond vulnerability discovery to actually deploying fixes, and put advanced security tools directly into maintainers’ hands, to turn a flood of AI-generated findings into fast action.
Speaking of "AI-generated findings," Google"s AI agent Big Sleep, back in July 2025, literally caught an active zero-day in SQLite before Black Hat hackers could weaponize it. Then, several months later, the company quietly pushed "CodeMender," an AI agent that does not just flag bugs, but autonomously rewrites the code to patch them. Google says that tools like Big Sleep and CodeMender "show the transformational potential of AI to secure the wider open source ecosystem."
This funding arrives as open-source maintainers on projects like Python and React are suffering from alert fatigue, getting hammered by thousands of automated bug reports generated by AI. It is no wonder projects like cURL, in an effort to take away any financial incentive for bad actors to submit AI-generated junk reports after maintainers were drowning in them, shut down their bug bounty programs.