Chainguard, BNY Team Up to Secure Open Source from AI Threats - Infosecurity Magazine

Infosecurity Magazine Home » News » Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats

Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats

News<br>16 June 2026

Written by

Kevin Poireault<br>Reporter, Infosecurity Magazine<br>Follow @Kpoireault<br>Connect on LinkedIn

Open-source security firm Chainguard has brought together dozens of partners in a new industry coalition to protect open-source software from AI attacks.

The initiative, called Athena, was announced by Chainguard on June 16. Its founding members include BNY, Chainguard, Cisco, Cloudflare, Corridor, DepthFirst, Docker, JPMorganChase, Kyndryl, LTIMindtree and PwC.

Based on preliminary work at Chainguard, Athena provides a vulnerability intelligence sharing platform and tools to fix the vulnerabilities frontier AI models, like Anthropic&rsquo;s Mythos and OpenAI&rsquo;s GPT-5.5.-Cyber, find before attackers can exploit them.

Here&rsquo;s how Athena works, according to Chainguard&rsquo;s CEO Dan Lorenc:

Coalition members pool vulnerabilities affecting open-source projects they have discovered and packages into the Athena platform using frontier AI programs they have access to, including Anthropic's Project Glasswing and OpenAI's Daybreak

Chainguard patches them privately and affected projects are rebuilt as private, hardened versions, available to members through Chainguard Libraries before disclosure

Coalition members that operate infrastructure, platform, network and security layers push non-patch mitigations ahead of disclosure so that coverage exists even where a clean patch does not yet

Cybersecurity partners add their own detections, signatures and virtual patching

The Athena coalition drives coordinated upstream disclosure

Additionally, Chainguard hopes to work with the Linux Foundation on a coordinated Security Incident Response Team (SIRT) for open source and a maintainer of last resort program.

Announcing the project on LinkedIn, Lorenc said Athena allows for every vulnerability one member discovers to get remediated and pushed upstream, &ldquo;becoming a fix the entire ecosystem inherits, often before disclosure.&rdquo;

&ldquo;And for the parts of the world that can't patch on an attacker's timeline, partners who sit in front of much of the internet push mitigations out ahead of disclosure, blocking the issue for people who never knew there was anything to block,&rdquo; he added.

Chainguard also highlighted that the Athena model acts as &ldquo;an AI cybersecurity clearinghouse&rdquo; like the one the US government has been asked to build following the Trump Administration's latest Executive Order, Promoting Advanced Artifical Intelligence Innovation and Security, published on June 2.

&ldquo;It&rsquo;s even more relevant since the US government declared Mythos too dangerous for public access on Friday,&rdquo; the open-source security company added.

Athena is operational and has already processed over 20,000 findings and shipped more than 2000 patches across 500 open-source projects.

The initiative will begin publishing its first wave of disclosures in July and continues to welcome new partners.

&ldquo;Will it be perfect? No, and no one should pretend otherwise,&rdquo; said Lorenc. &ldquo;But fragmentation is worse, standing still isn't survivable, and the more of the industry that's in, the less any attacker has left to find. Join us.&rdquo;

You may also like

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark<br>News4 June 2026

Researchers Discover Major Security Gaps in LLM Guardrails<br>News11 March 2026

Critical Zero-Click Flaw in n8n Allows Full Server Compromise<br>News12 March 2026

DeepSeek Exposed Database Leaks Sensitive Data<br>News30 January 2025

Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws<br>News3 June 2026

What’s Hot on Infosecurity Magazine?

Read<br>Shared<br>Watched<br>Editor's Choice

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors<br>News15 June 2026

Cybersecurity Experts Urge US to Lift Ban on Anthropic's Frontier AI Models<br>News15 June 2026

UK Government Finds 400+ Vulnerabilities in AI Hackathons<br>News15 June 2026

Over 80% of Sports Organizations Targeted by Hackers in the Last Year<br>News12 June 2026

CISA Orders Agencies to Patch by Risk, Not Severity<br>News11 June 2026

Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims<br>News11 June 2026

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark<br>News4 June 2026

North Korean Hackers Use Fake Coding Tasks to Steal Crypto<br>News8 June 2026

Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-Attack<br>News9 June 2026

75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds<br>News9 June 2026

WhatsApp Discovers NSO...