SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Secure digital fortress open source code ai scanning cloud
#
SIEM
#
Hyperscale
#
Application Security

GitHub backs Alpha-Omega with fresh open source funds

Wed, 18th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

GitHub has joined Anthropic, Amazon Web Services, Google, Microsoft and OpenAI in a USD $12.5 million funding commitment to the Linux Foundation's Alpha-Omega initiative. Major software suppliers are putting fresh money into programmes that address security risks in widely used open source projects.

Alpha-Omega, which operates within the Linux Foundation, focuses on improving the security of critical open source components. The new commitment connects backers with maintainers and emphasises bringing emerging AI-driven security approaches into day-to-day project workflows.

Alongside the industry pledge, GitHub outlined expanded investments for open source maintainers. These include additional funding and cloud credits through its Secure Open Source Fund, as well as planned updates to its security advisory and vulnerability reporting features.

Alpha-Omega funding

The Linux Foundation created Alpha-Omega to co-ordinate investment in open source security and prioritise work on projects that underpin modern software stacks. The initiative has supported efforts such as security audits and process improvements as the sector responds to a steady stream of high-profile vulnerabilities in common libraries.

GitHub positioned the new commitment as a way to broaden access to AI-related security practices within existing maintainer workflows, while advancing open source security programmes across the ecosystem. With the participating companies running some of the largest software development platforms and cloud services, open source supply chain security is a shared commercial and operational concern.

Maintainer investments

GitHub's Secure Open Source Fund will add USD $5.5 million in Azure credits and funding. The package includes support for training and expertise, along with a community component, and adds new partners including Datadog, Open WebUI, Atlantic Council and OWASP.

GitHub Security Lab is also investing in the security advisory experience on GitHub and in Private Vulnerability Reporting. GitHub tied the work to the growing volume of security submissions maintainers receive and the challenge of handling low-quality reports.

These moves add to existing platform access programmes for maintainers. GitHub said more than 280,000 maintainers across hundreds of millions of public repositories are eligible for free access to core GitHub services, GitHub Copilot Pro, GitHub Actions and a set of security tools. These include code scanning and Autofix, secret scanning and push protection, and dependency alerts.

Security reporting load

Security reports into open source projects have increased in recent years, driven by wider use of automated scanning and the growth of bug bounty-style reporting. GitHub also pointed to a surge in automated pull requests and security reports with a low signal-to-noise ratio, linking the trend to maintainer burnout.

Private Vulnerability Reporting provides a structured channel for reporters to disclose issues directly to maintainers. Security advisories support documenting and distributing vulnerability information, including mitigations and patched versions. GitHub's planned changes aim to make both processes easier to manage at scale.

Fund outcomes

GitHub shared metrics from its Secure Open Source Fund to show the results it expects when funding and resources are tied to defined security outcomes. It said it has supported 138 projects, covering more than 200 maintainers across 38 countries.

GitHub also reported 191 new CVEs, the prevention of more than 250 new secrets from leaking, and the detection and resolution of more than 600 leaked secrets. It said the affected projects account for "billions of monthly downloads from alumni projects".

AI in security

GitHub argued that AI is increasing the speed and scale of vulnerability discovery for both defenders and attackers. It plans further investment in tools such as pull request controls and AI-assisted workflows for issue triage, pull request reviews, vulnerability identification and remediation.

Maintainers of "impactful open source projects" already have access to Copilot Pro, according to GitHub. It highlighted features including AI-assisted code review, "agentic security remediation workflows", and access to multiple models.

Christian Grobmeier, a Log4j maintainer, described the shift as an arms race:

"Our AI has to be better than the attacking AI," said Grobmeier.

GitHub said its work with Alpha-Omega and its maintainer programmes will continue, with further refinements based on community feedback and outcomes.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack