Overview
- Akrites was announced publicly on June 26, 2026, with founding commitments from major tech, AI, finance and security groups including AWS, Google, Microsoft, OpenAI, NVIDIA, IBM, JPMorganChase and Red Hat.
- The initiative creates a single Security Incident Response Team (SIRT) and one Coordinated Vulnerability Disclosure (CVD) workflow so members can share reports, manage remediation and coordinate public advisories while keeping reports confidential.
- Akrites says it will return fixes to upstream maintainers on their terms and will act as maintainer of last resort for critically important packages that lack active maintainers so patches reach users.
- Founders have pledged engineering talent, security expertise and seed funding from the Alpha-Omega Linux Foundation fund, and the group says it will measure success by real-world patch deployment rather than by publication of vulnerabilities.
- Next steps for Akrites include staffing the shared SIRT, building tooling to track and speed patch rollout, and coordinating with infrastructure operators, civil society and governments to ensure fixes reach systems before exploitation.