• Securing the AI software supply chain: Security results across 67 open source projects Learn how The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience. • Modern software is built on open source projects. • In fact, you can trace almost any production system today, including AI, mobile, cloud, and embedded workloads, back to open source components. • These components are the invisible infrastructure of software: the download that always works, the library you never question, the build step you haven’t thought about in years, if ever. • A few examples: - curl moves data for billions of systems, from package managers to CI pipelines. • - Python, pandas, and SciPy sit underneath everything from LLM research to ETL workflows and model evaluation.

Article Summaries:

  • GitHub’s Secure Open Source Fund has completed its third session, delivering measurable security improvements to 67 critical AI‑stack projects. The program, funded through GitHub Sponsors, provided $670,000 in non‑dilutive grants to 98 maintainers across 38 countries. All participating projects enabled core GitHub security features, and the initiative has already produced 138 security‑related outcomes across 138 projects in total. By linking funding directly to verified results, the fund aims to reduce systemic risk in the software supply chain, giving developers confidence that foundational open‑source components-used in AI, CI/CD, and runtime environments-are hardened and trustworthy.

Sources: