Linux Foundation gets funding boost from Big Tech

New funding from Big Tech aims to help exhausted open-source maintainers who have lately seen more bugs than a hot trash can, thanks to AI tools.

The Linux Foundation announced $12.5 million in new grant funding from major tech companies, including Google, Microsoft, Anthropic, and OpenAI, to strengthen software security in widely used open-source projects.

The foundation, according to its site, supports over 1,300 projects (including the containerized application manager Kubernetes and the operating system Linux itself), boasts 855,000 developers contributing code, and adds 89 million lines of code weekly.

The Big Tech funders, like many companies today, rely heavily on Linux and open-source code.

Google’s mobile operating system Android, for example, is open-source, Linux-based software, OpenAI uses Kubernetes for its large model infrastructure, and Amazon allows users to run their cloud environments in a Linux environment.

Through this investment, open-source security funder Alpha-Omega and the open-source security foundation OpenSSF will work directly with maintainers and their communities to enhance their security capabilities. “The effort will support sustainable strategies that help maintainers manage growing security demands while improving the overall resilience of the open source ecosystem,” the March 17 news announcement read.

About those “growing security demands…” With AI-supported coding comes a trove of new vulnerabilities.

“We have real bugs being sent to us now,” Linux Foundation fellow and Linux maintainer Greg Kroah-Hartman told IT Brew. “The number of AI-generated bugs that are reported to us and the security team is quite high overall.”

The core Linux team can handle the workload, according to Kroah-Hartman, but some of the most popular open-source projects, he said, may need assistance with triaging fixes and going through the time-heavy tasks of assigning common vulnerability and exposures (CVEs).

“We have a list somewhere [of] the top 500 most used open-source projects out there. They can use the help,” he said. “There are usually, like, one to five developers on those projects.”

Kroah-Hartman envisions the funding potentially supporting locally run, bug-fixing tools for open-source developers.

According to a 2026 “State of Vulnerabilities” report from vulnerability-management service Mondoo, there were 5,803 Linux kernel CVEs published in 2025—a 31% increase YOY and more than Windows and macOS combined. (Only 1 of the 5,803 vulnerabilities, however, were exploited “in the wild,” Mondoo noted.)

“Working on open source, you do your best work ever possible because it’s all public," Kroah-Hartman said. “You can’t hide behind it, so you feel responsible for it.”

Many of the highest open-source risks come from organizations’ not knowing what they’re running or how those components behave once deployed, according to Eli Woodward, senior cyber threat intelligence advisor at threat-intel company Team Cymru. Investments that improve threat detection, software supply-chain transparency, and maintainer support are impactful ones.

“This level of funding is a strong signal that open-source security is now being treated as critical infrastructure, not just a community responsibility,” Woodward wrote to us in an email. “The biggest challenge isn’t just fixing individual vulnerabilities, but addressing systemic gaps like maintainer capacity, dependency visibility, and the lack of continuous monitoring across widely reused components.”