Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions TI-reports/2026/2026-Q2-Alpha-Omega.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# 2026 Q2 Alpha-Omega

## Overview

Alpha-Omega is running strong, with an increased emphasis on helping open source projects and ecosystems defend themselves against
AI-related threats. In addition to $12.5 million in AI-related funding announced in March and renewed funding from Google and AWS earlier in 2026, we recently received $2.5 million in renewed membership from Microsoft. We brought on additional help (Kevin King, Francis Perron, Andrew Nesbitt, Mirko Swilus) to increase speed of execution.

### Securing Open Source Against AI Threats

We've funded thirteen 6-month contract roles for AI security engineers in residence at major foundations/ecosystems, some of which have blogs listed [here](https://alpha-omega.dev/resources/blog/). In addition, we [committed](https://alpha-omega.dev/blog/the-apache-software-foundation-launches-10m-responsible-ai-initiative-with-initial-1-75m-donation/) $250k to Apache's Responsible AI initiative. These roles are working closely with the existing Security Engineers in Residence that we've funded to drive security initiatives within each organization.

As part of Glasswing, we worked closely with Anthropic and key open source projects to make advanced AI scanning available to highly trusted individuals within those ecosystems. With the first phase completed in May, Mirko is working with stakeholders on how to safely expand access and align access through the Linux Foundation.

* [Frontier AI and the next phase of software vulnerability defence](https://blogs.eclipse.org/post/mike-milinkovich/frontier-ai-and-next-phase-software-vulnerability-defence)

### Package Manager Sustainability

Alpha-Omega continues to partner with open source registries to help them investigate and ultimately build sustainable business models
We have two updates:

* Alpha-Omega signed the recently signed the [Open Infrastructure Is Not Free, Part II: The Hidden Cost of Running Package Registries](https://openssf.org/blog/2026/05/06/open-infrastructure-is-not-free-part-ii-the-hidden-cost-of-running-package-registries/) joint letter on sustainability.
* The Eclipse Foundation recently announced availability of the [Managed Open VSX Registry](https://managed.open-vsx.org/) service.
* Paul Brown has started working more directly with a few package registries to help them accelerate progress in this area.

### Media Roundup

We continue to publish blogs multiple times as week (usually written by our grant recipients), available at [alpha-omega.dev/resources/blog/](https://alpha-omega.dev/resources/blog/) and started publishing case studies, available at [alpha-omega.dev/case-studies/](https://alpha-omega.dev/case-studies/).

Andrew Nesbitt continues to [blog regularly](https://nesbitt.io/posts/) on topics we care deeply about.

We've also appeared in multiple articles around Glasswing due to our work in applying advanced AI models to detect vulnerabilities in critical open source projects.

### Up Next

Alpha-Omega continues to have regular meetings, both public and with key partners:

* **Public Meeting**: Our next public meeting is next week (July 1st). All are welcome to attend.
* **Sustaining Package Registries Working Group**: Meets weekly.
* **Open Source Corps of Security Engineers**: Meets bi-weekly.

We continue to speak (and support our grant recipients speaking) at major conferences around the world.

### Questions/Issues for the TAC

None at this time.