Depthfirst Launches Initiative to Address Critical Vulnerabilities in Open Source Software

Severity: High (Score: 69.0)

Sources: Morningstar, cts.businesswire.com, Kucoin

Summary

On May 12, 2026, Depthfirst announced the Open Defense Initiative, committing up to $5 million in credits to assist open source projects in identifying and fixing vulnerabilities. The initiative aims to address critical security flaws discovered by Depthfirst's AI model, which reportedly identifies vulnerabilities at a cost 10 times lower than competitors like Anthropic's Mythos. Notable vulnerabilities include a long-standing flaw in NGINX and critical issues in Linux and FFmpeg. Depthfirst's CEO, Qasim Mithani, emphasized the urgency for open source maintainers to enhance their security capabilities as AI-driven vulnerability discovery becomes more accessible. The initiative will prioritize widely used infrastructure software, ensuring that maintainers can proactively address vulnerabilities before they are exploited. Key Points: • Depthfirst commits $5 million in credits to support open source vulnerability remediation. • Critical vulnerabilities identified include long-standing flaws in NGINX and Linux systems. • Depthfirst's AI model discovers vulnerabilities at a cost significantly lower than competitors.

Key Entities

• Zero-day Exploit (attack_type)
• Open Defense Initiative (campaign)
• CWE-120 - Classic Buffer Overflow (cwe)
• businesswire.com (domain)
• Apache HTTP (platform)
• Kata Containers (platform)
• Libarchive (platform)
• Libpng (platform)
• Linux (platform)
• Chrome (tool)
• Curl (tool)
• Ffmpeg (tool)
• Google Chrome (tool)
• Nginx (tool)
• Envoy (company)