Depthfirst Unveils $5M Initiative to Address Critical Vulnerabilities in Open Source Software

Severity: High (Score: 67.5)

Sources: Morningstar, cts.businesswire.com, Kucoin

Summary

On May 12, 2026, AI cybersecurity firm Depthfirst announced the launch of the Open Defense Initiative, committing up to $5 million in credits to assist open source projects in identifying and fixing vulnerabilities. The initiative aims to address critical security flaws that have been overlooked by existing AI models, particularly in widely used software like NGINX and Linux. Depthfirst's AI model reportedly discovers vulnerabilities at a cost of $1,000, significantly lower than the $10,000 cost associated with Anthropic's Mythos model. The vulnerabilities identified include a long-standing flaw in NGINX and critical issues in Linux that could allow remote code execution. Depthfirst is also collaborating with maintainers of key open source projects such as FFmpeg and Envoy. The announcement highlights the urgent need for enhanced security measures in open source software, which is often maintained by small teams with limited resources. As AI continues to evolve, the cybersecurity landscape is shifting towards simultaneous AI-driven offense and defense strategies. Key Points: • Depthfirst launched the Open Defense Initiative with $5 million in credits for open source projects. • The company's AI model identifies vulnerabilities at one-tenth the cost of Anthropic's Mythos. • Critical vulnerabilities found include long-standing flaws in NGINX and Linux, with potential for remote code execution.

Key Entities

• Zero-day Exploit (attack_type)
• Open Defense Initiative (campaign)
• CWE-120 - Classic Buffer Overflow (cwe)
• businesswire.com (domain)
• Apache HTTP (platform)
• Kata Containers (platform)
• Libarchive (platform)
• Libpng (platform)
• Linux (platform)
• Chrome (tool)
• Curl (tool)
• Ffmpeg (tool)
• Google Chrome (tool)
• Nginx (tool)
• Envoy (company)