Anthropic’s Python investment: Why it matters

Here’s what the $1.5M investment in the Python Software Foundation will mean for AI security and open-source management.

Jaikumar Vijayan, Freelance technology journalist

Anthropic’s $1.5 million investment in Python open-source security is the kind of financial support that the stewards of major repositories have been calling for from the ecosystem’s largest users.

How much of a difference the investment will make, though — and whether it will prompt other open-source users with deep pockets to emulate the generosity — remains up in the air. Also unsettled is the question of whether such contributions are really the best way forward for open-source projects.

The Python Software Foundation earlier this month announced that it had entered into a two-year partnership with Anthropic, which will contribute $1.5 million to support the foundation. As the PSF noted:

“This investment will enable the PSF to make crucial security advances to CPython and the Python Package Index (PyPI) benefiting all users, and it will also sustain the foundation’s core work supporting the Python language, ecosystem, and global community.”

Here’s what you need to know about Anthropic’s investment in the PSF — and what it means for AI security and the broader security of open-source repositories.

Join research team webinar: When Trusted Tools Turn Hostile

What will Anthropic’s PSF investment pay for?

The money that Anthropic has committed to PSF will go toward bolstering Python security on a variety of fronts, including automated systems that examine packages for security as they’re uploaded to PyPI.

The foundation will leverage the automated examinations to build a database of known malware samples and then use that data to create detection tools that identify threats based on code behavior rather than relying solely on known signatures and patterns.

One of the advantages of this project is that we expect the outputs we develop to be transferable to all open source package repositories. As a result, this work has the potential to ultimately improve security across multiple open source ecosystems, starting with the Python ecosystem.
PSF statement

Why Anthropic has skin in the AI/ML security game

Anthropic’s contribution to the PSF is noteworthy, even if not entirely altruistic. As the creator of Claude and other generative AI technologies, Anthropic has a lot riding on the security of Python, the de facto programming language for artificial intelligence (AI) and machine learning (ML) development. Nearly all major AI frameworks — including TensorFlow, PyTorch, and scikit-learn — are built primarily on Python and its extensive scientific computing libraries.

Anthropic’s investment provides much-needed financial support to prioritize security enhancements, said Venky Raju, field CTO at ColorTokens. The PSF already has many other corporate sponsors, including Google, Bloomberg, Meta, Microsoft, AWS, and MongoDB, but none have matched the scale of the Anthropic investment.

Some of these companies, like Meta, have made monetary contributions to the PSF — of up to six figures — while others, like Microsoft and Google, have hired core Python developers to help them continue their open-source contributions, Raju pointed out.

The list of PSF sponsors is not very long, and Anthropic’s investment will hopefully spur new and existing sponsors to make more monetary contributions.
Venky Raju

Why funding open-source infrastructure matters

Anthropic’s investment aligns with recent pressure from open-source security advocates who have explicitly asked tech companies and other major users of the ecosystem to financially support the projects their businesses rely on.

Last September, the stewards of multiple repositories warned about the continued sustainability of major, volunteer-driven open-source projects without such support. In an open letter, the maintainers of Alpha-Omega, the Eclipse Foundation, the OpenJS Foundation, the Open Source Security Foundation, Packagist, the Python Software Foundation, the Rust Foundation, and Sonatype described the current situation as untenable.

The illusion of open-source software as being “free and infinite” had encouraged wasteful usage of limited resources, the open letter noted. Far from being a shared resource and shared responsibility, the open-source environment continues to rely on volunteers and a small group of donors and “silent benefactors,” the letter lamented, noting that many critical infrastructure projects that underpin commercial software worth billions of dollars currently operate with volunteer labor and limited funding.

Few projects have the resources to review code contributions thoroughly, respond quickly to vulnerability reports, or invest in proactive security measures such as the automated package scanning PyPI now plans to implement. When critical flaws emerge in widely used packages, remediation often depends on volunteer maintainers juggling the extra work alongside day jobs, creating dangerous delays that attackers can exploit.

John Bambenek, president at Bambenek Consulting, said attackers are getting better at exploiting the imbalance that arises when much of the world’s important applications run on open-source software maintained by volunteers. He noted that contributions like Anthropic’s are made every now and then, but one-time grants don’t make sustainable security programs. Until funding is consistent and recurring, there is only so much movement that can happen before everything resets, he said.

Billion- and trillion-dollar companies depending on software made by volunteers who aren’t getting paid is just one of the market perversions in technology that has no good solutions.
John Bambenek

What is the price of corporate investment in open source?

The open-source community is dependent on investments like those from Anthropic, said Jason Soroko, senior fellow at Sectigo, but that dependence raises concerns about how the ecosystem can maintain its core principles of independence, collaboration, and transparency.

While these investments strengthen the technical ecosystem by professionalizing critical maintenance, they inevitably deepen the ecosystem’s reliance on corporate benevolence.
Jason Soroko

The shift could dilute the collaborative, egalitarian spirit of open source and potentially steer project road maps toward the priorities of corporate sponsors with deep pockets rather than the diverse needs of the community, he cautioned. “Consequently, while the security of the ecosystem is fortified, its sovereignty becomes increasingly fragile,” Soroko said. New — likely multi-stakeholder — governance structures will become necessary to ensure that freedom from corporate influence isn’t jeopardized, Soroko said.

This will be especially true for open-source projects that might have only one or two large donors, said Raju from ColorTokens. In these situations, only a diverse board of sponsors can provide balanced governance, he said, pointing to the Linux Foundation and the PSF as examples.

On the other hand, the Java platform exemplifies how excessive corporate control and profit-driven decisions stifled innovation and community spirit and led to alternatives like the Android Runtime instead of the Java Platform for mobile applications and Kotlin replacing Java over time.
Venky Raju

Why foundations are essential for open-source management

Raju said it can be difficult for many open-source projects to obtain a large investment such as Anthropic’s since most of their developers and maintainers have day jobs and are seldom equipped to petition for and manage large investments. “Fortunately, there are several avenues to gain a formal structure to do so,” he said.

For example, the core developers of a programming language-specific project could approach an existing foundation such as the PSF for Python, the Rust Foundation, the PHP Foundation, or the Eclipse Foundation for Java-based projects. Other open-source projects may find a suitable home in any of the numerous subsidiaries of the Linux Foundation, such as the OpenJS Foundation and the Cloud Native Computing Foundation (CNCF), Raju said.

But given the state of open-source infrastructure management — and a number of high-profile attacks that leveraged weaknesses — something clearly must be done to give these projects better financial support.

ReversingLabs co-founder and Chief Software Architect Tomislav Peričin wrote recently of the Shai-hulud attack on the open-source npm repository:

"[Defenders] must simplify their processes with a focus on supply chain integrity. In the process, they should adopt tools to detect malicious behaviors and dependencies, regardless of needed efforts to minimize maintainer account-takeovers. These software supply chain security measures won’t end attacks for good, but they will raise the bar and block many noisy, disruptive campaigns — for the benefit of everyone."
Tomislav Peričin

Keep learning

Read the 2025 Gartner® Market Guide to Software Supply Chain Security. Plus: See RL's webinar for expert insights.
Get the report: Go Beyond the SBOM. Plus: See the CycloneDX xBOM webinar.
Go big-picture on the software risk landscape with RL's 2025 Software Supply Chain Security Report. Plus: See our webinar for discussion about the findings.
Get up to speed on securing AI/ML with our report: AI Is the Supply Chain. Plus: See RL's research on nullifAI and watch how RL discovered the novel threat.
Learn how commercial software risk is under-addressed: Download the white paper — and see the related webinar for more insights.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:Dev & DevSecOps