Frontier AI models such as Anthropic’s Mythos and ChatGPT-5.5-Cyber are creating a dangerous imbalance in the open-source supply chain by unearthing new vulnerabilities far faster than the ecosystem’s capacity to remediate them — giving rise to the so-called vulnpocalypse.

The AI labs opening that asymmetry should help close it by investing in remediation at equal scale, argues Jen Easterly, the former director of the U.S. Cybersecurity Infrastructure and Security Agency, who is calling on the United States and its allies to establish a $1 billion public-interest fund, anchored by contributions from frontier AI companies, to strengthen the security of open-source software (OSS).

Here are key insights into this idea from leaders in the areas of vulnerability management (VM) and OSS — and analysis of how it might play out.

[ See webinar: Stop Trusting Packages. Start Verifying Them. ]

Industrialized vulnerability discovery

“If their models can industrialize vulnerability discovery, they should help industrialize vulnerability remediation through serious capital, compute, tooling, and engineering support,” Easterly, now the CEO of RSAC, wrote of frontier AI labs in a recent post.

Easterly’s proposed “Great Refactor Fund” builds on a 2025 idea from AI policy researchers Herbie Bradley and Girish Sastry to use advanced AI systems to translate roughly 100 million lines of legacy open-source C and C++ code into memory-safe Rust by 2030. The goal is to eliminate entire categories of vulnerabilities, including buffer overflows, use-after-free flaws, and other memory-safety issues that have been a persistent source of software security risk for decades.

The AI industry has begun to respond at scale to the growing challenges tied to AI-powered vulnerability discovery and exploit development, Easterly noted. She pointed to initiatives such as Anthropic’s commitment of up to $100 million in AI usage credits as part of Project Glasswing and IBM and Red Hat’s $5 billion Project Lightwell as signs of the industry growing recognition of the problem.

However, the efforts, while welcome, do not match the scale of the challenge, Easterly argued. Critical open-source projects maintained by small teams with limited resources, and the many organizations that depend on them, including hospitals, schools, local governments, and smaller businesses, are unlikely to benefit directly from vendor-led security initiatives. 

“Open-source security cannot become only a premium enterprise service. The software commons is a public good … that requires security capabilities that are interoperable, transparent, and available beyond a single vendor ecosystem.”
—Jen Easterly

What the Great Refactor Fund would do

Easterly wants the $1 billion Great Refactor Fund to focus on work that commercial initiatives are unlikely to prioritize. This includes things such as dependency mapping, large-scale code testing, hardening of high-risk systems and support for the maintainers of critical open-source projects. She wants it all done by the end of 2028 — two years faster than Bradley and Sastry's proposed timeline.

“The goal should be simple, measurable, and urgent: map and test one billion lines of critical open-source code; harden the 250 million lines that pose the greatest systemic risk; and modernize, formally validate, or continuously secure at least 100 million lines across the highest-risk components before they become the next Heartbleed or Log4j.”
—Jen Easterly

Getting there will require three things, according to Easterly: a critical code atlas that comprehensively maps open-source dependencies; an AI-powered system for finding flaws and generating fixes in open-source software, either through rewriting code in safer languages, isolating risky components, or continuous automated testing; and direct funding for maintainers, security engineers, reviewers and other open-source project stewards. “Open-source maintainers cannot be treated as unpaid shock absorbers for global digital risk,” Easterly warned.

An all-new call to action for an all-new problem

Easterly’s call for open-source funding is different from previous appeals by stakeholders such as the  OpenSSF, which have largely focused on ecosystem sustainability, maintainer burnout, and the need for fairer funding models. Easterly instead has framed the issue as an emerging AI-driven security crisis that industry must address quickly to prevent systemic risk across critical software supply chains.

It’s an argument that resonates with Denis Calderone, principal and CTO at Suzu Labs.

“AI has fundamentally changed the speed of vulnerability discovery. Frontier models are finding flaws in critical open-source libraries at a pace that volunteer maintainers can’t absorb.”
—Denis Calderone

But he added that the response from the AI firms driving the change has been underwhelming. Anthropic, for instance, has committed $100 million in Mythos credits through Project Glasswing for vulnerability discovery but only $4 million for open-source remediation, Calderone pointed out. “If your model can find thousands of critical bugs and you're going to market on that capability, you have a responsibility to help fund the fix, not just the find,” he said.

He countered the argument that singling out AI labs for remediation funding sets a precedent where every technology provider becomes liable for how their tools are used by saying that the makers of frontier AI models have begun to acquire an extraordinary amount of power within the industry. 

“We’re in a similar position to how we already treat Microsoft, Google, and AWS, where so much of our economy runs through their infrastructure that we’re effectively dependent on them for protection. The frontier AI labs are heading in that same direction with respect to software security, and the obligation should scale with the influence.”
—Denis Calderone

Easterly’s call for industrialization is reasonable considering that organizations driving frontier AI have the most to lose if vulnerability remediation does not rapidly improve, said John Gallagher, a vice president at Viakoo. 

“It seems like a fair price for frontier organizations to pay compared to the potential of their products causing catastrophic damage from AI-driven attacks on critical infrastructure and OT systems that power our economy and way of life. In those terms it could be seen as a good business decision to prevent cyberattacks that would otherwise slow down or restrict the adoption of AI-based solutions.”
—John Gallagher

Will industrialization of VM work?

The bigger question, security experts say, is how achievable some of the proposed goals are, especially within the suggested end-of-2028 time frame. A comprehensive code atlas of the type that Easterly has proposed would be enormously valuable because it would identify the most widely used libraries in critical infrastructure and the ones that lone volunteers or tiny teams might be maintaining. It would identify open-source projects built on memory-unsafe code, those that lack proper security testing or that could have a cascading impact in the event of a compromise.

But building and maintaining such a critical code atlas would be a monumental task, especially given the highly fragmented nature of the open-source ecosystem. “Different language ecosystems use incompatible build systems and package managers, SBOM generation is inconsistent across ecosystems, and dependency maps are point-in-time snapshots that drift almost immediately in production,” Calderone said. 

Emerging AI technology could make the mapping easier. Even so, mapping and maintenance would need to be a coordinated effort involving the Linux Foundation, OpenSSF, major cloud providers that already have deep visibility into how open-source packages are consumed at scale, and government agencies such as CISA that can provide the authoritative prioritization framework.

Ronald Lewis, head of cybersecurity governance at Black Duck, said the challenge isn’t just building a dependency graph; it’s also building one that is continuously accurate, contextually meaningful, and broadly trusted. Like Calderone, Lewis believes it would take a combination of an industry consortium-like OpenSSF, a partnership with a hyperscaler that has access to real-world telemetry, and governments to build and maintain a code atlas of the sort that Easterly has proposed. 

“The constraint is maintaining a version of that graph that is accurate, trusted, and actionable across a fragmented, constantly changing, and adversarial ecosystem. That’s not a product — it’s infrastructure.”
—Ronald Lewis

Lewis said holding AI labs responsible for fixing the vulnerabilities their own AI tools discover risks creating a self-perpetuating cycle. “The assumptions around this proposal underestimate how AI fundamentally changes the security equation,” Lewis said.  

“There’s a real risk of creating a ‘self-licking ice cream cone’: AI generates a flood of vulnerability findings — many of uncertain validity — then uses more AI to fix them, potentially introducing new flaws that must be rediscovered and remediated again.”
—Ronald Lewis

Such an approach will not work at scale, Lewis holds. “The current model assumes AI creates a solvable scaling problem, when in reality it may be creating a self-reinforcing system where discovery, validation, and remediation are all probabilistic and interdependent.”