Recent funding, licensing, foundation, and monetization news from across open source.
Phoronix reports that Linux networking maintainers are still dealing with a flood of AI/LLM-driven bug reports and fixes, including security issues, prompting concerns that the disclosure workload may keep growing.
A GlobeNewswire release carried by Markets Insider says Open Invention Network has preserved the source code for OIN 2.0's Linux System in Software Heritage, strengthening patent-risk mitigation, provenance, and long-term access for the open source packages covered by OIN's cross-license.
A PRNewswire release carried by StockTitan says the Linux Foundation's Agentic AI Foundation added 43 new members, including GoDaddy as a Gold Member, to work on open standards for production-grade agentic AI.
NextNav joined the OCUDU Ecosystem Foundation, a Linux Foundation project, to advance open source 5G and 6G integrated sensing and positioning, navigation, and timing technologies.
Forrester recapped Eclipse Foundation's OCX conference, highlighting discussions of open source funding models, vendor-neutral governance, regulation, AI, and license questions around AI-generated code.
The Linux Foundation's Agentic AI Foundation announced 43 new members, including enterprise, government, and startup participants backing open standards and open source infrastructure for agentic AI systems.
ByteHaven follows up on Bitwarden's Premium price increase, arguing that leadership changes and product direction point to a broader shift in how the open source password manager is being monetized.
BleepingComputer reports that an autonomous scanning system found an 18-year-old flaw in the open source NGINX web server, illustrating how AI-assisted or automated discovery can surface long-lived vulnerabilities in widely used infrastructure.
Spiral introduced Loupe, an AI-powered vulnerability scanning effort for open source Bitcoin projects, framing it as a way to reduce the asymmetry between attackers and maintainers while pairing automated findings with human review.
VulnCheck argues that rising CVE disclosure volumes across major vendors and open source projects are early evidence of AI-assisted vulnerability discovery, with implications for maintainers, triage capacity, and disclosure quality.
Software Freedom Conservancy explains a growing pattern of copyleft violations where vendors provide incomplete Corresponding Source, arguing that incomplete source has become a common and often intentional compliance failure.
Simon Willison highlights the UK Government Digital Service's response to the NHS closing public repositories after vulnerability reports, with GDS recommending that public-sector code remain open by default despite AI-assisted vulnerability discovery concerns.
LWN notes that Linux 7.1-rc4 documentation updates address the flood of AI-generated security reports that have made the kernel security list difficult to manage, with duplicated reports and guidance that AI-detected bugs are generally not secret vulnerabilities.
Phoronix reports that longtime Mesa and AMD Linux GPU driver developer Marek Olšák has left AMD for Valve, another sign of Valve investing in open source Linux graphics driver work for gaming.
Tech Times reports that Floci, a free MIT-licensed AWS emulator, gained traction as an open source alternative amid complaints about LocalStack features moving behind a $39-per-month paid plan.
Personal Digital Spaces introduced OpenRSL, an open standard intended to let publishers and website owners declare machine-readable licensing, payment, attribution, and access terms for AI crawlers and other automated agents.
Slashdot summarizes reporting that Bitwarden changed leadership and removed 'Always free' from parts of its website, prompting questions about the open source password manager company's future positioning.
FOSS Force covers a surge of AI-assisted Linux kernel vulnerability reports and the resulting maintainer concerns around validation workload, disclosure quality, and security triage.
Phoronix reports that Linux 7.1 added documentation clarifying security-bug handling and expectations for responsible AI use when finding and reporting kernel bugs.
Zulip announced the Zulip Foundation, a new nonprofit home for the open source team chat project intended to support long-term governance, fundraising, and community stewardship.
The New Stack reports on Block donating Goose, its open source AI coding agent, to the Linux Foundation and the OpenJS Foundation's Cross Project Council as a governance move for broader ecosystem adoption.
SecurityWeek reports that OpenAI rotated code-signing certificates after repositories containing them were compromised in a TanStack supply-chain attack, highlighting the exposure of AI vendors and developer tools to open source package ecosystem compromises.
A GlobeNewswire release carried by Yahoo Finance says Acquia launched a Fair Trade Initiative that directs 2% of each eligible partner co-sell transaction to the Drupal Association, embedding Drupal sustainability funding into partner revenue flow.
A bipartisan group of U.S. lawmakers asked the Office of the National Cyber Director to coordinate federal and industry planning for high volumes of AI-discovered software vulnerability disclosures, including support for validating, triaging, and patching flaws in the software ecosystem.
GamersNexus rehosted the OrcaSlicer-BambuLab fork with the developer's permission after Bambu Lab sent a cease-and-desist, escalating the AGPL-related dispute over Bambu's slicer software and cloud connectivity.
A Business Wire release carried by TMCnet says NextNav joined the Linux Foundation-hosted OCUDU Ecosystem Foundation to contribute positioning, navigation, and timing capabilities to open source 5G and AI-native 6G Open RAN infrastructure.
The Hacker News reports that OpenAI launched Daybreak, a controlled-access AI cybersecurity initiative, while noting that AI-assisted vulnerability discovery is accelerating report volume and triage fatigue for open source maintainers.
Techopedia reports that RPCS3 updated contributor rules after maintainers saw a rise in low-quality AI-generated pull requests, warning that undisclosed AI-generated submissions may lead to bans from contributing to the open source emulator.
It's FOSS reports that Fedora's proposed AI Developer Desktop initiative stalled after community objections led two Fedora Council members to retract approval votes, putting the Red Hat-backed proposal back into debate.
Turso retired its $1,000 data-corruption bug bounty after AI-assisted reports and repeated arguments over paid findings made the company conclude that financial incentives no longer worked well with its open source contribution process.
Metabase argues that LLM-powered vulnerability scanners are increasing security reports against open source projects at roughly 10 times historical rates, creating a new triage and maintainer-burden problem around disclosure incentives.
Cybernews reports that Bambu Lab's legal threat against an OrcaSlicer fork created a Streisand effect, with mirrors appearing online and prominent open source and hardware YouTubers criticizing the company over AGPL-derived slicer software and user lock-in.
3Druck reports that Josef Prusa weighed in on Bambu Lab's dispute with an OrcaSlicer fork, criticizing BambuStudio's closed binary network plugin and CDN-loaded runtime module as raising AGPL/copyleft questions around a slicer and cloud component that function together.
XDA argues that Cal.com's decision to close its production codebase after citing AI-assisted vulnerability discovery is a security-through-obscurity response, and that the same AI capabilities strengthen the case for open source auditing and remediation.
The Register covers KDE's €1.285 million Sovereign Tech Fund investment and connects it to growing European public-sector interest in sovereign desktop operating system alternatives built on open source software.
The Software Sustainability Institute highlighted the launch of the Open Source for Science Fund, a multi-donor effort from Renaissance Philanthropy with seed funding from Biohub and Wellcome, offering life-sciences open source software grants of up to $1 million.
A Business Wire release carried by Morningstar says depthfirst launched an Open Defense Initiative committing up to $5 million in platform credits for selected open source projects to find and fix zero-day vulnerabilities.
Tea Protocol said it will launch its mainnet and token generation event as part of an economic and verification layer intended to support open source software provenance, attribution, and maintainer support in the AI era.
The Wikimedia Foundation joined the Digital Public Goods Alliance, aligning Wikipedia and Wikimedia's open knowledge infrastructure work with the alliance's digital public goods efforts.
Automotive Grade Linux released its open source SoDeV reference platform for software-defined vehicles and welcomed EMQ, Lineo Solutions, MediaTek, VA Linux Systems Japan, and Very Good Ventures as members.
LWN reports that a Red Hat-backed Fedora AI Developer Desktop proposal drew objections over out-of-tree kernel drivers and AI toolkits, leading the Fedora Council to send the initiative back for more discussion after heated community debate.
OpenSSF recapped the DARPA-funded AIxCC competition, including a $30.5 million prize pool for AI systems aimed at securing open source software and follow-up disclosure work with OSTIF and Ada Logics.
The Python Software Foundation announced that Hudson River Trading became its first quantitative trading firm Visionary Sponsor, the PSF's highest sponsorship tier, to support Python and the foundation's community work.
KDE announced a €1,285,200 Sovereign Tech Fund investment for 2026 and 2027 to strengthen the reliability and security of KDE Plasma, KDE Linux, core frameworks, and related infrastructure.
All3DP reports that Bambu Lab pressured a solo developer to remove an OrcaSlicer fork that reconnected the open source slicer to Bambu Lab's cloud infrastructure, drawing wider community attention to the dispute.
AI Insider reports that OpsMill raised EUR11.9 million, about $14 million, in Series A funding led by IRIS to expand Infrahub, its open source graph database platform for AI-ready infrastructure data management.
Cyber Security News reports that fsnotify users raised supply-chain and governance concerns after GitHub organization access changed and a sponsorship-file update became part of a maintainer dispute around the widely used open source Go library.
U.Today reports that the XRP Ledger Foundation appointed Ripple CTO Emeritus David Schwartz, one of the original architects of the XRP Ledger, as an honorary board member to strengthen technical stewardship of the independent nonprofit's ecosystem work.
Chainguard joined FINOS, the Linux Foundation's fintech open source foundation, as a Gold Member and plans to contribute supply-chain security, governance, and secure open source adoption expertise for financial services.
TechCrunch reports that Moonshot AI raised $2 billion at a valuation above $20 billion, tying the round to fast-growing demand for its open source Kimi models and paid API usage.
Reuters reports that Chinese AI startup DeepSeek, known for releasing open models, could seek a valuation of up to $50 billion in its first outside fundraising after years of rejecting external capital.
Anthropic updated Petri to version 3.0 and donated the open source AI alignment testing tool to Meridian Labs, an independent evaluation nonprofit, positioning it as neutral infrastructure for model behavior testing.
Open Source For You reports that the Linux Foundation launched an Open Driver Initiative to improve Linux hardware compatibility by encouraging open source drivers and reducing reliance on proprietary driver stacks.
SecurityBrief reports that Sonatype joined the Linux Foundation's Sustaining Package Registries Working Group to address funding, governance, and security pressures on package registry infrastructure.
Tether announced a no-cap developer grants program paying in USDT or Bitcoin for deliverables across its open technology stack, including local-first AI components and open source self-custodial wallet infrastructure.
The Eclipse Software Defined Vehicle Working Group announced new members including Renesas, 42dot, Volvo Cars, UPower, OPEVA, and others, reflecting continued industry investment in open source software-defined vehicle collaboration.
It's FOSS reports that Dell and Lenovo became the first Premier sponsors of the Linux Vendor Firmware Service, each contributing $100,000 per year after LVFS warned vendors about underfunding and began rolling out usage restrictions.
It's FOSS covers The Document Foundation's public pressure on Euro-Office, a Nextcloud and IONOS fork of ONLYOFFICE, over whether the project will use OpenDocument Format as its native format or remain tied to Microsoft's OOXML.
CNCF announced that Microcks, an open source API mocking and contract-testing platform, has been accepted as a CNCF incubating project.
InfoQ covers Oracle's MySQL 9.7 LTS release, including enterprise features moving into the community edition amid ongoing community concern about Oracle's long-term commitment to the open source database.
curl lead Daniel Stenberg describes getting access to Anthropic's Mythos through the Linux Foundation's Alpha-Omega program, the one curl issue it found, and why he sees the surrounding AI vulnerability-finding claims as mostly marketing hype.
OpenSSF details the economic and security costs of running open source package registries, noting added pressure from AI coding agents and pointing to a Linux Foundation-hosted Sustaining Package Registries Working Group.
Slashdot summarizes Tom's Hardware reporting that developer Pawel Jarczak shuttered an OrcaSlicer-BambuLab fork after Bambu Lab threatened legal action over work to restore remote-printer features the company had restricted.
Slashdot summarizes Kotaku's report that maintainers of the open source RPCS3 PlayStation 3 emulator asked contributors to stop flooding the project with low-quality AI-generated pull requests.
Qualcomm joined the Linux Foundation-hosted OCUDU Ecosystem Foundation as a Premier Member and gained a governing board seat to help advance open source CU/DU software for Open RAN infrastructure.
The Rust Foundation announced work with package registry leaders on open source sustainability, highlighting the funding and operational pressures facing critical package infrastructure.
The New Stack reports that Anthropic's limits on third-party access helped drive interest in OpenCode, an open source, model-agnostic coding agent positioned as a hedge against proprietary AI coding platforms.
The New Stack discusses the Linux Foundation's Agentic AI Foundation and its adoption of MCP, Goose, and AGENTS.md as open source agentic AI projects moving under foundation governance.
New Scientist reports growing opposition to NHS England's plan to pull public source code offline over fears about AI-enabled hacking, with critics arguing the move will reduce transparency without improving security.
TechCrunch reports that CopilotKit raised a $27 million Series A for its open source stack and AG-UI protocol for building app-native AI agents, with its commercial product positioned around hardening and supporting that stack.
Biometric Update reports that Harvard's Applied Social Media Lab launched the open source Keyring identity wallet in collaboration with Linux Foundation Decentralized Trust, aiming to support privacy-preserving verification, age assurance, and distinguishing people from AI agents.
RadixArk launched with $100 million in seed funding to grow SGLang, the open source AI inference and training system, with backing from Accel, Spark Capital, NVIDIA's NVentures, AMD, MediaTek, and others.
Baker Botts summarizes recent rulings in Software Freedom Conservancy v. Vizio, including findings that consumers can pursue breach-of-contract claims as third-party beneficiaries of GPLv2 and LGPLv2.1 obligations.
The Register says Bun's Zig-to-Rust porting guide has revived debate over Zig's no-AI contribution policy, Anthropic's ownership of Bun, and predictions that more open source code will be written by AI tools.
Linea Consortium joined Linux Foundation Decentralized Trust as a premier member and contributed the open source Linea ZK rollup stack as Lineth, a new foundation-governed code project.
The Register reports that NHS England is temporarily making hundreds of public GitHub repositories private, citing cybersecurity concerns tied to advances in AI vulnerability discovery, despite its usual open-source-first policy.
LWN covers the PHP project's retirement of the PHP License and Zend Engine License in favor of BSD-3-Clause, including the consent and trademark steps needed to complete the relicensing.
It's FOSS reports that VS Code briefly defaulted to adding a Co-authored-by: Copilot trailer to Git commits, sometimes even when Copilot was disabled, before Microsoft reverted the change.
Ars Technica reports that Notepad++ creator Don Ho disavowed an unofficial macOS port using the project's name and logo, while also noting the port was built partly with Claude CLI and other AI coding tools, raising trademark, trust, and support concerns around an open source project.
TechCrunch reports that ComfyUI, which began as an open-source project for controlled AI media workflows, raised $30 million at a $500 million valuation to expand its tools for image, video, audio, and 3D generation.
Orkes announced a $60 million Series B for its agent and durable workflow orchestration platform, built on the open-source Conductor technology originally created at Netflix.
Slashdot reports that AMD is preparing HDMI 2.1 FRL support patches for the open source Linux amdgpu driver after earlier delays tied to the HDMI Forum rejecting an open source implementation as proprietary technology.
The Register reports that Microsoft reversed a VS Code Git extension change that added Copilot co-author attribution by default, after developers complained that the AI tool was being credited for human-authored commits.
The Ethereum Foundation published its Q1 2026 allocation update, listing ecosystem funding across community education, consensus-layer work, cryptography, developer tooling, and other open source Ethereum projects.
The Blender Foundation says Anthropic joined the Blender Development Fund as a Corporate Patron, while noting that the membership has been shifted to a singular donation.
Cal.com describes its v6.4 licensing changes, including Cal.diy under the MIT license, alongside performance improvements, routing visibility, Salesforce integration updates, and security fixes.
Adjacent argues that open source sustainability is moving from generic sponsorship toward companies hiring maintainers directly, because recognition and project popularity do not pay for ongoing maintenance.
Crypto Briefing reports that MARA launched the MARA Foundation to support Bitcoin security research, open source development, self-custody access, policy, and education.
Percona Community argues that pgBackRest's archival shows how essential open source can become fragile when maintainers lack sustained funding, governance, or institutional support.
FinSMEs reports that OpenObserve, an open-source observability platform, raised a $10 million Series A led by Peak XV's Surge, with participation from Sorin Investments and existing investors.
The Eclipse Foundation launched a recognition program for security researchers who responsibly disclose vulnerabilities in Open VSX, adding a structured incentive layer around the open source extension registry.
Gabriele Bartolini uses pgBackRest's archival to argue that commercial backing, community governance, and foundation homes such as the CNCF can create a healthier funding loop for critical open source maintenance.
It's FOSS reports that OS-SCi's Lomiri Tech Meeting will include the announcement of a Lomiri Bounty Program intended to give students incentives to contribute to the Ubuntu Touch ecosystem.
FOSS Force reports that Warp has finally opened most of its client under AGPLv3 and MIT licenses with OpenAI as a founding sponsor, while key pieces tied to its proprietary Oz agent orchestration platform remain closed.
LWN reports that Alpine Linux's Linode-hosted systems, including GitLab, were suspended over a billing issue before later returning online, highlighting infrastructure fragility for a major open source distribution.
The FSFE urges NHS England to reverse any blanket private-by-default policy for publicly funded code, arguing that AI scanning fears do not justify hiding repositories and that public code supports scrutiny and accountability.
William Johnston argues that Anthropic's ownership of the MIT-licensed Bun runtime now looks riskier after Claude Code billing, quality, and third-party harness controversies raised concerns about the stewardship of Bun's open source ecosystem.
LWN notes Linus Torvalds' 7.1-rc2 announcement saying the release candidate is not small and may continue the pattern of unusually high patch volume, probably due to AI tooling.
Phoronix surveys more than 1,000 selected Google Summer of Code 2026 projects, where student developers will receive stipends to work on open source efforts across VideoLAN, FreeBSD, Debian, GIMP, KDE, GNOME, LibreOffice, and others.
Terence Eden reports that NHS England is preparing to make most public code repositories private by default, citing concern that AI vulnerability tools such as Mythos could scan public code.