AI meets Cryptography 1: What AI Found in Cloudflare's CIRCL

ZK/SEC reports that its AI audit pipeline found seven confirmed bugs in Cloudflare's open-source CIRCL cryptography library, including threshold RSA precision loss and attribute-based encryption access-control flaws, all now fixed upstream.

Added: ; Published: ; Source: Zksecurity

Automating away

The Beagle SCM author describes using Anthropic's Fable to build the git-compatible source-control project, arguing that LLM coding agents need deterministic tools and formal workflows so repeated actions and verification steps can be automated reliably.

Added: ; Published: ; Source: Replicated

Better Auth is joining Vercel

Better Auth announced it is joining Vercel, saying the move gives the open-source auth framework more resources while letting the team pursue agent authorization work without shaping its roadmap around standalone monetization.

Added: ; Published: ; Source: Better Auth

Two months of Open Community Groups

CNCF says Open Community Groups, its open-source meetup platform, has become community infrastructure for local cloud-native groups and a foundation-backed way to coordinate open-source events through open-source software.

Added: ; Published: ; Source: CNCF

Cortex Audit Complete!

OSTIF published the results of a CNCF-backed security audit of Cortex, the open-source long-term storage project for Prometheus and OpenTelemetry, documenting Quarkslab review work and fixes for seven security-impacting findings.

Added: ; Published: ; Source: Ostif

Leadership Council update — June 2026

The Rust Leadership Council says the new Funding team will administer the Rust Foundation Maintainers Fund, allocating $50,000 for maintainer support and taking over the project grants program to support long-term Rust maintenance.

Added: ; Published: ; Source: Rust Lang

Zombie ‘who owns Unix?’ lawsuit comes alive again

The Register reports that Xinuos, SCO's legal successor, is trying to revive old Project Monterey license and copyright claims against IBM, extending the long-running Unix and Linux ownership dispute.

Added: ; Published: ; Source: The Register

Continuent joins MariaDB Foundation as a Silver Sponsor

MariaDB Foundation welcomed Continuent as a Silver Sponsor, citing the company's long-running work with business-critical MariaDB and MySQL-compatible open-source deployments and its support for MariaDB Server and the community.

Added: ; Published: ; Source: Mariadb

Rust Foundation Maintainers Fund with Lori and Niko

Open Source Security talks with Lori Lorusso and Niko Matsakis about the Rust Foundation Maintainers Fund, covering how the foundation plans to fund Rust maintainers and why sustainable open-source maintenance requires dedicated support.

Added: ; Published: ; Source: Opensourcesecurity

Pytorch: the software layer underpinning Europe's AI ambitions

Tech.eu reports that the PyTorch Foundation is positioning PyTorch and related projects as neutral open infrastructure for European AI sovereignty, including moving SafeTensors governance, trademarks, and long-term stewardship from Hugging Face to the Linux Foundation while maintainers continue day-to-day work.

Added: ; Published: ; Source: Tech

Apache Livy Graduates To Top-Level Project

Open Source For You reports that Apache Livy graduated to an Apache Software Foundation Top-Level Project, moving the Spark REST API service from incubator oversight to its own project management committee for future releases, security fixes, and community growth.

Added: ; Published: ; Source: Opensourceforu

The Future of Flipper Zero Development

Flipper Devices says it will allocate resources to keep maintaining the open-source Flipper Zero firmware after community pushback, moving feature requests to GitHub Discussions, tightening contribution rules for AI-generated low-level code, and publishing integration tests for community regression testing.

Added: ; Published: ; Source: Flipper

Brave's $60 'Origin' Browser Charges More for Less. I'm Not Buying

PCMag reviews Brave Origin as a $60 paid version of the open-source Brave browser that removes revenue-generating features such as ads, AI, VPN, and crypto integrations, questioning whether users will pay for a minimalist browser they can largely configure themselves.

Added: ; Published: ; Source: Pcmag

AI Slop is Choking Open Source, and Frustrating Developers

Analytics India Magazine reports that open-source maintainers are rewriting contribution rules as AI agents and generated pull requests add review burden, citing incidents around Matplotlib, Godot, the Linux kernel, and curl's bug-bounty shutdown.

Added: ; Published: ; Source: Analyticsindiamag

Shopify settles copyright lawsuit with rival Shopline

BetaKit reports that Shopify and Shopline settled Shopify's lawsuit accusing Shopline of copying the open-source Dawn storefront theme into a rival Seed template, with Shopify saying the confidential deal requires payment and bars further Seed distribution.

Added: ; Published: ; Source: Betakit

Open Source & Engineering Leadership Update — July 2026

Xubuntu and Xfce contributor Sean Davis updated his GitHub Sponsors and Patreon tiers to support open-source infrastructure, documentation, testing hardware, mentorship, and community work while stressing that sponsorship does not replace project governance.

Added: ; Published: ; Source: Seand

University of Iowa professor awarded ‘Nobel Prize for stats’

The Gazette reports that Belgium's King Baudouin Foundation awarded the $1 million 2026 Rousseeuw Prize for Statistics to core members of The R Project, recognizing decades of work maintaining the free, open-source statistical computing platform.

Added: ; Published: ; Source: Thegazette

Wordgard Release 0.1

Marijn Haverbeke released Wordgard 0.1 as an MIT-licensed successor-style rich-text editor toolkit informed by ProseMirror and CodeMirror, while explaining that permissive licensing, AI scraping, and AI-generated pull requests are changing how he funds and maintains open-source infrastructure.

Added: ; Published: ; Source: Marijnhaverbeke

Better Models: Worse Tools

Armin Ronacher documents a Pi coding-agent tool-calling regression where newer Claude models generate malformed nested edit calls, arguing that closed-source Claude Code training and permissive harness behavior can make alternative agent tools less reliable without stricter schemas.

Added: ; Published: ; Source: Pocoo

GuardFall: a universal shell injection vulnerability in open-source AI agents

Adversa AI reports that common pattern-based shell guards in open-source AI coding agents can be bypassed with decades-old Bash quoting and expansion tricks, letting poisoned repositories, README files, or Makefiles turn agent command execution into a developer credential and supply-chain risk.

Added: ; Published: ; Source: Adversa

The Next Chapter of PrimeTek

PrimeTek announced PrimeUI, moving future major versions of PrimeNG, PrimeReact, and PrimeVue from MIT-licensed open source releases to a paid commercial licensing model for larger organizations, while keeping existing MIT versions unchanged and free community licenses for eligible small users.

Added: ; Published: ; Source: Primeui

Kotlin Notebook Sunset

JetBrains will sunset Kotlin Notebook as a maintained IntelliJ IDEA product, unbundle it from IntelliJ IDEA 2026.2, publish the plugin source on GitHub under Apache-2.0, and hand future development to community ownership.

Added: ; Published: ; Source: Jetbrains

Open-Source 'OpenAN' Launched By Huawei And Partners

Open Source For You reports that Huawei, China Mobile, AIS, AsiaInfo, Infosys, Orange, Personal, and ZTE launched the OpenAN project under Linux Foundation Networking, donating baseline telecom automation components and setting governance for agent-based autonomous network tools.

Added: ; Published: ; Source: Opensourceforu

ZLUDA v6 Update Brings Nvidia PhysX Boost To AMD Radeon GPUs

Open Source For You reports that the open-source ZLUDA compatibility project added experimental PhysX support for AMD Radeon GPUs while lead developer Andrzej Janik said the project has lost its commercial backing and is returning to a slower volunteer-maintained pace.

Added: ; Published: ; Source: Opensourceforu

Scripps Research scientists awarded $2M to advance global disease surveillance

Scripps Research received two Gates Foundation grants totaling $2 million to expand wastewater disease surveillance and AI-driven outbreak prediction, including further development of Freyja, its open-source wastewater analysis platform, and openly available lab protocols and bioinformatics tools for low- and middle-income countries.

Added: ; Published: ; Source: Scripps

OpenClaw Skill Store Breach Raises Open Source AI Security Alarm

Open Source For You reports that malicious skills uploaded to OpenClaw's ClawHub marketplace abused trusted AI agent permissions, prompting recommendations for least-privilege access, runtime isolation, sandboxing, behavioral monitoring, publisher verification, and layered review in open-source AI agent ecosystems.

Added: ; Published: ; Source: Opensourceforu

HAMi Is Now a CNCF Incubating Project

Saiyam Pathak reports that HAMi, the Kubernetes GPU virtualization and heterogeneous accelerator scheduling project, has moved from CNCF Sandbox to Incubating status after demonstrating production adoption, governance, contributor health, and security maturity.

Added: ; Published: ; Source: Substack

OpenTelemetry Graduates to CNCF's Highest Maturity Level

InfoQ reports that OpenTelemetry has graduated to the CNCF's highest maturity level, recognizing the open-source observability framework's production readiness, vendor-neutral governance, broad adoption, and role in monitoring cloud-native and AI-driven systems.

Added: ; Published: ; Source: Infoq

Global Infrastructure, Shared Responsibility — UN Open Source Week 2026

The Sovereign Tech Agency recaps UN Open Source Week discussions on digital public infrastructure, shared responsibility, and international cooperation, highlighting its public-investment model for maintaining and strengthening open-source digital commons.

Added: ; Published: ; Source: Sovereign

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

The Hacker News reports that Sysdig observed a ransomware attack run end-to-end by an AI agent, beginning with exploitation of an old, patched RCE flaw in the open-source Langflow tool and moving through credential theft, persistence, encryption, and data wiping.

Added: ; Published: ; Source: Thehackernews

The Privatization of Vulnerability Management

James Berthoty argues that AI-assisted vulnerability discovery is pushing more open-source vulnerability management into private-company workflows, while maintainers still need normal disclosure, public timelines, patches, and sponsorship from downstream users.

Added: ; Published: ; Source: Latio

The privilege of AI in Open Source

Dries Buytaert argues that AI could make open-source contribution less dependent on free time only if communities invest in shared access, skills, review norms, and accountability instead of shifting more burden onto maintainers.

Added: ; Published: ; Source: Dri

TYPO3 Joins the PHP Foundation as a Silver Sponsor

TYPO3 joined the PHP Foundation as a Silver Sponsor, adding financial support for the long-term development of the language, security work, infrastructure, and ecosystem that the open-source CMS depends on.

Added: ; Published: ; Source: Typo3

What the AI patch gap means for enterprise security

Help Net Security reports that Anthropic's Claude Mythos Preview produced 1,596 verified open-source vulnerability reports in about nine weeks, while credited fixes lagged far behind, leaving maintainers and enterprises facing an AI-driven patch backlog.

Added: ; Published: ; Source: Helpnetsecurity

No LLM Code in Dependencies

Joey Hess says he spent about 100 hours auditing git-annex dependencies to avoid LLM-generated code, citing poor-quality generated commits, possible copyright risks, and the wider maintainer burden created when projects accept AI-authored changes.

Added: ; Published: ; Source: Joeyh

[$] Two LLM-assisted memory-management patch sets

LWN reports that Linux memory-management developers are evaluating two large patch sets written with LLM assistance by established kernel developers, offering a contrast with earlier AI-generated drive-by submissions and insight into how maintainers may handle future AI-assisted work.

Added: ; Published: ; Source: Lwn

Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.

Dark Reading reports that IBM and Red Hat are assigning 20,000 engineers to Project Lightwell as Anthropic's Mythos findings fuel debate over whether enterprise-backed remediation services can help patch open-source vulnerabilities fast enough for AI-accelerated discovery.

Added: ; Published: ; Source: Darkreading

Shopify Joins the PyTorch Foundation as a Platinum Member

The PyTorch Foundation announced that Shopify joined as a Platinum member, giving the company a governing-board seat and a formal role in the Linux Foundation-hosted open-source AI framework ecosystem it depends on for commerce machine-learning workloads.

Added: ; Published: ; Source: Pytorch

What We Talk About When We Talk About Malware

F-Droid argues that Google's Android Developer Verification program turns app installation into a centralized approval system, requiring developer registration, fees, identity documents, signing-key registration, and undefined malware terms that could threaten independent free-software distribution.

Added: ; Published: ; Source: F Droid

Fedora Council Seeks To Shutdown Current Discussions Over AI Developer Desktop

Phoronix reports that the Fedora Council paused the Fedora AI Developer Desktop community initiative after heated debate over a proposal to package local AI and machine-learning workflows, highlighting governance pressure around AI features in the open-source distribution.

Added: ; Published: ; Source: Phoronix

We're campaigning for free software. We need your help

The Free Software Foundation asked supporters to fund its campaigns team through associate memberships, citing work on age-verification laws, VPN bans, DRM opposition, proprietary-software threats, and a summer goal of 175 new members.

Added: ; Published: ; Source: Fsf

Xsnow "protestware" in Debian

LWN reports on a Debian discussion over xsnow's hidden locale-triggered Ukrainian flag Easter egg, with developers debating whether the behavior violates Debian's software-freedom guidelines or should instead be handled as a package bug or archive-policy question.

Added: ; Published: ; Source: Lwn

Clean GitHub Repo Attack Exposes AI Coding Agent Risk

eWeek reports on a Mozilla 0DIN proof-of-concept showing how an apparently clean GitHub repository can prompt an AI coding agent to run setup steps that fetch a DNS-hosted payload, open a reverse shell, and expose developer credentials, moving open-source review concerns from static code inspection to runtime agent controls.

Added: ; Published: ; Source: Eweek

Eve Online's Carbon engine is now open source

GamesIndustry.biz reports that Fenris Creations has released Eve Online's Carbon game engine on GitHub under mostly MIT licensing, saying the move is intended to build trust, invite security fixes and community contributions, and let others use or fork the engine freely.

Added: ; Published: ; Source: Gamesindustry

Godot will no longer accept AI-authored code contributions

PC Gamer reports that Godot maintainers will reject AI-authored code contributions to the open-source game engine, saying contributors need to understand and maintain their submissions while limited AI assistance remains possible.

Added: ; Published: ; Source: Pcgamer

LLM Policy

NLnet Labs published an LLM policy for its open-source DNS and routing projects, requiring code and documentation contributions to be human-authored, disclosure of LLM use in issues and vulnerability reports, and human verification of any LLM-assisted analysis.

Added: ; Published: ; Source: Nlnetlabs

The Eclipse Foundation and the ORC Working Group launch ORC Learning Hub to help open source developers, maintainers, and software teams prepare for the Cyber Resilience Act

The Eclipse Foundation and ORC Working Group launched a free Open Regulatory Compliance Learning Hub to help open-source maintainers, project stewards, OSPOs, and software teams prepare for the EU Cyber Resilience Act's September 2026 obligations.

Added: ; Published: ; Source: Globenewswire

wallabag.it will fund development work contributed back to wallabag

The hosted wallabag.it service will directly fund Yassine Guedidi to develop features and fixes contributed back to the open-source wallabag project, including spam protection, RSS and Atom feed management, saving links by email, and security work.

Added: ; Published: ; Source: Wallabag

10 Years of Meta's Commitment to Python

Meta marked its tenth year sponsoring the Python Software Foundation, saying its funding and engineer contributions support Python maintainers, core language work, PSF community programs, and open-source developer tools such as Pyrefly.

Added: ; Published: ; Source: Fb

'Stop calling it a hobby and start treating it as infrastructure': EXANTE calls out the underfunding of widely used open source projects

TechRadar interviews EXANTE about open-source underfunding in finance, highlighting the company's €1 million Gecko Fund for critical trading and financial-data projects and arguing that AI-driven vulnerability discovery makes corporate funding, audits, and engineering support more urgent.

Added: ; Published: ; Source: Techradar

Taking Roads and Bridges literally

Andrew Nesbitt argues that treating open source as critical infrastructure should move beyond voluntary sponsorship toward bridge-like inspection, public inventory, risk ratings, and recurring formula funding for maintained software dependencies.

Added: ; Published: ; Source: Nesbitt

Welcoming Wild to the Rust Innovation Lab

The Rust Foundation welcomed Wild, a fast Linux linker project, into its Rust Innovation Lab as a new board-approved project hosted under the foundation.

Added: ; Published: ; Source: Rust Foundation

Changes to our Contribution Policies

Godot maintainers announced stricter contribution rules as AI-generated pull requests increase review burden, including bans on autonomous agent and vibe-coded work, limits on substantial AI-generated code, disclosure requirements, and new barriers for large changes from new contributors.

Added: ; Published: ; Source: Godotengine

Open Source Support Can't Depend on Charity

Aaron D. Campbell argues that company support for open-source projects should be treated as a business continuity expense rather than charity, with budgets tied to security, reliability, and the cost of replacing shared dependencies.

Added: ; Published: ; Source: Aarondcampbell

Shipping post-quantum cryptography to Python

Trail of Bits says Sovereign Tech Agency funding supported adding ML-KEM and ML-DSA post-quantum cryptography to pyca/cryptography 48, bringing NIST-standard primitives to Python ecosystem projects such as Ansible, Certbot, Apache Airflow, and Paramiko.

Added: ; Published: ; Source: Trailofbits

Open source maintainership in the age of AI

Kubernetes contributor Kevin Hannon explains how the project is adapting maintainer workflows for AI-assisted coding, including disclosure rules, human accountability, review policies, and tooling experiments to preserve code quality as generated pull requests increase.

Added: ; Published: ; Source: Kubernetes

Vulnerability reports are arriving faster than GitHub can review them

Help Net Security reports that the GitHub Advisory Database is being strained by record open-source vulnerability-report volume, with review delays growing even as GitHub adds AI-assisted curation, automation, and stricter triage to avoid false positives at scale.

Added: ; Published: ; Source: Helpnetsecurity

IdentityServer4 is dead. Here's what comes next.

The New Stack reports that RSK forked the decommissioned open-source IdentityServer4 into Open.IdentityServer, betting that a free, supported fork can compete with Duende's paid migration path after IdentityServer's commercialization.

Added: ; Published: ; Source: The New Stack

Guidelines for AI-Assisted Contributions in the ROS Project

The ROS PMC published rules for AI-assisted contributions after an uptick in LLM-authored pull requests, extending OSRF policy with requirements for human ownership, verification, and keeping maintainer time from being used as an LLM validation service.

Added: ; Published: ; Source: Openrobotics

Wall Street Occupies Linux OSS 2026

Apereo's funding and partnerships lead argues the education-focused open-source foundation needs to remodel external income, build corporate-sponsor relationships, and consolidate projects or foundations to make its LMS and SIS ecosystem financially sustainable.

Added: ; Published: ; Source: Apereo

Measuring OSPO Value

Dawn Foster explains how Open Source Program Offices can measure and communicate their value amid budget pressure, using LF Research work to connect OSPO activity to organizational goals, risk reduction, and open-source strategy.

Added: ; Published: ; Source: Linux Foundation

Working With AI: A concrete example

Carson Gross walks through an AI-assisted bug fix in the open-source hyperscript project, showing where a coding agent helped, where it struggled, and why knowledgeable human review kept the change small and comprehensible.

Added: ; Published: ; Source: Htmx

UNESCO launches open-source platform to advance global open science

Research Information reports that UNESCO and the United Nations International Computing Centre launched an Open Science Platform as free and open-source software, using CERN's InvenioRDM framework to publish UNESCO-supported research and track open-science infrastructure, policy, capacity-building, and incentives across member states.

Added: ; Published: ; Source: Researchinformation

ACL 1.0: A source-available commercial license for the AI era

The Auditable Commercial License v1.0 is a source-available commercial license that permits internal source review and modification, blocks hosted-service redistribution, prohibits AI-training use with vendor flow-down terms, and automatically converts each release to Apache 2.0 after four years.

Added: ; Published: ; Source: Auditablelicense

NVIDIA AI Infrastructure Bet Fails: Caffe Creator Quits Over Broken Pledge

TechTimes, citing SemiAnalysis, reports that Caffe creator and LeptonAI co-founder Yangqing Jia left NVIDIA after the company allegedly reversed a commitment to open-source LeptonAI's core platform, turning a GPU-infrastructure acquisition into a developer-trust problem.

Added: ; Published: ; Source: Techtimes

Do excellent vulnerability reports

Daniel Stenberg explains how to write useful vulnerability reports for open-source projects such as curl, emphasizing overloaded maintainers, reproducible impact, respectful intake, and the limited relevance of whether a finding came from AI.

Added: ; Published: ; Source: Haxx

Why China is forging closer ties with open-source foundations

The Stack examines the rise of Chinese-origin open-source projects entering global foundations such as Apache, and the governance, licensing, and geopolitical questions that come with deeper foundation ties.

Added: ; Published: ; Source: Thestack

Can Knowledge-Based Pull Requests Make Agent Contributions Auditable?

Groundy examines a June 2026 proposal for knowledge-based pull requests, which would separate agent-submitted knowledge from code changes and let project-controlled agents regenerate patches so open-source maintainers can audit AI-assisted contributions more safely.

Added: ; Published: ; Source: Groundy

The Mac Admins Foundation 2026 Drive Starts Today!

The Mac Admins Foundation opened its 2026 Summer Giving Drive with a $40,000 goal and matched donations from seven sponsors to fund community infrastructure, scholarships, mentorship, and open-source tools used by Mac administrators.

Added: ; Published: ; Source: Macadmins

Koha Community Newsletter: June 2026

The Koha community reported a governance milestone for its planned Koha Charitable Foundation, naming the first nominees for an inaugural board that will oversee sustainability, finances, and community values for the open-source library system.

Added: ; Published: ; Source: Koha Community

KubeFlow Audit Complete!

OSTIF published results from a CNCF-supported Kubeflow security audit by ADA Logics, reporting 14 security-impact findings and new threat modeling, OpenSSF Scorecard assessments, and fuzzing work across six open-source Kubeflow projects.

Added: ; Published: ; Source: Ostif

R Core Team Honoured with the 2026 Rousseeuw Prize for Statistics

The International Statistical Institute says the R Project received the 2026 Rousseeuw Prize for Statistics, a US$1 million award that will be shared among long-standing R Core Team members and other contributors to the open-source statistical computing language.

Added: ; Published: ; Source: Isi Web