By Mirko Swillus
Once a year, the United Nations gathers more than a thousand people from around the globe to discuss how to advance open source during UN Open Source Week. It was my privilege to travel to New York City to learn from this incredible community. The event allowed me to connect with new and old friends who share the same beliefs around the digital commons.
During the event, I supported the Maintain-a-thon by moderating the technical track. I also hosted an interactive session with Seth Larson titled “The Vulnerability Flood: Open Source Security in the Age of LLMs”.
What is the LLM vulnerability flood?
Frontier large language models (LLMs) can now generate high-quality vulnerability reports rapidly. While identifying security bugs is important, the sheer volume of automated inputs threatens to overwhelm open source maintainers. Maintainers are drowning in these reports because they must manually triage, verify, and patch each issue. This structural bottleneck creates immense pressure, risks developer burnout, and exposes critical software supply chains to growing security risks.
How does Alpha-Omega support open source maintainers?
Alpha-Omega protects society by funding and catalyzing sustainable security improvements across open source software. To address the immediate influx of automated reports, our fund contributes a practical solution: our team of AI Security Engineers in Residence (SEIRs, pronounced “seers”).
The program deploys 30 paid open source security experts directly to major critical ecosystems. These ecosystems include Rust, JavaScript, Node, Ruby, PHP, Erlang, Perl, Eclipse, FreeBSD, and Drupal. These are not just automated tools or distant observers; these are people whom we pay to support ecosystem maintainers in a rapid-response manner. Alpha-Omega works with maintainers, not over them. The SEIRs actively create sustainable structures that support maintainers over the long term.
Why are human connections vital for digital infrastructure?
Most private and public actors in the field now acknowledge the scale of the triage and fix problem. Several organizations have started to explore contributions to a solution. Coordinating these independent efforts presents a significant opportunity for the community.
My main takeaway from Day 1 of UN Open Source Week is that human connections and mutual trust brought this community to its current position. Trust and collaboration will be key as we navigate these challenging times. For this reason, face-to-face gatherings remain incredibly valuable.
Who makes this collaborative security work possible?
Ecosystem security requires sustained, collective investment. Alpha-Omega operates as a Directed Fund within the Linux Foundation. The fund is backed by Anthropic, Amazon Web Services (AWS), Citi, GitHub, Google, Google DeepMind, Microsoft, and OpenAI. Since 2022, Alpha-Omega has awarded over 70 grants totaling more than $20M across major ecosystems, package registries, and individual projects.
I want to express my gratitude to the United Nations, Omar Mohsine, and the organizing team. Thank you to all the attendees who devoted so much energy to these sessions. Thank you to Alpha-Omega and Michael Winser for refusing to accept the status quo. Finally, thank you to my friends from the Sovereign Tech Agency, who have become an essential part of this global community and organized the Maintain-a-thon.
Selfie from the event showcasing the non-violence sculpture
During the week, I caught up with my Alpha-Omega colleague Andrew Nesbitt. Andrew does an incredible job maintaining Ecosyste.ms and creating powerful tools for free and open source software maintainers.
Alpha-Omega will continue to invest where security improvements can scale across ecosystems and deliver measurable outcomes.
Learn more at https://alpha-omega.dev/.
About the Author
Mirko Swillus is a Technical Program Manager for Alpha-Omega, where he works on strengthening the security and sustainability of critical open source software. He brings more than 15 years of experience across software engineering, architecture, engineering management, and open source strategy. Previously, Mirko led the Sovereign Tech Fund at the Sovereign Tech Agency, supporting major open source projects and designing programs for maintainers. His work focuses on helping teams, communities, and ecosystems organize effectively to solve meaningful problems in engineering management, open source, and software supply chain security.
