IT Brief US - Technology news for CIOs & IT decision-makers
United States
Editorial interlocking open source components secure supply chain ai shield
#
Virtualisation
#
Application Security
#
Advanced Persistent Threat Protection

OpenSSF adds members, boosts AI & supply chain security

Mon, 23rd Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

OpenSSF has added Helvethink, Spectro Cloud and Quantrexion as general members, while outlining a series of project updates across software supply chain and AI security.

The additions come as the organisation expands its work on open source software security and reports new activity across standards, tooling and training. The new members will join working groups, contribute to technical initiatives and help shape the foundation's direction.

Among the operational changes, OpenSSF has partnered with Kusari to make Kusari Inspector available at no cost to OpenSSF projects. The tool is designed to give maintainers greater visibility into software supply chains and run security checks at the pull request level.

In another update, SLSA, the Supply-chain Levels for Software Artifacts project, has reached Graduated status. The designation reflects the project's maturity and broader adoption as a framework for software supply chain integrity.

The foundation also highlighted the first white paper from the Gemara Project, which sets out a framework for integrating security-as-code principles into the software development lifecycle.

AI security

Part of the latest activity focuses on artificial intelligence and machine learning systems. OpenSSF has launched two new special interest groups under its AI/ML Security Working Group: one on Model Lifecycle Provenance and the other on GPU-Based Model Integrity.

The move reflects a broader effort to address risks in the software and infrastructure behind AI development. It follows earlier funding news that more closely linked the group's work with AI security support for maintainers and open source projects.

Recent growth follows the award of USD $12.5 million in grant funding to OpenSSF and Alpha-Omega from leading AI providers. The funding is intended to support longer-term security work for maintainers.

Standards work also featured in the update. Through Linux Foundation Europe, OpenSSF has been approved as a CEN / CENELEC Liaison Organisation for cybersecurity, giving it a more formal role in standards discussions.

On education and outreach, the foundation has officially launched its Ambassador Program. It also said more than 7,300 learners have enrolled in its free course on the EU Cyber Resilience Act, bringing total enrolments across OpenSSF training programmes to more than 75,000.

Steve Fernandez, General Manager of OpenSSF, said the developments come amid a changing threat environment. "Open source security continues to evolve significantly in the face of new, automated threats," he said. "Our member organizations are seeding a more secure future, built with longevity in mind, by working with the OpenSSF. This network of projects, maintainers, and thousands of contributors is key to reinforcing reliable, sustainable open source software for all."

The three new members each said their decision to join was driven by concerns around open infrastructure, governance and software supply chain security.

Helvethink said its work in cloud architecture, platform engineering and DevSecOps is closely tied to the open source software used across modern infrastructure. "At Helvethink, we work at the intersection of cloud architecture, platform engineering, and DevSecOps. Open source components are foundational to modern infrastructure from Kubernetes and IaC tooling to CI/CD pipelines and security automation. Strengthening this ecosystem requires measurable standards, robust software supply chain security practices, and active collaboration across the community. By joining OpenSSF, we are actively participating in several working groups to contribute to initiatives focused on supply chain integrity, secure-by-design principles, and the continuous improvement of cloud-native security practices," said Jose Goncalves, Co-Founder of Helvethink.

Quantrexion pointed to governance and human risk management as part of the case for stronger open ecosystems. "Quantrexion is proud to join OpenSSF and support its mission to strengthen the security, resilience, and trustworthiness of open source software. As a company focused on governance and human risk management, we see secure open ecosystems as a critical part of long-term digital resilience," said Dionysis Karamitopoulos, CEO of Quantrexion.

Spectro Cloud said its membership reflects a shared responsibility for securing the software that underpins modern infrastructure. "Open source is the foundation of modern infrastructure - and its security is a shared responsibility. By joining the OpenSSF, Spectro Cloud is investing directly in the community work that raises the bar for everyone. Just as importantly, it strengthens the standards and practices behind the software we ship, so our customers can deploy Kubernetes with confidence in the integrity of every component. We're proud to support the OpenSSF mission and to keep translating that momentum into real product capabilities that make secure software a default, not a bolt-on," said Saad Malik, CTO and Co-Founder of Spectro Cloud.

Related stories
Wayvia updates Shoppable platform to track retail sales
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
Autonomize launches healthcare AI platform version 3
OpenAI launches Trusted Access for Cyber with major names

Top stories

TestRail launches AI test script generation in beta
FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment