Issue #7: AI pressure, funding, and foundation governance

This week in Open Source Funded, AI pressure kept showing up in open source governance: public repositories, vulnerability discovery, commit attribution, low-quality pull requests, and even unofficial ports using established project names.

There was also important funding and foundation activity. CopilotKit raised $27 million, RadixArk launched with $100 million around SGLang, Dell and Lenovo became premier LVFS sponsors, Linea Stack moved into Linux Foundation Decentralized Trust governance, and Microcks became a CNCF incubating project.

The quieter infrastructure story was sustainability. Package registries, firmware update infrastructure, open drivers, and foundation-backed identity and AI tooling all showed how much shared work sits behind the software ecosystem.

Projects joining a foundation

Linea Stack was contributed as Lineth, a new code project under Linux Foundation Decentralized Trust — Linea Consortium Becomes Premier Member of Linux Foundation Decentralized Trust; Contributes Linea Stack as Newest Code Project
Microcks became a CNCF incubating project — Microcks becomes a CNCF incubating project
MCP, Goose, and AGENTS.md were discussed as projects moving under the Linux Foundation’s Agentic AI Foundation governance — Why the Linux Foundation adopted MCP, with Jim Zemlin and Mazin Gilbert

These are different kinds of foundation moves, but they point in the same direction: widely used infrastructure and coordination layers keep looking for more neutral governance homes as adoption grows.

Funding reached AI infrastructure, grants, and sponsorships

CopilotKit raised a $27 million Series A for its open source stack and AG-UI protocol for app-native AI agents. The commercial shape is familiar: open developer infrastructure, paired with a business around hardening and supporting production deployments.

RadixArk launched with $100 million in seed funding to grow SGLang, the open source AI inference and training system. Backers include Accel, Spark Capital, NVIDIA’s NVentures, AMD, MediaTek, and others.

The Linux Vendor Firmware Service also got a direct sustainability boost: Dell and Lenovo became its first Premier sponsors, each contributing $100,000 per year after LVFS warned vendors about underfunding and began rolling out usage restrictions.

And Tether launched a no-cap developer grants program, paying in USDT or Bitcoin for deliverables across its open technology stack, including local-first AI components and open source self-custodial wallet infrastructure.

Sources: CopilotKit raises $27M to help devs deploy app-native AI agents, RadixArk Launches with $100 Million in Seed Funding Led by Accel to Grow SGLang and Democratize Frontier AI Infrastructure, Good Job Dell and Lenovo! Hope Others Follow You, Tether Launches Developer Grants Program to Fund Local-First AI and Payments Infrastructure

Package registries got a sustainability spotlight

OpenSSF published a detailed look at the costs of running open source package registries, including security work, abuse handling, infrastructure, and the added load created by AI coding agents. The Rust Foundation also announced work with package registry leaders on the same sustainability problem.

Sonatype joined the Linux Foundation’s Sustaining Package Registries Working Group, adding another commercial supply-chain company to the effort.

The common message is blunt: package registries are critical infrastructure, but they are not free to operate safely. They need funding, governance, and security capacity before the ecosystem treats them as permanently reliable public utilities.

Sources: Open Infrastructure Is Not Free, Part II: The Hidden Cost of Running Package Registries, Rust Foundation and Package Registry Leaders Unite to Address Open Source Sustainability Crisis, Sonatype joins Linux Foundation registry working group

AI pressure kept hitting public code and contribution workflows

NHS England reportedly planned to make hundreds of public GitHub repositories private, citing cybersecurity concerns tied to AI-enabled vulnerability discovery. The Register reported the move, and New Scientist covered the backlash from critics who argued that hiding code would reduce transparency without clearly improving security.

curl lead Daniel Stenberg wrote about getting access to Anthropic’s Mythos through the Linux Foundation’s Alpha-Omega program. Mythos found one curl vulnerability, but Stenberg framed the broader AI vulnerability-finding claims around it as mostly marketing hype.

On the contributor side, the RPCS3 PlayStation 3 emulator maintainers asked contributors to stop sending low-quality AI-generated pull requests. VS Code briefly defaulted to adding a Co-authored-by: Copilot trailer to Git commits, sometimes even when Copilot was disabled, before Microsoft reverted the change. Bun’s Zig-to-Rust porting guide also revived discussion of Zig’s no-AI contribution policy and Anthropic’s ownership of Bun.

And an unofficial “Notepad++ for Mac” release was disavowed by Notepad++ creator Don Ho after using the project’s name and logo. Ars Technica reported that the port was built partly with Claude CLI and other AI coding tools, making it a trust and trademark story as much as a code story.

Sources: NHS to close-source hundreds of GitHub repos over AI, security concerns, Backlash builds over NHS plan to hide source code from AI hacking risk, Mythos finds a curl vulnerability, PlayStation3 Emulator Devs Politely Ask Contributors to Stop Submitting ‘AI Slop’ Pull Requests, Typical Microsoft! Turns Out VS Code Was Adding Copilot as a Git Co-Author Without Telling Anyone, Bun posts Rust porting guide, says rewrite is still half-baked, “Notepad++ for Mac” release is disavowed by the creator of the original

License cleanup, enforcement, and commercial boundaries stayed active

The PHP project is retiring the PHP License and Zend Engine License in favor of BSD-3-Clause. LWN’s coverage described the consent and trademark steps needed to complete the relicensing work.

Baker Botts summarized rulings in Software Freedom Conservancy v. Vizio, including findings that consumers can pursue breach-of-contract claims as third-party beneficiaries of GPLv2 and LGPLv2.1 obligations.

A different kind of legal pressure showed up around Bambu Lab. Slashdot summarized Tom’s Hardware reporting that developer Pawel Jarczak shut down an OrcaSlicer-BambuLab fork after the company threatened legal action over work to restore remote-printer features Bambu had restricted.

LibreOffice and The Document Foundation publicly questioned whether Euro-Office, a Nextcloud and IONOS fork of ONLYOFFICE, will truly use OpenDocument Format as its native format or remain tied to Microsoft’s OOXML. MySQL 9.7 LTS also drew attention because Oracle moved enterprise features into the Community Edition amid continuing community concern about Oracle’s long-term open source commitment.

Meanwhile, Warp opened most of its client code after years of promising an open source release, while keeping broader AI-oriented orchestration ambitions proprietary. And OpenCode gained attention as an open source, model-agnostic coding agent positioned as a hedge against proprietary AI coding platforms and vendor limits.

Sources: The retirement of the PHP license, When Consumers Enforce Open Source: The SFC v. Vizio Case, Open Source Project Shuts Down Over Legal Threats from 3D Printer Company Bambu Lab, LibreOffice Questions Whether Euro-Office is Truly Sovereign, MySQL 9.7: First Major LTS Since 8.4 Brings Enterprise Features to Community Edition, After Years of Teasing, Warp Finally Goes Open Source, Why 157,000 developers are hedging against Anthropic with OpenCode

Foundation and ecosystem work broadened

Harvard’s Applied Social Media Lab launched Keyring, an open source identity wallet developed in collaboration with Linux Foundation Decentralized Trust. The project is aimed at privacy-preserving verification, selective disclosure, age assurance, and distinguishing people from AI agents.

Anthropic updated Petri to version 3.0 and donated the open source AI alignment testing tool to Meridian Labs, an independent evaluation nonprofit.

The Linux Foundation launched an Open Driver Initiative to improve Linux hardware compatibility by encouraging open source drivers and reducing reliance on proprietary driver stacks. Qualcomm joined the Linux Foundation-hosted OCUDU Ecosystem Foundation as a Premier Member, and the Eclipse Software Defined Vehicle Working Group welcomed new members across automotive, commercial vehicle, next-generation mobility, and aerospace companies.

Chainguard also joined FINOS as a Gold Member, adding another supply-chain security company to the Linux Foundation fintech community’s work around trusted open source adoption in financial services.

These are not all funding stories, but they are sustainability stories. They show foundations continuing to serve as coordination points for identity, drivers, telecom infrastructure, automotive software, financial services, and AI governance tooling.

Sources: Harvard, Linux Foundation launch open-source wallet for selective data sharing, Donating our open-source alignment tool, Linux Foundation Backs Open Drivers To Improve Linux Hardware Compatibility, Qualcomm OCUDU Ecosystem Foundation’s Premier Membership to Accelerate Open Source Software for Open RAN Infrastructure, Eclipse SDV welcomes new members across automotive, commercial vehicle, next-gen mobility, and aerospace industries, Chainguard Joins FINOS to Accelerate Trusted Open Source Adoption for Financial Services in the AI Era

Jobs

Foundations and core infrastructure

Wikimedia Foundation — Senior Software Engineer, Core Experiences (link) — Remote. Posted 2026-05-11.
Wikimedia Foundation — Lead Technical Program Manager (link) — Remote. Posted 2026-05-08.
Mozilla — Firefox Software Test Engineering Student Worker (link) — Remote Germany. Posted 2026-05-06.

Community and developer relations

Mozilla — Head of Editorial + Platforms, Mozilla Ecosystem (link) — Remote US. Posted 2026-05-06.
Elastic — Senior Software Engineer - Docs Engineering - Documentation (link) — Spain. Posted 2026-05-05.

Sustainability and commercial open source

GitLab — Solutions Architect, AI + Security & Compliance, EMEA (link) — Remote, EMEA. Posted 2026-05-11.
GitLab — Lead Product Marketing Manager, Pricing and Packaging (link) — Remote, Canada; Remote, US. Posted 2026-05-11.
Grafana Labs — Engineering Manager, Mimir (link) — United Kingdom (Remote); EU remote options. Posted 2026-05-11.
ClickHouse — Solutions Architect - Langfuse (link) — San Francisco, CA. Posted 2026-05-08.
Grafana Labs — Backend Engineer, Mimir (link) — United States (Remote). Posted 2026-05-08.
Grafana Labs — Director of Engineering, Loki Databases (link) — United States (Remote). Posted 2026-05-08.
GitLab — Staff Product Manager, AI Agent Orchestration (link) — Remote, US. Posted 2026-05-07.
GitLab — Distinguished Engineer, Agentic SDLC & Non-Linear Productivity (link) — Remote, Canada; Remote, US. Posted 2026-05-07.
GitLab — Director of Engineering, Workflows & Runners (link) — Remote, Canada; Remote, US. Posted 2026-05-07.
Grafana Labs — Senior Risk Management Engineer (link) — United States (Remote). Posted 2026-05-06.
Mozilla Foundation — Senior Fundraising Strategist (link) — Remote Canada; Remote Germany; Remote UK; Remote US. Posted 2026-05-05.
Grafana Labs — Senior Engineering Manager, Grafana Backend (link) — Remote US/Canada. Posted 2026-05-05.
ClickHouse — Senior Software Engineer - Identity & Authorization Platform (link) — Singapore. Posted 2026-05-04.

Legal and licensing

Grafana Labs — Contracts and Legal Systems Operations Manager (link) — United States (Remote). Posted 2026-05-08.