Open Source Funded

A weekly newsletter tracking grants, sponsorships, and direct support for open source projects, with relevant analysis included in each issue.

June 8, 2026

Issue #11: AI pressure, open source funding, and governance shifts

This week: Unleash moved to AGPLv3, Supabase and Archestra raised funding, OpenAI, Dependency Firewall, and Sovereign Tech offered maintainer support, EU open source policy advanced, AI-assisted security strained maintainer workflows, and projects joined or launched foundations and consortia.

This week in Open Source Funded: commercial open source companies raised money, maintainers received new funding offers and security-audit support, governments kept tying open source to digital sovereignty, and AI-assisted development kept turning review, security, and provenance into governance questions.

Funding, sponsorship, and sustainability

Unleash is moving its open-source feature-management repository from Apache 2.0 to AGPLv3 to keep the project sustainable. The company says its enterprise distribution remains commercially licensed, while official open-source Docker images and SDKs keep their existing licenses (Unleash).

Supabase raised a $500 million Series F at a $10.5 billion post-money valuation for its open source Postgres development platform, with GIC leading the round and existing investors plus Salesforce Ventures participating (PR Newswire). Archestra raised $10 million for its open-source platform that brokers AI-agent access to enterprise data without exposing that data to model providers (SiliconANGLE). Fivetran and dbt Labs completed their all-stock merger and said they will keep investing in open source dbt, including dbt Core v2.0 under Apache 2.0 and the open sourcing of the dbt Fusion engine runtime (Fivetran/dbt Labs).

Cloudflare said VoidZero, the company and team behind Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare while the JavaScript tooling remains open source and vendor-agnostic; the Vite team said Cloudflare is creating a $1 million Vite ecosystem open source fund for plugins, independent core-team stipends, security work, and related tools, while The New Stack noted community concern about whether the tooling ecosystem will remain independent in practice (Cloudflare, Vite, The New Stack). RedMonk analyzed Anthropic’s acquisition of Oven, maker of the open source Bun JavaScript runtime, as another signal that AI companies value widely adopted open source infrastructure (RedMonk). Brave announced Brave Origin, a paid minimalist version of its open source browser that removes optional revenue-supporting features such as AI, VPN, crypto, Rewards, Wallet, and Web3 domains while keeping Brave Shields, ad and tracker blocking, Chromium updates, and a free Linux option (Brave). The Eclipse Foundation highlighted S&P Global 451 Research report reprints on sustainability and investment models around Open VSX and ThreadX (Eclipse Foundation).

OpenAI launched Codex for OSS, offering maintainers of widely used open source projects API credits, ChatGPT Pro with Codex, and selective access to Codex Security while continuing open development of Codex CLI and SDK components (OpenAI). Dependency Firewall launched a package pre-screening service and said maintainers of critical open source projects can receive up to $5 million in credits (depthfirst). NLnet opened a funding call for free and open source digital commons projects, with proposals due August 1, 2026 (NLnet). Sovereign Tech signed a memorandum of understanding with DIN to build a standards network that helps open source maintainers participate in international standards work, starting with a pilot cohort and funded coordination (Sovereign Tech).

Funding asks and support programs also appeared across ecosystems. The Rust Foundation pointed individuals and organizations to the Rust Foundation Maintainers Fund and rust-lang.org/funding (Rust Foundation). The Python Software Foundation said a No Starch Press Humble Bundle will send a share of proceeds to the PSF (PSF). KDE marked its 30th anniversary by asking users to become supporting members or donate (FOSS Force). The Uniswap Foundation Security Fund opened applications for a June 2026 cohort offering subsidized smart-contract security audits (Uniswap governance).

Security-audit funding continued to show up as sustainability infrastructure. The Scala Center completed the first part of a Sovereign Tech Fund-backed security audit of Scala 3 with OSTIF and Quarkslab (Scala). CNCF said Inspektor Gadget completed its first independent security audit, coordinated by OSTIF, funded by CNCF, and carried out by Shielder (CNCF). RedMonk examined the market for hardened container images and highlighted Replicated’s SecureBuild model, which shares most image subscription revenue with upstream maintainers (RedMonk).

Several pieces focused on the human side of sustainability. Ryan Johnson argued that maintainer burnout is driven by contributor volume, entitlement, isolation, and corporate extraction without matching upstream budgets (tenthirtyam). Martin Davidson asked what remains valuable in open source as AI lowers software creation costs, pointing to maintainer pushback against generated reports and pull requests, uneven funding across package tiers, and changing incentives around reuse (0x4d44). Dawn Foster described a CHAOSS guide for measuring the impact of OSS funding (Fast Wonder). HCSS argued that non-profit cybersecurity organizations are essential but structurally underfunded (HCSS). DevX surveyed the open-source funding crisis across security, maintainer burnout, and supply-chain risk (DevX). LWN covered Robin Bender Ginn’s Open Source Summit argument that security is a shared responsibility, not something users can expect lone maintainers to absorb alone (LWN).

Tech.eu covered Mike McQuaid’s OSS Resistance effort, which urges maintainers employed by companies that depend on open source to treat maintenance as paid work and normalize company sponsorship and maintenance time (Tech.eu). Joost de Valk argued that Lovable should sponsor TanStack after making TanStack Start a foundation for new apps on its platform (Joost de Valk). The Immich team reviewed two years under FUTO, saying the project now has about ten paid team members while keeping governance autonomy and avoiding feature paywalls (Immich). Changelog interviewed Max Stoiber about a path from open source projects such as react-boilerplate and styled-components through Spectrum’s acquisition by GitHub, Stellate’s founder journey, and work now at OpenAI (Changelog).

Kefir C compiler maintainer Jevgenijs Protopopovs said new major development will move private for sustainability reasons, citing limited capacity, weak project ROI, failed attempts to legitimize the work, and concern that public GPLv3 code is being used for AI training without support flowing back (Kefir). tea said its open-source L2 and $TEA token launched as an economic layer for open-source software, using Proof of Contribution and teaRank to route value to maintainers and contributors (Yellow.com).

Governance, licensing, and provenance

The European Commission published a technology-sovereignty package that includes a new Open Source Strategy. FSFE said the package could advance public-code policy if implementation brings binding rules, long-term funding, and civil-society involvement; the Commission described support for contributors, foundations, companies, viable business models, procurement, and long-term maintenance of critical components; TechPolicy Press highlighted the proposed European Maintenance Instrument; and OSI welcomed procurement commitments, an open-source-first policy for EU institutional code, and new backing for OSPOs (FSFE, European Commission strategy, European Commission communication, TechPolicy Press, OSI).

Policy arguments did not all point the same direction. BSA objected to mandatory open-source licensing as a digital-sovereignty criterion in a French government consultation, warning that such requirements could raise costs, limit access to security tools, and conflict with trade commitments (Slashdot). The newly formed Linux Association of Canada launched a national open-source software library for Canadian-developed projects, framing planned nonprofit status and the repository as digital-sovereignty infrastructure (Open Source For You).

Kiteworks created an Open Source Program Office under the ownCloud brand, formalizing an AI-assisted contribution policy, a move from CLA to DCO, Apache 2.0 for new components, and a planned community advisory board (MSP Channel). WP Engine’s counsel is pursuing dissolution of the WordPress Foundation within the broader WP Engine v. Automattic litigation, raising questions about project and event trademarks during the commercial dispute (Webhosting.Today).

Euro-Office, an AGPL-derived open source office-suite effort backed by European companies, drew coverage as a sovereignty alternative to Microsoft Office and Google Docs; ITPro also reported that OnlyOffice has accused the project of license and attribution violations. Tuta joined the Euro-Office coalition as the group nears its first stable release, while The Document Foundation criticized Euro-Office’s sovereignty claims and Webiano argued that Euro-Office’s real test will be practical commercial packaging, governance, support guarantees, migration help, compatibility, and predictable pricing rather than license costs alone (ITPro, It’s FOSS, FOSS Force, Webiano).

Provenance questions showed up around AI-assisted development. LWN covered Philippe Ombredanne’s account of an AI-agent port of ScanCode Toolkit to Rust that allegedly used the ScanCode name, removed copyright and license notices, and began outreach without engaging the AboutCode community (LWN). The New Stack used the OpenClaw/NanoClaw attribution dispute to examine AI-agent accountability, abandoned dependency choices, and license provenance in agent-built software, and later reported that Microsoft shipped Scout on the open source OpenClaw runtime while keeping paid value in identity, governance, Microsoft 365 context, Windows containment, and silicon layers (The New Stack on OpenClaw/NanoClaw, The New Stack on Scout). Sigma Zero revisited the Matplotlib incident, where an AI agent opened a pull request and later published posts attacking a maintainer after the PR was closed (Sigma Zero).

Projects and commentators kept debating how to handle AI-assisted contributions. Rust is considering a policy that would limit LLM-generated public contributions, require disclosure for AI-assisted code, and ban AI-created core content such as issue text, documentation, diagnostics, and substantive comments (Linuxiac). Ladybird will no longer accept public pull requests while preparing the browser for users, arguing that AI tools have weakened pull requests as a trust signal (Ladybird). David Heinemeier Hansson argued that agent-aided programmers should not be excluded from open source participation (DHH). Vim Classic, a Vim 8.2-based fork, launched for users who want an AI-free editor after recent Vim development added LLM-related features (It’s FOSS).

AI security and maintainer pressure

Anthropic expanded Project Glasswing to about 150 additional organizations, including maintainers of critical open source software, while releasing vulnerability-finding tools to trusted security teams and exploring ways to scale review and patching for open source projects (Anthropic). Anthropic also published an open-source reference harness for autonomous vulnerability discovery and remediation with Claude (GitHub). DevOps.com reported that Claude Code Security was tested on production open source codebases and is being offered with free expedited access for open source maintainers (DevOps.com). Techzine reported that ENISA is gaining access to Mythos through Project Glasswing (Techzine), while Bruce Schneier criticized the public Project Glasswing update as under-documented and warned that many reported vulnerabilities remain unpatched (Schneier on Security).

Federal proposals also tied AI security to open source maintenance. Representative Lori Trahan called for an AI framework that includes funding for open-source maintainers and renewed threat-sharing protections (Rep. Trahan). FedScoop reported that a bipartisan House discussion draft for the Great American AI Act would authorize CISA grants for maintainers of widely used open-source software (FedScoop). Cybersecurity Dive reported on a broader House AI bill that would require CISA grants for critical open-source package developers and give those developers access to advanced vulnerability-finding AI models (Cybersecurity Dive).

The volume and impact of AI-assisted vulnerability discovery remained a recurring theme. Sonatype argued that the bottleneck is shifting from finding bugs to repairing open source at ecosystem scale (Sonatype). DevOps.com covered Dan Lorenc’s argument that Mythos exposes structural problems in open source consumption and remediation capacity (DevOps.com). Red Hat said AI-driven vulnerability discovery is increasing the volume and complexity of open source vulnerability triage, making human judgment, coordinated disclosure, and upstream communication more important (Red Hat). HeroDevs argued that a June 2026 AI cybersecurity executive order may accelerate vulnerability discovery without funding patches for end-of-life open source software (HeroDevs). OpenSSF’s North America community-day recap said working groups, researchers, maintainers, and enterprises focused on AI-security transitions, autonomous workflow guardrails, maintainer support, phishing defense, and supply-chain tooling (OpenSSF).

Examples kept arriving. An autonomous AI tool found a two-year-old authenticated RCE flaw in Redis (The Hacker News). OpenAI’s Codex helped discover HTTP/2 Bomb, a denial-of-service exploit affecting default HTTP/2 configurations in nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora (Calif). The Next Web reported that depthfirst’s autonomous AI agent found 21 previously unknown vulnerabilities in FFmpeg for about $1,000 in compute, underscoring how bug-finding costs are falling faster than human triage and release capacity (The Next Web). CoinDesk reported that Taylor Hornby, who used Anthropic’s Opus 4.8 to find a critical Zcash Orchard flaw, plans to add Monero to his audit queue and seek a Zcash coinholder grant for additional AI-assisted protocol security work (CoinDesk). Phoronix reported nine new X.Org Server and XWayland vulnerabilities found through AI-assisted auditing (Phoronix). Phoronix also reported that Linux maintainers are proceeding with deprecating AF_ALG after AI/LLM-assisted vulnerability discovery exposed a growing attack surface (Phoronix). LWN reported that kernel developers are considering removing splice() and vmsplice() after a flood of LLM-discovered vulnerabilities (LWN). IANS reported five critical zero-days in the open-source OpenClaw agentic AI platform that could let attackers impersonate trusted users across messaging platforms, with maintainers announcing ID-matching fixes after AI-driven analysis found recurring weaknesses (IANS).

Agent workflows created new supply-chain angles. SafeDep reported that a Miasma worm variant injected a dropper into GitHub repositories and used Claude Code, Gemini, Cursor, and VS Code configuration files so the payload can trigger when a cloned repository is opened in an AI coding agent; it later examined how ordinary repository config files for VS Code, Cursor, Claude Code, Gemini CLI, npm, Composer, and Bundler can become supply-chain execution primitives (SafeDep on Miasma, SafeDep on config files). Endor Labs reported that trojanized ai-sdk-ollama releases were part of the same npm worm campaign, using binding.gyp install hooks to execute malware, steal cloud credentials, and spread through maintainer accounts (Endor Labs). Sonatype said a new Shai-Hulud/Miasma wave compromised 281 npm package versions, while The Hacker News reported that GitHub disabled 73 Microsoft repositories after malicious payloads were planted to harvest credentials and trigger in AI coding-agent workflows (Sonatype, The Hacker News). Snyk reported that jqwik maintainer Johannes Link intentionally shipped version 1.10.0 with an ANSI-obscured prompt injection aimed at AI coding agents before reverting it in 1.10.1 (Snyk).

Maintainer workflow pieces converged on review capacity. The Spring team said AI is increasing issues, pull requests, and security reports, forcing maintainers to separate useful reports from AI slop (Spring). LeadDev argued that coding agents have made already-strained pull request reviews less sustainable (LeadDev). TFiR interviewed Valkey maintainer Madelyn Olson about using AI agents without replacing human review or community judgment (TFiR). Latent Space interviewed GitHub COO Kyle Daigle about agentic coding’s strain on GitHub and open source (Latent Space). InfoWorld and BGR looked at dependency, security, licensing, and generated-code risk in agentic development (InfoWorld, BGR). Fabio Akita summarized the backlash around AI-generated pull requests, project limits on AI-assisted contributions, bug bounty noise, and releases whose AI-assisted work broke user workflows (Akita on Rails). New Scientist reported that maintainers are being pushed toward burnout by reviewing, fixing, and rejecting AI-written submissions (New Scientist). Malvads announced Slopper, an experimental GitHub Action that scores pull requests for signs of AI-generated slop using author reputation, commit patterns, code quality, and behavioral signals (dev.to).

Kernel and infrastructure maintainers continued to adapt. LWN covered Alexei Starovoitov’s proposals for adapting BPF tooling and maintenance to coding agents (LWN). LWN also covered Andrew Tridgell’s response to criticism of his use of LLM tools while maintaining rsync, tying the choice to AI-generated security-report volume and the need for stronger tests, CI, and code coverage (LWN). Linuxiac reported that rsync 3.4.3 regressions intensified the debate, while Alexis Purslane argued from rsync bug data that Claude-era releases sit within historical bug-rate distribution and that recent regressions are better explained by the flood of AI-enabled security reports (Linuxiac, Alexis Purslane).

Projects joining or launching foundations and consortia

  • FINOS said Fidelity Investments upgraded to Platinum membership and joined its governing board, TD Bank joined as a Platinum member, and BrightQuery, Chainguard, MariaDB, Oracle, Moderne, Octopus Deploy, and Summit58 joined as new Gold and Silver members — FINOS
  • Aviatrix joined the Open Information Security Foundation as a consortium member and said it will contribute engineering resources, cloud-native Suricata rules, multicloud reference architectures, and performance work upstream while embedding Suricata in its cloud security platform — Aviatrix
  • Ainekko said its CORE-ET Silicon Platform has been accepted as an OpenHW Foundation project, bringing RISC-V and MRAM edge-AI hardware and software building blocks into the Eclipse Foundation’s OpenHW ecosystem — Ainekko
  • Fraunhofer AISEC joined the OpenHW Foundation and said it will contribute to open, verifiable hardware platforms including CVA6 SDK work, OpenTitan, and GyroidOS — Fraunhofer AISEC
  • Realtek joined the OpenTitan coalition, with plans to use the open source silicon Root of Trust project’s vendor-neutral IP and contribute silicon, firmware, and verification assets — lowRISC/Realtek
  • Tempus, Yale New Haven Health, and Memorial Sloan Kettering Cancer Center launched a digital pathology IMS Open-Source Consortium, with Tempus open sourcing Paige Image Management System components under shared governance — Business Wire
  • The Linux Foundation announced its intent to launch the Tokenomics Foundation for open standards and governance around AI cost management, token accounting, and usage transparency — Linux Foundation
  • Apache Livy, a REST service for Apache Spark, became an Apache Software Foundation Top-Level Project after graduating from incubation — ASF
  • agentgateway joined the Linux Foundation-hosted Agentic AI Foundation as an Apache 2.0 gateway for MCP, Agent-to-Agent, LLM inference, HTTP, and gRPC traffic — AAIF
  • CVE Lite CLI, a local-first JavaScript dependency scanner, was accepted as an OWASP Incubator ProjectCyber Security News
  • OpenSearch Software Foundation welcomed CERN, Big Data Boutique, OpenSource Connections, and Resolve Technology as new members as OpenSearchCon Europe positioned the Apache 2.0 project for agentic AI workloads — OpenSearch
  • DDEV’s trademark, domain, and assets returned to the DDEV Foundation after Upsun hosted them while sponsoring maintainer Randy Fay — Upsun
  • DNS-AID, initially developed by Infoblox and now under Linux Foundation governance, provides an open DNS-based directory for AI agents and MCP servers to publish, discover, and verify each other — Help Net Security
  • PEAK:AIO and Los Alamos National Laboratory launched Lattice, an open source pNFS metadata server developed with LANL and launched in collaboration with the Linux Foundation, while PEAK:AIO plans a commercially supported pNFS superset — GlobeNewswire
  • Mainframe Software Hub for Linux is listed by the Open Mainframe Project as a vendor-neutral home for s390x build scripts, patches, releases, binaries, containers, and packages — Open Mainframe Project
  • OpenInfra Foundation launched an AI Policy Working Group to align community needs with AI-related development practices, regulation, governance, compliance, agentic workflows, and human accountability — OpenInfra

Jobs

Foundations and core infrastructure

  • The Document Foundation — System Administrator (link) — Worldwide/Remote. Posted 2026-06-08.
  • Mozilla — Marketing Specialist (link) — Remote US. Posted 2026-06-04.
  • Mozilla — Marketing Specialist (link) — Remote Canada. Posted 2026-06-04.
  • Mozilla — Marketing Specialist (link) — Remote. Posted 2026-06-04.
  • Mozilla — Technical Support Specialist (link) — Remote. Posted 2026-06-02.
  • Mozilla — Technical Support Specialist (link) — Remote Canada. Posted 2026-06-02.
  • Mozilla — Technical Support Specialist (link) — Remote US. Posted 2026-06-02.
  • Wikimedia Foundation — Senior Site Reliability Engineer (link) — Remote. Posted 2026-06-01.
  • Wikimedia Deutschland — Interim Technical Product Manager, Fundraising Technology (all genders) (link) — Berlin, Germany (hybrid). Posted 2026-06-01.
  • Wikimedia Foundation — Senior Site Reliability Engineer, Wikimedia Enterprise (link) — Remote. Posted 2026-06-01.
  • Mozilla — Front End Engineering Manager, Firefox Desktop (link) — Remote Canada. Posted 2026-06-01.

Community and developer relations

  • LangChain — Senior Education Engineer (link) — San Francisco, CA. Posted 2026-06-05.
  • Datadog — Senior Developer Advocate - Modern App Development (link) — California, Nevada, Texas, or Washington, USA (Remote). Posted 2026-06-05.
  • Temporal Technologies — Senior Staff Product Marketing Manager, AI (link) — United States - Remote Opportunity. Posted 2026-06-03.
  • Temporal Technologies — Senior Events & Field Marketing Manager, Conference Production & Operations (link) — United States. Posted 2026-06-02.
  • Temporal Technologies — Senior Events & Field Marketing Manager, Developer Conference Programming (link) — United States. Posted 2026-06-02.
  • MongoDB — Principal Evangelist (link) — Phoenix. Posted 2026-06-02.
  • LiveKit — Developer Support Engineer (link) — Remote, India. Posted 2026-06-01.
  • Airbyte — Product Advocate (link) — San Francisco. Posted 2026-06-01.

Sustainability and commercial open source

  • GitLab — Staff Backend Engineer (Ruby on Rails/AI), Verify (link) — Remote, Canada; Remote, United Kingdom; Remote, US. Posted 2026-06-08.
  • LangChain — Enterprise Account Executive (Atlanta) (link) — Atlanta, GA. Posted 2026-06-06.
  • GitLab — Intermediate Backend Engineer (C), Tenant Scale: Git (link) — Remote, India. Posted 2026-06-05.
  • GitLab — Intermediate Backend Engineer, Database Automation (Ruby) (link) — Remote, India. Posted 2026-06-05.
  • ClickHouse — Software Engineer - Database Integrations (link) — Spain. Posted 2026-06-05.
  • ClickHouse — Software Engineer - Database Integrations (link) — United Kingdom. Posted 2026-06-05.
  • Redis — Principal Golang Software Engineer - AI Services - Bulgaria (link) — Bulgaria. Posted 2026-06-05.
  • LangChain — Senior Platform Engineer, Ingestion (link) — Sweden. Posted 2026-06-05.
  • ClickHouse — Senior Partner Marketing Manager (link) — United States. Posted 2026-06-05.
  • ClickHouse — AI Product Engineer - ClickStack (link) — United States (remote). Posted 2026-06-05.
  • ClickHouse — AI Product Engineer - ClickStack (link) — United Kingdom (remote). Posted 2026-06-05.
  • ClickHouse — AI Product Engineer - ClickStack (link) — Germany (remote). Posted 2026-06-05.
  • ClickHouse — AI Product Engineer - ClickStack (link) — Canada (remote). Posted 2026-06-05.
  • ClickHouse — AI Product Engineer - ClickStack (link) — Netherlands (remote). Posted 2026-06-05.
  • Tailscale — Software Engineer, Networking (Dataplane) (link) — Remote (United States). Posted 2026-06-05.
  • Tailscale — Software Engineer, Networking (Dataplane) (link) — Remote (Canada). Posted 2026-06-05.
  • Tailscale — Software Engineer, Networking (Edge) (link) — Remote (United States). Posted 2026-06-05.
  • Tailscale — Software Engineer, Networking (Edge) (link) — Remote (Canada). Posted 2026-06-05.
  • Collabora — Audio Consultant Engineer - Linux Audio Stack (Remote/Anywhere) (link) — Remote. Posted 2026-06-05.
  • GitLab — Professional Services Engagement Manager (link) — Remote, US. Posted 2026-06-05.
  • Datadog — Senior Software Engineer - Linux Kernel/eBPF (link) — New York, New York, USA. Posted 2026-06-04.
  • Airbyte — Senior Site Reliability Engineer (link) — San Francisco. Posted 2026-06-04.
  • Canonical — Engineering Manager - Ubuntu Linux Kernel (link) — Home based - Worldwide. Posted 2026-06-04.
  • Canonical — Software Engineer (Python/Linux/Packaging) (link) — Home Based - Americas. Posted 2026-06-04.
  • Grafana Labs — Staff Backend Engineer - Session Replay (link) — United States (Remote). Posted 2026-06-04.
  • ClickHouse — Senior Cloud Engineer (link) — United States (remote). Posted 2026-06-04.
  • LangChain — Monetization Programs and Operations Lead (link) — San Francisco, CA. Posted 2026-06-04.
  • LangChain — Deployed Engineer (NYC) (link) — New York, NY. Posted 2026-06-04.
  • LangChain — Deployed Engineer (Boston) (link) — Boston, MA. Posted 2026-06-04.
  • LangChain — Deployed Engineer (Seattle) (link) — Seattle, WA. Posted 2026-06-04.
  • Docker — Principal Technical Program Manager (link) — Canada. Posted 2026-06-04.
  • LangChain — Commercial Account Manager (link) — London. Posted 2026-06-04.
  • LangChain — Commercial Account Manager (link) — San Francisco, CA. Posted 2026-06-04.
  • LangChain — Commercial Account Manager (link) — New York, NY. Posted 2026-06-04.
  • LangChain — Senior Backend Software Engineer, AI Observability & Evals Platform (LangSmith) (link) — San Francisco, CA. Posted 2026-06-03.
  • Mistral AI — Applied AI, Senior/Staff Forward Deployed Machine Learning Engineer - Munich (link) — Munich, Germany. Posted 2026-06-03.
  • Mistral AI — Applied AI, Forward Deployed Machine Learning Engineer - Munich (link) — Munich, Germany. Posted 2026-06-03.
  • Mistral AI — Applied AI, Technical Lead, Forward Deployed AI Engineer - Munich (link) — Munich, Germany. Posted 2026-06-03.
  • LiveKit — Distributed Systems Engineer (link) — Remote, U.S.. Posted 2026-06-03.
  • Prefect — Product Engineer (UI-Focused) — Horizon (link) — Remote. Posted 2026-06-03.
  • Airbyte — Senior Integrations Engineer (API Sources & Automation) (link) — San Francisco. Posted 2026-06-03.
  • Acquia — Director, Product Marketing, Acquia Source (link) — Remote-United-States. Posted 2026-06-03.
  • Chainguard — Senior Software Engineer (Libraries Platform) (link) — United States - Remote. Posted 2026-06-03.
  • Chainguard — Senior Software Engineer (Libraries Platform) (link) — Canada - Remote. Posted 2026-06-03.
  • Chainguard — Senior Software Engineer (Libraries Platform) (link) — United Kingdom - Remote. Posted 2026-06-03.
  • Grafana Labs — Staff Backend Engineer - Session Replay (link) — Canada (Remote). Posted 2026-06-03.
  • Temporal Technologies — Senior Engineering Manager, AI Developer Experience (link) — United States - Remote Opportunity. Posted 2026-06-03.
  • Temporal Technologies — Senior Software Engineer, AI Developer Experience (link) — United States, Remote Opportunity. Posted 2026-06-03.
  • Chainguard — Senior Technical Program Manager (link) — United States (Remote). Posted 2026-06-02.
  • ClickHouse — Principal Product Manager - Ecosystems & Connectors (link) — United States (remote). Posted 2026-06-02.
  • ClickHouse — Principal Product Manager - Ecosystems & Connectors (link) — Netherlands (remote). Posted 2026-06-02.
  • Canonical — Software Quality Assurance Engineer - Linux, PC, IoT (link) — Taipei, Taiwan. Posted 2026-06-02.
  • Supabase — Product Manager - AI (link) — Remote. Posted 2026-06-02.
  • n8n — AI Product Manager (link) — Berlin Office. Posted 2026-06-02.
  • GitLab — Senior Product Manager, AI Platform Management (link) — Remote Ireland; Remote Israel; Remote United Kingdom. Posted 2026-06-02.
  • GitLab — Senior Solutions Architect, AI / Core DevOps - EMEA (link) — Remote United Kingdom. Posted 2026-06-02.
  • Astronomer — Senior Customer Reliability Engineer - Infrastructure (link) — Ireland. Posted 2026-06-02.
  • Kitware — GTM Manager (link) — Clifton Park, New York. Posted 2026-06-02.
  • Grafana Labs — Staff AI Engineer (link) — United States (Remote). Posted 2026-06-02.
  • Grafana Labs — Staff AI Engineer (link) — Canada (Remote). Posted 2026-06-02.
  • Akuity — Solutions Architect (link) — Remote - North America. Posted 2026-06-02.
  • Astronomer — Senior Solutions Architect - East Coast (link) — Remote United States. Posted 2026-06-02.
  • Supabase — GSI Partnership Lead (link) — AMER. Posted 2026-06-02.
  • LangChain — Solutions Architect (APAC) (link) — Singapore. Posted 2026-06-02.
  • LangChain — Partner Alliance Lead - EMEA (link) — London. Posted 2026-06-02.
  • Kitware — GTM Lead (link) — Clifton Park, New York. Posted 2026-06-02.
  • Grafana Labs — Staff Software Engineer (link) — Canada (Remote). Posted 2026-06-02.
  • LiveKit — Staff Security Engineer (link) — Remote, U.S.. Posted 2026-06-01.
  • LiveKit — Senior Software Engineer, Agent Platform (link) — Remote, U.S.. Posted 2026-06-01.
  • eQualitie — Software developer for the federated web (link) — Worldwide/Remote. Posted 2026-06-01.
  • eQualitie — Android developer for the decentralized web (link) — Worldwide/Remote. Posted 2026-06-01.
  • n8n — Senior/Staff Engineer, n8n Labs (link) — Berlin Office. Posted 2026-06-01.
  • n8n — Senior/Staff PM, n8n Labs (link) — Berlin Office. Posted 2026-06-01.
  • Mistral AI — Applied Scientist / Domain Expert, AI4Engineering - EMEA (link) — Paris; London; Munich; Amsterdam; Lausanne; Linz; Luxembourg. Posted 2026-06-01.
  • Temporal Technologies — Staff Cloud Security Engineer (link) — United States (Remote). Posted 2026-06-01.
  • Chainguard — Principal Product Security Researcher (link) — United States (Remote). Posted 2026-06-01.
  • Chainguard — Principal Product Security Researcher (link) — United Kingdom (Remote). Posted 2026-06-01.
  • Chainguard — Principal Product Security Researcher (link) — Canada (Remote). Posted 2026-06-01.
  • Chainguard — Senior Customer Success Manager, Enterprise - East (link) — United States (Remote). Posted 2026-06-01.
  • Mistral AI — Product Monetisation & Pricing Lead (link) — Paris. Posted 2026-06-01.
  • Supabase — Senior Manager - Technical Program Management (link) — Remote. Posted 2026-06-01.
  • Astronomer — Senior Customer Reliability Engineer, Infrastructure - India (link) — Hyderabad, India. Posted 2026-06-01.
  • Canonical — Graduate Software Engineer, Open Source and Linux, Canonical Ubuntu (link) — Home based - Worldwide. Posted 2026-06-01.
  • Supabase — Product Manager - Multigres (link) — Remote. Posted 2026-06-01.
  • Supabase — Product Manager - Infrastructure (link) — Remote. Posted 2026-06-01.
  • Supabase — Core Product Lead (link) — Remote. Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer - Postgres (link) — United States (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer - Postgres (link) — Canada (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer - Postgres (link) — India (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer (Backend) - AI/ML (link) — United States (remote). Posted 2026-06-01.
  • ClickHouse — Senior Software Engineer (Backend) - AI/ML (link) — Canada. Posted 2026-06-01.
  • LangChain — Partner Alliance Lead - Federal (link) — Washington DC. Posted 2026-06-01.
  • Redis — Senior Product Manager, Redis Core (Document Database) (link) — Bulgaria. Posted 2026-06-01.
  • Mattermost — Senior React Native Engineer (link) — United States. Posted 2026-06-01.
  • Redis — Solution Architects - Singapore (link) — Singapore. Posted 2026-06-01.
  • Black Duck Software — SDET Engineer (link) — Bangalore. Posted 2026-06-08.
  • Black Duck Software — Senior SDET Engineer (link) — Bangalore. Posted 2026-06-08.
  • Black Duck Software — Lead Channel Partner (link) — Burlington, MA; Chicago, IL; Ohio. Posted 2026-06-07.
  • Black Duck Software — Implementation Engineer (link) — Bengaluru, India. Posted 2026-06-05.
  • Black Duck Software — Senior DevOps Engineer - Cloud Operations (link) — Burlington, MA. Posted 2026-06-05.
  • Sonatype — Federal Account Executive – Civilian Agencies (link) — Washington, D.C. - Remote. Posted 2026-06-05.
  • GitLab — Intermediate Vulnerability Researcher, AST: Vulnerability Research (link) — Remote. Posted 2026-06-05.
  • Black Duck Software — Application Security Engineer (West Coast) (link) — Calgary, AB. Posted 2026-06-05.
  • Black Duck Software — Technical Product Manager (AI/ Agentic systems) (link) — Burlington, MA. Posted 2026-06-04.
  • Sonatype — Marketing Growth Manager, Global Programs (link) — US Eastern/Central Remote. Posted 2026-06-04.
  • ACL Digital — Open-Source Compliance Analyst (OSS Licensing / Software Scanning) (link) — San Diego, CA (onsite preferred; hybrid possible). Posted 2026-06-03. Deadline 2026-07-03.
  • Sonatype — Senior Customer Success Manager (link) — Colombia - Remote. Posted 2026-06-03.
  • Sonatype — Channel Partner Manager (GSI & Alliances) (link) — UK - Remote; US - Eastern - Remote. Posted 2026-06-03.
  • GitLab — Commercial Legal Counsel (link) — Remote US. Posted 2026-06-02.
  • Black Duck Software — Technical Product Manager (link) — Finland. Posted 2026-06-01.
  • Black Duck Software — Customer Success Manager (link) — Bengaluru, India. Posted 2026-06-01.
  • newsletter
  • funding
  • foundations
  • open source
  • governance
  • security
  • ai
  • licenses
  • standards
  • jobs