The Coalition

Open source is under attack.

Every bank, hospital, and AI lab runs on packages built by maintainers who share their work freely. AI changed the threat. Attackers now deploy agents that find and exploit vulnerabilities at machine speed, across thousands of packages at once.

No maintainer can keep up. No scanner catches what hasn't been found yet.

In April 2026, hackers began exploiting a critical vulnerability in cPanel, the software that manages 70 million domains. A single authentication bypass gave attackers root access to hosting servers. The bug had been exploited as a zero-day for at least 30 days before anyone noticed. Major hosting providers scrambled to block access and patch. Millions of websites were exposed.

The only defence that scales against AI attackers is AI. Offence is the best defence.

The Coalition is an alliance of open-source projects standing together against this common threat. Superagent hunts for vulnerabilities before attackers find them, using swarms of AI agents — thousands working around the clock, learning from each other, building on previous work. When they find something, we help maintainers patch it. The more projects that join, the more the agents learn, and the stronger the defence gets for everyone.

“Superagent pointed their agents at dotenvx. It chained vulnerabilities together the way a real attacker builds a kill chain and found exploit paths. I patched them. A week later, a threat intelligence scanner flagged the same vulnerability. By then it was already fixed. That's what a compressed time delta looks like.”

— Scott Motte, creator of dotenv and dotenvx

Maintainers built the software the world depends on. They shouldn't have to defend it alone.