A large-scale alliance of established technology companies and financial institutions pools resources to coordinate remediation of open-source security gaps in response to AI-powered vulnerability discovery.
SBOM is a formalized component inventory with standardized data fields and exchange formats (SPDX, CycloneDX) that enables security leaders to automatically track vulnerable components in the supply chain.
Hugging Face Transformers allows silent remote code execution via obfuscated parameters in model configurations as long as the optional kernels package is installed (CVE-2026-4372, patched in 5.3.0).