Anthropic, the developer of Claude, has announced a two-year partnership with the Python Software Foundation and a total commitment of $1.5 million. The foundation will focus the money on securing the Python ecosystem and supporting key applications and infrastructure used by developers around the world.
Anthropic, the developer of Claude, has announced a two-year partnership with the Python Software Foundation and a total commitment of $1.5 million. The foundation will focus the money on securing the Python ecosystem and supporting key applications and infrastructure used by developers around the world.
According to DOU, citing the PSF blog, the funds will go towards implementing a security roadmap, including changes to CPython and work with the Python Package Index. One of the main areas is to create tools that can automatically and proactively check all packages uploaded to PyPI. PSF explains that current approaches are largely reactive, and the new mechanisms should help protect millions of users from attempted supply chain attacks, when malicious code enters projects through libraries and dependencies.
To make such checks effective, PSF plans to create a separate dataset of known malware samples. Based on this dataset, the foundation wants to develop and test threat detection tools, and also notes that the results could be useful not only for Python: some of the developments could potentially be transferred to other open source repositories.
In a separate article, Anthropic supports the «core work» of the PSF. This includes the Developer in Residence program, which incentivizes contributions to CPython, grants and other community programs, and the maintenance of the foundation’s core infrastructure, including PyPI. The PSF notes that the security plans are based on the roadmap of Security Developer in Residence Seth Larson, as well as the work of PyPI security engineer Mike Fiedler; these roles, as noted in the announcement, are funded by Alpha-Omega.
So-called «dependency attacks» have become one of the most painful problems of open source: it is enough to replace a popular package or «sew» malicious code into a library for it to spread to thousands of projects through automatic installations. Therefore, large companies are increasingly funding foundations and programming language infrastructure not out of charity, but as a way to reduce risks for their own products and the entire market.
Previously, dev.ua wrote about how Anthropic introduced a new tool called Cowork, designed as a more accessible version of Claude Code. Integrated into the Claude Desktop application, it allows the user to define a specific folder for the AI to access. Claude can read and edit files in it, guided by instructions from the standard chat window.
