Anthropic Backs Python Security With $1.5 Million PSF Partnership

Anthropic has committed $1.5 million to the Python Software Foundation (PSF) under a two-year partnership aimed at strengthening security across Python’s core infrastructure and package ecosystem. The investment places a sharp focus on protecting CPython and the Python Package Index (PyPI) at a time when software supply chain attacks are rising across open-source platforms.

The funding will support both security modernisation efforts and the PSF’s ongoing work in maintaining Python’s global developer ecosystem, which underpins a wide swath of enterprise software, data science, and AI development.

From Reactive Fixes to Proactive Defense

A key objective of the partnership is to shift PyPI security from a largely reactive posture to a proactive threat detection model. Planned initiatives include the development of new tools that automatically review all packages uploaded to PyPI, helping detect malicious behaviour before it reaches end users.

Central to this effort is the creation of a new malware dataset, designed to enable capability-based analysis of packages. According to the PSF, the tools and techniques developed through this work are expected to be transferable beyond Python, with potential applicability across other open-source package repositories.

This security roadmap builds on the work of Seth Larson, Security Developer in Residence, Python Software Foundation, with contributions from Mike Fiedler, PyPI Safety and Security Engineer, Python Software Foundation. Both roles are supported through funding from Alpha-Omega.

Python sits at the core of modern enterprise stacks, powering cloud services, AI models, automation pipelines, and internal tooling. PyPI alone serves millions of developers globally, making it an attractive target for supply-chain attacks that can ripple across organisations.

By investing in upstream security controls, the partnership addresses a structural risk faced by enterprises that rely heavily on open-source dependencies but often lack visibility into their provenance.

Sustaining the Foundation Behind the Language

Beyond security tooling, Anthropic’s funding will also support the PSF’s core operational programmes, including:

• The Developer in Residence initiative driving improvements to CPython

• Ongoing operation and maintenance of PyPI infrastructure

• Community grants and global ecosystem support programs

These efforts help ensure the long-term stability of Python as both a language and a platform, particularly as usage scales across regulated and mission-critical environments.

Anthropic’s partnership reflects a broader shift among AI and enterprise technology companies toward direct investment in open-source sustainability and security, rather than relying solely on downstream fixes.

As software supply chains become more interconnected, strengthening foundational ecosystems like Python is increasingly viewed as a shared responsibility, one that benefits not just developers but enterprises and governments alike.