Issue #10: IBM and Red Hat's $5B pledge, F-Droid funding, and Packagist sponsorships

This week in Open Source Funded, IBM and Red Hat announced Project Lightwell, a $5 billion commitment around securing open source software with AI, F-Droid received $50,000 from FLOSS/fund, Packagist detailed funded Composer and Packagist.org supply-chain work and launched a new sponsorship program, the PHP Foundation reported $730,534 in 2025 sponsor and donor support, TuxCare joined the OpenJS Foundation’s Ecosystem Sustainability Program, Hanakai added SerpApi as a silver-tier sponsor, Megapot and Protocol Guild proposed routing blockchain lottery referral fees to Ethereum core developers, unitary Foundation prepared another bounty-driven unitaryHACK event for open source quantum software, Tensormesh raised $20 million to commercialize infrastructure built around the open source LMCache project, Percona launched a new foundation for its open source database ecosystem, Restack launched as a European consortium supporting Free Software projects and digital commons work, Hyundai Mobis joined Eclipse software-defined-vehicle work while preparing to release mobility software as open source, OpenTelemetry graduated from the Cloud Native Computing Foundation, Gentoo described its move away from the Gentoo Foundation toward Software in the Public Interest, Garnix said its hosted Nix CI service is shutting down as the team joins Shopify and open sources the codebase, slicer license-compliance disputes widened beyond Bambu Lab, and Zed relicensed remaining first-party AGPL crates under GPL-3.0-or-later.

The foundation story widened too: MITRE is contributing Caldera to the Apache Incubator, Sol Duara is preparing to contribute Conduit to the Continuous Delivery Foundation, MySQL users and developers launched the OurSQL Foundation, Percona launched a new foundation for its database ecosystem, Gentoo is moving financial governance toward Software in the Public Interest, the Linux Foundation announced DNS-AID, OpenTelemetry graduated from the Cloud Native Computing Foundation, Hyundai Mobis joined the Eclipse Foundation’s SDV Working Group and S-Core Project, Alibaba Cloud joined the PyTorch Foundation as a platinum member, TuxCare joined the OpenJS Foundation as a Gold member and sustainability partner, and MotherDuck described a collaboration-first commercialization path around DuckDB and the DuckDB Foundation.

AI pressure remained the biggest cross-cutting theme. Anthropic’s Mythos vulnerability-discovery work, Chainguard’s warning that AI vulnerability-finding systems may overwhelm today’s upstream-consumption model, curl’s triage burden, Talk Python and Heise coverage of maintainer load, Dillo’s proposal for human-proof contributions, SQLite’s agent-contribution boundary, QEMU’s proposed AI-contribution policy shift, Zig’s ban on AI-assisted contributions, GNOME Circle’s policy against AI slop, Flathub’s clarified ban on AI-generated or AI-assisted submissions, OpenSSF’s AI contribution policy draft, AI-slop impact survey, and machine-readable due-diligence proposal, Techzine’s coverage of OpenSSF CTO Christopher Robinson’s warnings about AI-driven attacks, package slop, sock-puppet contributors, and AI-generated reports, PostHog’s opt-out model-training plan, a new study of coding-agent adoption on GitHub, Valkey’s maintainer-agent work and package-registry concerns, Aikido’s report of a Codex remote UI stealing developer credentials, a malicious npm package aimed at Claude users, AI agents installing unowned packages, Linux kernel discussion about LLM patch review, unusually large Linux networking fixes tied to AI and LLM agents, Linus Torvalds’ pushback on claims that nearly all code will be AI-generated, Greg Kroah-Hartman’s comments on Rust and AI-discovered bugs, a protestware package aimed at coding agents, scrutiny of Claude-attributed rsync commits after a regression report, Chad Whitacre’s note that AI helped push him out of tech and open source work, Google Gemini CLI backlash over an open source tool being folded into proprietary AI tooling, and O’Reilly’s analysis of how AI-era open protocols can still leave commercial tooling chokepoints all pointed to the same question: who absorbs the verification and trust work when AI scales submissions, reports, data use, review suggestions, and infrastructure consumption?

Projects joining or launching foundations

• Caldera, MITRE’s open source adversary-emulation platform, is moving to the Apache Software Foundation via the Apache Incubator as Apache Caldera — Industrial Cyber
• Conduit, Sol Duara’s open source workflow orchestration platform, is being prepared for contribution to the Continuous Delivery Foundation, with a focus on CDEvents-based interoperability across CI/CD and software delivery tools — DevOps.com
• OurSQL Foundation launched as a new foundation organized by MySQL users and developers to push for more transparency, collaboration, and roadmap clarity around Oracle’s open source database ecosystem — The Register
• Percona marked its 20th anniversary with a rebrand and a new foundation intended to support its open source database ecosystem beyond the company’s commercial services — The New Stack
• DNS-AID launched under the Linux Foundation as an open source project for decentralized AI-agent discovery using existing DNS mechanisms — Linux Foundation
• OpenTelemetry graduated from the Cloud Native Computing Foundation, marking production maturity for the open source observability project — Dynatrace
• Hyundai Mobis joined the Eclipse Foundation’s SDV Working Group and S-Core Project and said it plans to release mobility software, including a Linux container solution, as part of an open source push for software-defined vehicle platform standards — EQS News
• Alibaba Cloud joined the PyTorch Foundation as a platinum member, adding financial and engineering support for the Linux Foundation-hosted framework — PyTorch
• ProxySQL joined the MariaDB Foundation as a Silver Sponsor, positioning the sponsorship as support for the open source database commons — MariaDB Foundation
• TuxCare joined the OpenJS Foundation as a Gold member and strategic partner in its Ecosystem Sustainability Program — OpenJS Foundation
• The OCUDU Ecosystem Foundation added 21 global member organizations, expanding backing for open, cloud native RAN collaboration — Linux Foundation
• Gentoo is moving to disband the Gentoo Foundation in favor of Software in the Public Interest (SPI), with a maintainer describing the change as a way to reduce financial governance risk and avoid donor lock-in — Gentoo

Funding, sponsorship, and sustainability

IBM and Red Hat announced Project Lightwell, a $5 billion commitment using frontier AI capabilities and more than 20,000 engineers to help enterprises secure open source software from upstream development through production supply chains.

F-Droid received $50,000 from FLOSS/fund to support maintenance of the free and open source Android app repository. F-Droid described the grant as no-strings funding for ongoing infrastructure and project work.

Packagist detailed new Composer and Packagist.org supply-chain defenses, credited the Sovereign Tech Agency and Aikido for funding the work, and announced a sponsorship program starting at €2,500 per month to support Packagist.org operations and security development.

The PHP Foundation published its 2025 impact and transparency report, saying 536 sponsors and individual donors contributed $730,534, funding 11 contracted developers and helping the foundation author roughly 42% of PHP core commits.

Tensormesh raised $20 million from investors including Nvidia, AMD, and CoreWeave to commercialize inference optimization built on the open source LMCache project while continuing contributions to the open source ecosystem.

MotherDuck explained why it is commercializing DuckDB without forking the core project, pointing to collaboration with DuckDB Labs, extension-based product work, and the DuckDB Foundation as the governance home for the database.

Percona marked its 20th anniversary with a rebrand and a new foundation intended to support its open source database ecosystem and community beyond the company’s commercial services.

Aztec Labs acquired Obsidion Labs, maker of the open source ZKPassport zero-knowledge identity protocol. Aztec said it will continue maintaining the ZKPassport protocol and iOS app as open source while the team continues development inside Aztec.

ClickHouse launched House Mates, a partner community and program with more than 60 integration, services, consulting, reseller, and ISV partners. TechCrunch also reported that ClickHouse reached a $250 million annualized revenue run rate after a $400 million Series D and $15 billion valuation, describing its open source database monetization through managed cloud services and related acquisitions.

Flexprice raised a $1.5 million seed round led by Shastra VC. The company is building open source billing infrastructure for AI-native and API-first businesses, including usage metering and revenue-recognition tooling.

GlobalPlatform launched Pavona, an open source silicon ecosystem backed by founding members including Meta, Qualcomm, Tenstorrent, Winbond, and the University of Oxford. The effort is aimed at certification-ready chip designs and shared open silicon infrastructure.

Alibaba Cloud joined the PyTorch Foundation as a platinum member, adding financial and engineering support for the Linux Foundation-hosted open source AI framework.

ProxySQL became a MariaDB Foundation silver sponsor, with ProxySQL CEO René Cannaò framing the sponsorship as a way to support the open source database commons and deepen collaboration with MariaDB users, contributors, and maintainers.

TuxCare joined the OpenJS Foundation as a Gold member and strategic partner in the foundation’s Ecosystem Sustainability Program, providing enterprise security support for organizations running older, unsupported versions of critical OpenJS projects.

Hanakai, the open source Ruby community around Hanami, Dry, and ROM, added SerpApi as a silver-tier sponsor supporting community initiatives, Hanami releases, and broader Ruby ecosystem work.

The OCUDU Ecosystem Foundation said it has added 21 global member organizations since launch, expanding industry and research backing for its open, cloud native RAN collaboration.

Restack launched as a Horizon Europe consortium with FSFE participation, providing legal and licensing support for more than 200 Free Software projects while working to strengthen Europe’s digital commons and reduce dependency on proprietary technology.

Megapot teamed with Protocol Guild on a blockchain lottery model that would direct referral fees from ticket sales to Ethereum core developers, attempting to create a transparent funding stream for maintainers of shared open source infrastructure.

The unitary Foundation is preparing unitaryHACK26, a bounty-driven open source quantum software event. The Quantum Insider reported that the 2025 edition awarded more than $19,000 and that this year’s event will add an LLM-use policy for open source development work.

Cisco said it plans to bring broader enterprise and neocloud support to SONiC, the Linux Foundation-stewarded open networking project, extending commercial backing for the open source network operating system beyond hyperscale deployments.

SourceHut said it spent the quarter preparing a joint EU funding proposal with other open source forges and partners while continuing work on DDoS mitigation, finances, support, and infrastructure for the software forge.

Gentoo developer Michał Górny described Gentoo’s volunteer-run governance and infrastructure model, including the project’s move to disband the Gentoo Foundation in favor of Software in the Public Interest (SPI) to reduce financial governance risk and avoid donor lock-in.

Garnix, the Nix CI service, said it is joining Shopify, shutting down its hosted service on July 15, and open sourcing the garnix-ci codebase so users can self-host or organize a community instance.

At Wikimedia, Jake Orlowitz argued that the Wikimedia Foundation’s staffing choices, reserves, and Wikimedia Enterprise revenue from AI-company API access are creating new labor and governance tensions around Wikipedia’s software infrastructure.

Boot.dev surveyed recent open source maintainer conflicts and monetization flashpoints, arguing that popular open source work remains financially fragile even when projects become essential infrastructure.

Drupal founder Dries Buytaert argued that open source companies should compete through products while also sustaining the shared commons through code, security work, documentation, events, education, and sponsorships.

O’Reilly republished Ilan Strauss’s analysis of open source strategy in AI, arguing that open protocols such as MCP can remain foundation-governed while complementary tooling layers consolidate inside platform companies, creating new chokepoints for rent capture.

Sources: IBM and Red Hat Commit $5 Billion to Redefine the Future of Open Source in the AI Era, New financial support for F-Droid thanks to FLOSS/Fund, An Update on Composer and Packagist Supply Chain Security, The PHP Foundation Impact and Transparency Report 2025, Tensormesh taps Nvidia, AMD and CoreWeave for funding to fix AI model memory problems, Why MotherDuck refuses to fork DuckDB, Percona celebrates 20th birthday with new foundation — and a goat cake, Aztec Labs acquires ZKPassport maker Obsidion as age verification pressure mounts, Introducing House Mates: the ClickHouse partner community and program, ClickHouse triples annualized revenue to $250M, charting a path toward an IPO, Flexprice raises $1.5 Mn seed round led by Shastra VC, Pavona Aims To Provide A Certification-Ready, Open-Source Silicon Ecosystem, Alibaba Cloud Joins the PyTorch Foundation as a Platinum Member, ProxySQL joins MariaDB Foundation as Silver Sponsor, TuxCare Joins OpenJS Foundation’s Ecosystem Sustainability Program, Welcome, SerpApi!, OCUDU Ecosystem Foundation Emerges as Key Hub for Open Source RAN Innovation with 21 New Global Member Organizations Since Launch, Restack: a new European consortium for a digital Europe, A blockchain lottery plans to turn crypto gambling fees into Ethereum developer funding, Open-Source Quantum Community Prepares For Sixth Annual unitaryHack, Cisco plans to bring SONiC foundation to customers beyond just hyperscalers, What’s cooking on SourceHut? Q2 2026, Why Gentoo?, Garnix (A Nix CI) is shutting down, Big Tech’s Anti-Labor Playbook Has Come for Wikipedia, Open Source Maintainers Are Crashing Out, Grow the ecosystem, not just yourself, Open Source Ecosystems

Licensing and provenance

Bambu Lab faced another round of scrutiny over the OrcaSlicer fork dispute. Open Source For You connected the cease-and-desist fight to Software Freedom Conservancy’s AGPLv3 allegations and to broader concern that proprietary networking components may add restrictions around AGPL-licensed software.

Prusa also accused several Chinese slicer manufacturers, including FlashForge, Elegoo, Anycubic, and Creality, of AGPL compliance failures, widening the 3D-printer slicer licensing dispute beyond Bambu Lab.

Nextcloud, Ionos, and other European vendors plan to launch Euro-Office, a fork of OnlyOffice, on June 9. Computerworld noted that the fork previously drew AGPL attribution complaints and that the group says those copyright notices have now been corrected.

HeroDevs summarized Black Duck’s 2026 OSSRA findings that 68% of audited codebases contain license conflicts, warning that AI coding assistants can worsen attribution and provenance problems when generated code arrives without reliable context.

Zed merged a pull request relicensing its remaining first-party AGPL collab and ztracing crates under GPL-3.0-or-later, removing the root AGPL license file and adding guardrails against reintroducing first-party AGPL crates.

Google Gemini CLI drew developer backlash after coverage that the Apache-licensed command-line tool is being steered toward the closed-source Antigravity CLI and losing free-user API access, with critics arguing that community pull requests helped build a tool now being folded into proprietary AI tooling.

Sources: Bambu Lab Faces Open Source Licence Firestorm Over OrcaSlicer Fork, Prusa accuses several Chinese slicer manufacturers of license violations, Open source Euro-Office productivity suite to launch June 9, 68% of Codebases Contain License Conflicts and AI-Generated Code Is Making It Worse, Relicense collab and ztracing crates under GPL, Linux Foundation Tool Spotlighted: Furious Developers Accuse ‘Sickening’ Google Gemini CLI Bait-and-Switch

AI security, infrastructure, and maintainer pressure

Coverage of Anthropic’s Mythos vulnerability-discovery system kept the focus on verification capacity. The Register reported that Anthropic wants to eventually release Mythos-class vulnerability-finding systems while saying safeguards are not ready. Help Net Security reported that Claude Mythos found more than 10,000 high- or critical-severity issues and disclosed 1,596 vulnerabilities across 281 open source projects.

Chainguard CEO Dan Lorenc argued that AI vulnerability-finding systems such as Mythos will overwhelm the current open source consumption model, saying governments cannot directly govern volunteer upstreams and enterprises need stronger controls around what they consume.

curl maintainer Daniel Stenberg described the mental strain of handling sustained security-report volume after years of LLM and AI-slop submissions. HeroDevs framed the same dynamic as a verification bottleneck: vulnerability discovery is getting cheaper, but maintainer triage and confirmation are not. Talk Python and Heise connected the same pressure to large AI-assisted pull requests, Jazzband and CPython guidance, and maintainers working through growing volumes of AI-generated bug reports.

The Linux kernel community also continued debating where LLMs might fit in patch review. LWN reported that participants saw possible uses for AI assistance but remained wary of review quality, maintainer workload, and added process burden. Phoronix reported that Linux networking fixes for the 7.1 cycle remain unusually large because many are spurred by AI and LLM coding agents. The New Stack reported that Linus Torvalds pushed back on claims that nearly all code will be AI-generated, arguing that kernel development still depends on human understanding, judgment, and review. Slashdot covered Greg Kroah-Hartman’s argument that Rust can help Linux absorb a flood of AI-discovered security bugs by preventing common memory, locking, error-handling, and untrusted-data mistakes before they hit human review.

ECI Research reported from Open Source Summit 2026 that Valkey maintainers and Linux Foundation leaders described AI-assisted contributions and machine-scale package-registry consumption as new pressure on open source governance, review capacity, and funding models.

Diginomica’s Valkey 9.1 coverage gave that tension a product-level example: the Linux Foundation-governed Redis fork shipped hybrid search, an admin console, lower memory use, and in-house AI agents for maintainer toil, while maintainer Madelyn Olson argued Redis’s restored AGPL option still leaves single-vendor relicensing risk unresolved.

The New Stack interviewed Aikido Security’s Willem Delbare about AI coding agents autonomously installing open source packages, plugins, extensions, MCPs, models, and tools while many organizations lack clear accountability, policy enforcement, or visibility for the resulting supply-chain risk.

Aikido also reported that codexui-android, a legitimate-looking remote UI for OpenAI Codex with a real GitHub repository and tens of thousands of weekly npm downloads, quietly exfiltrated Codex, OpenAI, GitHub, SSH, and npm credentials from user environments. The Register reported on another AI-tooling supply-chain case: a malicious npm package aimed at Claude users imitated AI tooling, pulled in npm-slop dependencies, and accidentally exposed the attacker’s own GitHub token.

The OpenSSF May newsletter pointed to the same pressure points from the foundation side, recapping new members, OSS-CRS sandbox work, an AI contribution policy draft, an AI-slop impact survey, and security guidance for AI-era open source work.

Techzine reported OpenSSF CTO Christopher Robinson’s warning that AI-driven attacks, package slop, sock-puppet contributors, and AI-generated reports are widening the gap between attackers and volunteer maintainers while OpenSSF works on training and tooling responses.

In a separate post, OpenSSF argued that Cyber Resilience Act due diligence should rely on voluntary machine-readable open source security signals while liability remains with downstream manufacturers. It urged companies to support upstream tooling, documentation, funding, and engineering rather than shifting assurance burdens onto maintainers.

Sources: Anthropic to release Mythos-class models to the public, Anthropic: Claude Mythos identified 10,000+ software flaws, The hardest fork, The pressure, The Verification Bottleneck: Why AI Found 12 OpenSSL Zero-Days While Curl Killed Its Bug Bounty, AI Contributions and Maintainer Load in Open Source, Comment: Open-source developers are working themselves sick on AI bugs, Reviewing kernel patches with LLMs, Linux Networking Still Seeing “Significantly Bigger” Pull Requests Due To AI, Why Linux creator Linus Torvalds gets angry hearing “99% of code is AI”, Rust Will Save Linux From AI, Says Greg Kroah-Hartman, AI Is Stressing Open Source Infrastructure, Valkey 9.1 ships with hybrid search, AI maintainer agents and a leaner engine, “There is no accountability”: AI coding agents are installing packages no one owns, Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens, Supply chain brain drain: npm attacker foolishly leaks own GitHub private token, OpenSSF Newsletter – May 2026, Why open source faces its biggest security threat in 2026, Aligning on Machine-Readable Signals as the Foundation for Due Diligence

AI usage, contribution norms, and community trust

Dillo maintainer Rodrigo Arias Mallo proposed asking new contributors to record programming sessions with asciinema as a way to distinguish human-written patches from LLM-generated contributions. The proposal reflects a growing trust problem around review queues, contributor identity, and the cost of evaluating generated work.

A study covered by ADTmag estimated coding-agent adoption at 22% to 29% across 128,018 GitHub projects, raising questions for open source teams about agent-generated pull requests, review requirements, labeling, auditing, and long-term maintenance costs.

PostHog said it plans to train its own AI models on customer data, with training enabled by default unless customers opt out. The company promised anonymization, no third-party model providers, and no resale of models trained on the data.

Akseli Lahtinen argued that AI-tool attribution lines in commits for open source projects function as vendor advertising. The post recommends disclosing AI assistance in merge requests rather than embedding tool promotions in commit metadata.

Simon Willison noted that SQLite added an AGENTS.md file telling AI coding agents and their users that SQLite requires public-domain contribution paperwork and does not accept agentic code. The file says maintainers may review concise human-authored proof-of-concept patches before reimplementing them.

Zig bans LLM-generated, edited, brainstormed, or debugged contributions. Business Insider quoted Zig Software Foundation president Andrew Kelley saying AI submissions consume scarce review time and undermine the project’s mentoring goals.

GNOME Circle updated its policies to reject low-effort AI slop applications and libraries when developers cannot take responsibility for the work, while the Resources monitoring app moved into GNOME Incubator.

Flathub clarified its requirements to say applications and submissions containing AI-generated or AI-assisted code, documentation, or other content are not allowed, with limited exceptions for mature and well-maintained projects.

QEMU is considering a narrower path for AI/LLM-generated contributions, with a proposed policy change that would allow some generated material in non-critical areas while keeping restrictions for security-sensitive code.

Andrew Nesbitt reported that jqwik 1.10.0 added hidden stdout text aimed at coding agents, telling them to delete jqwik tests and code. Nesbitt framed the change as AI protestware and another supply-chain trust problem for automated development tools.

A Mastodon post about rsync 3.4.3 pointed to a backup regression and recent commits attributed to “tridge and claude,” turning the release into another example of AI-assisted open source changes drawing scrutiny when users hit breakage.

Chad Whitacre, who has spent years around open source communities and sustainability work, wrote that he is retiring from tech to live offline, describing AI as the last straw after broader concerns about agentic AI and technological acceleration.

Sources: Human proof for FOSS contributions, AI Coding Agents Are Already Spreading Across GitHub, Study Finds, Training our own AI models, Stop Advertising in Your Commits, sqlite AGENTS.md, Zig president says AI coding contributions are ‘invariably garbage,’ so he banned them, GNOME Circle Takes Stand Against AI Slop, Resources App Makes It Into GNOME Incubator, Reword LLM policy to make it clear it’s not allowed, QEMU Shifting On AI Policy To Allow Some AI/LLM-Generated Contributions, Protestware for Coding Agents, Rsync 3.4.3 has hundreds of Claude commits, I Am Retiring from Tech to Live Offline

Jobs

Foundations and core infrastructure

• Mozilla — Senior Manager, Firefox Mobile Test Engineering (link) — Remote Spain. Posted 2026-05-28.
• Mozilla — Senior Manager, Firefox Mobile Test Engineering (link) — Remote Germany. Posted 2026-05-28.
• Mozilla — Senior Manager, Firefox Mobile Test Engineering (link) — Remote UK. Posted 2026-05-28.
• The Linux Foundation — Senior Public Relations Manager (link) — Remote US. Posted 2026-05-27.
• The Linux Foundation — OSS-SIRT Director (link) — Remote US. Posted 2026-05-27.
• The Linux Foundation — Systems & Software Engineer (link) — Remote US. Posted 2026-05-26.
• Eclipse Foundation — Financial Controller (link) — Ottawa, Canada (hybrid/remote). Posted 2026-05-26. Deadline 2026-08-24.

Community and developer relations

• Tailscale — Developer Relations Engineer (link) — Remote US. Posted 2026-05-27.
• Tailscale — Developer Relations Engineer (link) — Remote Canada. Posted 2026-05-27.
• Kestra Technologies — Developer Advocate, Infrastructure Orchestration (link) — Europe; United States (Remote). Posted 2026-05-27.
• Snorkel AI — AI Community Manager (link) — San Francisco, CA (Hybrid). Posted 2026-05-27.
• LangChain — Head of Narratives (link) — San Francisco, CA. Posted 2026-05-26.

OSPO and public-sector open source

• The George Washington University — Program Coordinator (link) — Washington, DC. Posted 2026-05-29.

Sustainability and commercial open source

• GitLab — AI Engineer (link) — Remote US. Posted 2026-05-29.
• Mistral AI — Applied AI Engineer, Site Reliability Engineer - EMEA (link) — Paris; Amsterdam; Lausanne; London; Munich; Zurich. Posted 2026-05-29.
• Canonical — Ubuntu Linux Kernel Test Engineer (link) — APAC remote; Beijing or Taipei office-based. Posted 2026-05-29.
• Canonical — Dedicated Linux Desktop & Devices Support Engineer, Singapore (link) — Home Based - APAC. Posted 2026-05-29.
• Akuity — Technical Support Engineer, EMEA (link) — Remote - EMEA. Posted 2026-05-29.
• Supabase — Customer Solution Architect Team Lead (AMER) (link) — Remote. Posted 2026-05-29.
• Grafana Labs — Senior Backend Engineer - Alerting (link) — Germany (Remote). Posted 2026-05-29.
• Grafana Labs — Senior Backend Engineer - Alerting (link) — Republic of Ireland (Remote). Posted 2026-05-29.
• Grafana Labs — Senior Backend Engineer - Alerting (link) — Spain (Remote). Posted 2026-05-29.
• Grafana Labs — Senior Backend Engineer - Alerting (link) — Sweden (Remote). Posted 2026-05-29.
• Grafana Labs — Senior Backend Engineer - Alerting (link) — United Kingdom (Remote). Posted 2026-05-29.
• n8n — Sr AI Engineer (link) — Remote Europe; Berlin Office. Posted 2026-05-28.
• Grafana Labs — Staff Backend Engineer - Grafana Enterprise (link) — United States (Remote). Posted 2026-05-28.
• Grafana Labs — Staff Backend Engineer - Grafana Enterprise (link) — Canada (Remote). Posted 2026-05-28.
• Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Sweden (Remote). Posted 2026-05-28.
• Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — United Kingdom (Remote). Posted 2026-05-28.
• Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Germany (Remote). Posted 2026-05-28.
• Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Spain (Remote). Posted 2026-05-28.
• Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Republic of Ireland (Remote). Posted 2026-05-28.
• Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — Canada (Remote). Posted 2026-05-28.
• Grafana Labs — Senior Product Manager, Infrastructure Observability (link) — United States (Remote). Posted 2026-05-28.
• GitLab — Staff Security Engineer, IAM (USA) (link) — Remote US. Posted 2026-05-28.
• GitLab — Staff Infrastructure Security Engineer (link) — Remote APAC; Remote EMEA; Remote US. Posted 2026-05-28.
• GitLab — Senior Engineering Manager, Tenant Experience Platform (link) — Remote Canada; Remote United Kingdom; Remote US. Posted 2026-05-28.
• Canonical — Software Engineer - Edge AI (link) — Home based - EMEA. Posted 2026-05-28.
• Temporal Technologies — Senior Software Engineer, Cloud Applications (link) — United States (Remote). Posted 2026-05-28.
• Temporal Technologies — Staff Software Engineer, Cloud Identity (link) — United States (Remote). Posted 2026-05-28.
• Temporal Technologies — Staff Software Engineer, AI Foundations (link) — United States (Remote). Posted 2026-05-27.
• Temporal Technologies — Staff Software Engineer, AI Developer Experience (link) — United States (Remote). Posted 2026-05-27.
• Temporal Technologies — Staff Product Manager, Agent Platform (link) — San Francisco, CA. Posted 2026-05-27.
• Temporal Technologies — Senior Director of Global Solutions Architecture (link) — United States (Remote). Posted 2026-05-27.
• Temporal Technologies — Senior Manager, Solutions Architecture - Growth (link) — United States (Remote). Posted 2026-05-27.
• Temporal Technologies — Senior Application Security Engineer (link) — United States (Remote). Posted 2026-05-27.
• Supabase — Product Security Engineer (link) — Remote. Posted 2026-05-27.
• Red Hat — Senior Product Security Engineer - Cryptography (link) — Raleigh, NC; Boston, MA (hybrid). Posted 2026-05-27. Deadline 2026-07-27.
• Mistral AI — AI Deployment Strategist, AI4Engineering - EMEA (link) — Paris. Posted 2026-05-27.
• Grafana Labs — Senior AI Engineer - Grafana Ops, AI/ML (link) — Canada (Remote). Posted 2026-05-27.
• Grafana Labs — Senior AI Engineer - Grafana Ops, AI/ML (link) — United States (Remote). Posted 2026-05-27.
• Grafana Labs — Director, Product Management (link) — United Kingdom (Remote). Posted 2026-05-27.
• Grafana Labs — Director, Product Management (link) — Spain (Remote). Posted 2026-05-27.
• Grafana Labs — Director, Product Management (link) — Germany (Remote). Posted 2026-05-27.
• Grafana Labs — Director, Product Management (link) — Sweden (Remote). Posted 2026-05-27.
• Grafana Labs — Director, Product Management (link) — Republic of Ireland (Remote). Posted 2026-05-27.
• Grafana Labs — Director, Product Management (link) — Canada (Remote). Posted 2026-05-27.
• Grafana Labs — Director, Product Management (link) — United States (Remote). Posted 2026-05-27.
• GitLab — Principal Product Manager, AI Custom Models (link) — Remote Canada; Remote US. Posted 2026-05-27.
• GitLab — Engineering Manager, Gitaly (link) — Remote Canada; Remote Ireland; Remote Israel; Remote Netherlands; Remote United Kingdom; Remote US. Posted 2026-05-27.
• Truffle Security — Principal Software Engineer (link) — Remote. Posted 2026-05-26.
• Temporal Technologies — Staff Software Engineer, Open Source Server (link) — United States (Remote). Posted 2026-05-26.
• Temporal Technologies — Senior Software Engineer, Open Source Server (link) — United States (Remote). Posted 2026-05-26.
• Grafana Labs — Senior Product Manager (link) — Sweden (Remote). Posted 2026-05-26.
• Grafana Labs — Senior Product Manager (link) — United Kingdom (Remote). Posted 2026-05-26.
• Grafana Labs — Senior Product Manager (link) — Germany (Remote). Posted 2026-05-26.
• Grafana Labs — Senior Product Manager (link) — Spain (Remote). Posted 2026-05-26.
• Grafana Labs — Senior Product Manager (link) — Republic of Ireland (Remote). Posted 2026-05-26.
• UNICEF — DPGs at Scale Community Manager and Operating Model Consultant (link) — Valencia, Spain (Remote). Posted 2026-05-25. Deadline 2026-06-05.

Legal and licensing

• Black Duck Software — Vice President Technical Services (link) — US Remote. Posted 2026-05-29.
• ClickHouse — Senior Product Counsel (link) — United States (Remote). Posted 2026-05-28.
• Red Hat — Software Engineer - Security Compliance (link) — Brno, Czechia. Posted 2026-05-27. Deadline 2026-06-13.
• Mistral AI — Legal Counsel, Banking / Financing (Project finance) (link) — Paris. Posted 2026-05-27.
• Black Duck Software — Principal Technical Account Manager (link) — Toronto, Canada; Calgary, Canada. Posted 2026-05-26.