After the Python Software Foundation refused a $1.5 million donation four months ago, the same amount is now set to be donated to the foundation, but this time from a different source.
Anthropic, best known as the AI research company behind Claude, a LLM used by millions of people worldwide, has committed $1.5 million to the Python Software Foundation as part of a new two-year partnership aimed at strengthening security across the Python ecosystem, with a particular focus on CPython and the Python Package Index.
According to the announcement, the funding is designed to advance the PSF’s security roadmap, enabling work intended to better protect millions of PyPI users from supply-chain attacks.
A central goal of the initiative is to move beyond today’s largely reactive security processes by developing tools for automated, proactive review of all packages uploaded to PyPI. These efforts include building a new dataset of known malware to support capability-based analysis and detection.
PSF says the planned tooling is expected to have benefits beyond Python alone. The foundation notes that many of the techniques and outputs developed through this work should be transferable to other open-source package repositories, potentially improving security practices across multiple ecosystems.
The new investment builds on existing security work led by PSF Security Developer in Residence Seth Larson, with additional contributions from PyPI Safety and Security Engineer Mike Fiedler. Both roles are currently funded through Alpha-Omega, an open-source security initiative.
Beyond security, Anthropic’s support will also contribute to the PSF’s core operations. This includes sustaining the Developer in Residence program that drives ongoing contributions to CPython, maintaining critical infrastructure such as PyPI, and funding community programs, grants, and other initiatives that support Python’s global user and developer base.
The Python Software Foundation described the partnership as a significant step toward ensuring the long-term security and sustainability of the language and its ecosystem, emphasizing that the scale of the investment will allow work that would otherwise be difficult to resource.
