NSF AI grant $1.5M: "Safe-OSE" — AI-enabled vulnerability management for open-source cloud (Jetstream / Exosphere)
The NSF awarded about $1.5M to "Safe-OSE," which uses AI to detect and reduce vulnerabilities in the open-source platforms underpinning research clouds (Jetstream Cloud and Exosphere). Using reinforcement learning and large language models (LLMs), it offers context-aware fixes considering the user, time frame, and asset type, and generates vulnerability-minimizing software.
Grant overview (primary data)
- Award amount$1,500,000
- RecipientIndiana University(IN)
- ProgramSafeOSE
- Period2025-10-01 〜 2027-09-30
- FunderU.S. National Science Foundation (NSF) / NSF
Key points
- Uses AI to detect and reduce vulnerabilities in research-cloud open-source platforms (Jetstream Cloud, Exosphere)
- Reinforcement learning + LLMs suggest alternatives for vulnerable components and generate vulnerability-minimizing software
- Context-aware, personalized recommendations (by user, time frame, asset type) that overcome existing-practice limits
- Integrates opt-in scan results and AI capabilities into Exosphere's UI for automated remediation
- About $1.5M; Safe-OSE; Indiana; from 2025 — potentially translatable to commercial cloud
The NSF awarded about $1,500,000 to the "Safe-OSE" project for AI-enabled vulnerability management in open-source cloud ecosystems (NSF Award 2533181; program: Safe-OSE [Safety, Security, and Privacy of Open-Source Ecosystems]; Indiana; starting October 2025).
Per the abstract, the project aims to make important cloud research tools safer from cyber threats by using AI to detect and fix software vulnerabilities. It focuses on two widely used open-source platforms: Jetstream Cloud, which helps researchers build secure cloud systems, and Exosphere, which provides an easy-to-use interface for accessing cloud resources. The project scans both platforms for security issues, uses AI to analyze and reduce risks, and builds tools to help users understand and address potential problems — supporting researchers, cloud operators, and broader scientific communities and helping the U.S. maintain leadership in secure cloud computing.
It executes three inter-related activities. First, extensive vulnerability scanning of Jetstream Cloud, Exosphere, and user-defined virtual machines, containers, infrastructure-as-code, and code repositories on Jetstream2. Second, reinforcement-learning and LLM-based vulnerability-management methods suggest alternatives for vulnerable software components and generate vulnerability-minimizing software; this AI-enabled approach provides context-aware results (considering user, time frame, and asset type), personalized recommendations, and learns user preferences over time. Third, Exosphere's UI is enriched with opt-in scan results and AI-enabled capabilities to automatically address vulnerabilities in OSS products — suggesting alternative libraries, generating potential re-implementations, and more. These enhancements help Jetstream2 users address OSS asset vulnerabilities when provisioning resources and could be translated into commercial cloud offerings.
Why it matters
A concrete case of applying AI to vulnerability management (security operations). For those tracking AI-assisted code remediation, software-supply-chain security, and DevSecOps, a useful read on U.S. research investment and potential spillover to commercial cloud.
FAQ
How is AI used for vulnerability management?
What are Jetstream and Exosphere?
Sources (primary)
Source: NSF Award Search (U.S. National Science Foundation, public domain). Amounts are the obligated amount. For privacy, we do not handle principal investigator names.
- NSF Award (original, official)
- NSF Award ID: 2533181