Bring
accountability to your AI stack.
Keep using the packages you depend on — securely.
Your AI stack runs on open source. When a vulnerability appears, you can’t always replace the package, rewrite your application, or wait for someone else to fix it.
OpenTeams brings accountability to the AI supply chain. We remediate critical vulnerabilities and secure the path software takes from source to production.
Your AI stack runs on these software stacks. Our engineers maintain them.
The threat to an AI system rarely starts where you run it. It starts upstream, in the open-source packages your AI is built from, maintained by the kind of engineers you’ll work with here.
You can’t stop using a package just because it has a vulnerability. Your stack depends on it. So the real question isn’t is it safe to install? It’s how do we fix this and keep using it?
There are two ways your stack gets compromised.
01
A Common Vulnerabilities and Exposures (CVE) lands in a package deep in your stack: a model framework, a transitive dependency, something pinned years ago. The official fix is often a new major version that would break your application. That leaves you stuck between shipping insecure software and rewriting working systems under pressure. This is what remediation solves.
02
A package on a public index is not the source you reviewed. It is a wheel or RPM built from that source through a chain of tools and credentials. Attackers have compromised that chain and swapped real code for malicious code mid-build, so the artifact no longer matches what you can read. This is what building from source solves.
The same upstream maintainers who steward these packages run three coordinated workstreams against your dependency inventory — a security engineer leads every one.
Fix the vulnerabilities in the packages you can’t safely upgrade away.
Secure the path your packages take from source to production.
A trusted, self-hostable home to keep what you install.
Workstream
01
We don’t report vulnerabilites.
We remediate them.
Most vendors wait for the open-source community to publish a fix, then pass it along. We work inside the upstream communities that maintain the packages your AI stack depends on, fixing vulnerabilities at the source. While the permanent patch moves through the release process, we deliver a validated fix through a private channel you control, protecting you now without leaving you with a private fork to maintain.
How it works
01
We monitor disclosures against your exact dependency set — across both conda and PyPI — and prioritize what's genuinely exploitable.
02
Our maintainers apply the security fix directly to the package source — a real fix, not a wrapper or a flag.
03
The fix is rebuilt from source, dependency-resolved, and validated for compatibility across your supported runtimes.
04
The patched package goes to the private channel you pull from — so you're protected now, not whenever the community ships.
05
We carry the same fix through the upstream community’s process, so it becomes the permanent, official fix the whole ecosystem gets.
Workstream
02
Trust that your binaries match
the source you reviewed.
Installing from a public index takes trust. You trust that the wheel or RPM you downloaded was actually built from the source you can inspect. That is the build-integrity problem: the security gap between source code and the artifact your systems actually install.
Most real supply-chain compromise happens in that gap: the build and distribution chain, not the source repo.
Security-sensitive engineering organizations close the gap by building from source inside their own environment instead of depending on what a public index hands them.
Two ways to get there, you choose where it lives
Option
What it is
Best for
Hosted secure channel
We build your critical dependencies from source and deliver them through a private channel you pull from.
Teams that want the outcome without running the infrastructure.
Inside your own environment
We stand up the same secure build pipeline entirely within your org, your packages, your servers, your control.
Security-sensitive enterprises that keep dependencies fully in-house.
Workstream
03
An open-source, self-hostable home for the packages your teams trust.
Securing what you install is only half the problem, you also need somewhere trusted to keep it. Most teams already run a commercial artifact registry, we integrate with those. For teams that don’t, or that want an open alternative, we bring our own: an open-source, self-hostable artifact registry, Artifact Keeper.
Already on a commercial registry?
Built-in migration brings over your repositories, artifacts, and permissions. It reads from your existing registry without modifying it, so you migrate incrementally, not in one risky cutover.
Artifact Keeper is being folded into the broader Nebari platform, so the pieces — secure registry, scanning, and remediation — fit together as one story rather than a bag of tools. It manages, scans, quarantines, and serves artifacts. It does not rebuild or generate packages, and it doesn’t decide what your teams can install.
Where our engineers hold standing:
Contributors and maintainers across PyPA, the group of projects that maintains Python's core packaging tools and interoperability standards.
Contributors and maintainers across PyPA, the group of projects that maintains Python's core packaging tools and interoperability standards.
Authors of and contributors to Python packaging standards and the PEP process, with deep involvement across the Python AI packaging ecosystem.
Maintainers of widely used packaging tools, including manylinux, meson-python, pypa/build, pyproject-metadata, pkgconf-pypi, and pypackaging-native.
Engineers with standing in the conda ecosystem, including conda Steering Council and maintainer experience.
Members of the conda-forge core team, the governing body for the conda-forge packaging ecosystem.
Maintainers (and in several cases steering-council members) across foundational PyData and AI libraries, including NumPy, SciPy, scikit-learn, Matplotlib, Dask, and Numba.
Participation in Project Jupyter governance and Jupyter Foundation work, including governing-board representation and technical subproject leadership.
NASA-funded work to secure scientific Python.
“Ensuring a Fast and Secure Core for Scientific Python: Security, Accessibility and Performance of NumPy, SciPy and scikit-learn; Going Beyond NumPy With Accelerator Support”
Designing and implementing reproducible-build strategies for foundational data-science libraries, so a binary can be independently verified against its source.
Securing the source-to-package build process for core scientific tooling, the same build-chain integrity work we bring to enterprise engagements.
Extending the scientific core with hardware-accelerator support, so the libraries stay fast as well as secure.
40+ of the most important foundational AI packages.
Standing
Details
40+
open-source projects across scientific Python and AI1
5,000+
packages in scope across leading AI and data-science distributions2
22+ / 10+
core maintainers and PhDs3
1 Maintained or stewarded by OpenTeams engineers. Source: Quansight Labs Annual Report 2024. The engineering organization our team grew out of contributed 44,000+ hours across 40+ open-source projects. This counts foundational AI and scientific-Python packages OpenTeams engineers maintain or steward.
2 Computed June 2026 as the union of unique package names across the published package lists of leading curated open-source distributions for AI and data science, deduplicated by normalized package name. “In scope for coverage” means eligible for coverage under this program. It is not a count of packages already remediated, rebuilt, or otherwise secured.
3 Team statistics are conservative floors derived by cross-referencing our engineering team’s public GitHub presence against independent public sources: project governance and team pages, CODEOWNERS files, council and steering-committee rosters, package-index maintainer listings, publication records, dissertation records, university records, and public Quansight team and publication pages. All figures are current as of June 2026. Only publicly confirmable credentials are counted. Each person is counted at most once per category. Probable credentials are excluded, so actual totals may be higher. Maintainer figures include current and emeritus maintainer, core-team, council, or code-owner standing on notable open-source projects.
If your business runs on AI, let’s make sure you can trust the stack it’s built on.
Tell us what you’re running and our engineers will tell you what we can do about it: the vulnerabilities we can remediate, and the build chain we can secure.
Matched to your actual dependency inventory
A security engineer leads every conversation
Layers onto the OS and container security you already run
