Before Pago Fácil existed, there was code.
For years I built and published free software. It was an online payments plugin — anyone could download it, install it, and start accepting payments on the internet. No cost, no license, no strings attached. I did it because that's how I learned: by building things and putting them out into the world.
In five years, that plugin reached 3,000 active businesses in Chile.
Three thousand companies processing payments with my code. And in all that time, exactly one person ever sent me anything: five dollars "for a beer." That was it.
That code didn't become Pago Fácil (a Chilean fintech I founded) directly. What it did was something more important: it made me see that 3,000 businesses depended on that service to collect payments online, and nobody was charging for it seriously. The insight wasn't "let me monetize the plugin" — it was "this problem is worth a company." That reading led to Pago Fácil, which we eventually sold for over twenty million dollars. But the seed was free code. And for all those years, the market never asked whether I could afford to keep running it.
That's exactly the world GitHub, Google, OpenAI, and Anthropic just donated $12.5 million to.
First: who are the maintainers?
Before talking money, you need to understand who this actually affects.
A maintainer is the person (or small group) responsible for an open source project. They review pull requests, answer questions, close bugs, write documentation, update dependencies, and handle security. Often on their own time. At night. On weekends. Unpaid.
Today on GitHub there are more than 280,000 maintainers managing hundreds of millions of public repositories. Many of those repos are critical infrastructure for the world: the libraries that process payments in your app, the server running your platform, the protocol moving data between systems.
The problem is that the open source software the entire world relies on is often not owned by companies — it's owned by people. People who work for free and rarely even get a "thank you."
I know this firsthand.
The invisible code running the world
Most people have no idea how much open source they use every single day.
When you open Netflix, the server that responds runs Linux. When your bank processes a wire transfer, it uses open source libraries to encrypt the data. When a startup ships its app, it builds on frameworks someone published for free on GitHub. 96% of commercial applications contain open source components. 70% of the code running in the cloud is open source.
This isn't hyperbole: the world's digital infrastructure runs on software nobody paid for.
And behind every library, every framework, every tool — there's a maintainer. Sometimes a small team. Sometimes one person.
How much does that person earn? In most cases: nothing. Or close to nothing.
A 2024 study from Harvard and the Linux Foundation found that the vast majority of maintainers receive no financial compensation for their work. Those who do receive something get amounts that don't justify the time invested. Platforms like GitHub Sponsors and Open Collective exist, but the numbers are marginal compared to the value those projects generate.
The model has run for decades on pure passion and community momentum. But it has a breaking point.
The numbers nobody puts in the same paragraph
$12.5 million sounds big until you put it in context (figures verified from official 2025 financial reports):
| Company | 2025 Revenue | What $12.5M Represents |
|---|---|---|
| Amazon | $716.9 billion | ~9 minutes of revenue |
| Google/Alphabet | $402.8 billion | ~16 minutes |
| Microsoft | $281.7 billion | ~23 minutes |
| OpenAI | $20 billion (annualized) | ~5.5 hours |
Combined, they generate ~$1.4 trillion a year. $12.5M is 0.0009% of that.
Amazon alone generates $12.5 million in under 10 minutes. And that entire operation runs on software that maintainers wrote for free.
The parallel to my own story is direct: 3,000 companies using my code, one donor for $5. Now multiply that by thousands of projects, over decades, with companies generating billions per year. That's the debt that just received a symbolic "payment."
The problem AI accelerated to the breaking point
What was already unsustainable, AI made explosive.
AI models can now find vulnerabilities in open source code at industrial scale. What used to take a security team weeks, a model does in minutes. The result: a flood of reports — many automated, many low quality — that maintainers have to review and respond to. Alone. At 2 AM. For free.
As Christian Grobmeier, maintainer of Log4j (the one behind the exploit that broke the internet in 2021) put it: "our AI has to be better than the attacking AI." The problem is that attackers have a budget and maintainers don't.
Burnout isn't a metaphor — it's why critical projects go unmaintained and end up as global attack vectors.
What Alpha-Omega is and what it does with the money
The Alpha-Omega initiative has been operating for 4 years with a concrete model: fund security audits and embed experts directly inside critical projects. Their results are measurable:
- 191 new CVEs documented
- 250+ secrets prevented from being exposed
- 600+ leaked secrets detected and resolved
- 70+ grants totaling more than $20M cumulative
- Impact on projects with billions of monthly downloads
With this new $12.5M round (AWS confirmed $2.5M of their share), the goal is to scale that model using AI for triage — so maintainers can handle the volume without burning out.
GitHub adds an additional $5.5M in Azure credits: eligible projects get $10,000 in cash + Copilot Pro + $100K in cloud credits + 3 weeks of security training.
Why they're doing it — and it's not charity
I'll be direct: this isn't philanthropy.
These companies built hundred-billion-dollar businesses on open source infrastructure they didn't pay for. A serious exploit in a critical library could cost AWS more in emergency response and reputation damage than what they're putting in now.
The investment makes economic sense. Protecting the asset that generates value costs far less than the consequences of not doing so.
What's harder to justify is the PR they're making out of it. Issuing press releases celebrating $12.5M when your annual capex is measured in hundreds of billions is, at best, poor taste.
Immudb said it clearly back in 2022, when Alpha-Omega announced its initial $5M round: "paltry sum" — a miserable figure for the scale of the problem. They were right then. They're still right today.
What's genuinely worth rescuing here
Despite everything above, there's something real in this movement.
Alpha-Omega works. It's not a fund that throws money and disappears — it works directly with projects, measures outcomes, puts experts inside teams. If this investment builds better triage tooling and reduces burnout for actual maintainers, it's welcome.
The amount is insufficient. The model can work. Both things are true.
My take
I spent years building code that 3,000 companies used for free. One person gave me $5. What I eventually built wasn't "the monetized plugin" — it was recognizing that the problem was big enough for a real company. The code gave me visibility and expertise, but the insight was seeing that the service truly mattered and nobody was solving it well. That taught me something no business book teaches: the market doesn't pay what it doesn't get billed for — but sometimes it shows you exactly what should be charged.
If you're building on open source technology — and if you have a startup or automate processes with tools like n8n, Linux, Node, Python, you almost certainly are — you need to understand that foundation isn't free. It has a cost that someone is paying. Usually someone who can't afford to.
$12.5M doesn't fix that. But if you're wondering how much you owe the ecosystem that never sent you an invoice, now you have a number to start thinking about the answer.
Did you build your business or career on open source? How much do you owe the ecosystem that never charged you? Join my community of founders at Cágala, Aprende, Repite (Fail, Learn, Repeat) — where we talk tech and business with zero BS.
Sources: GitHub Blog · Linux Foundation · Amazon Revenue Macrotrends · Alphabet Revenue Macrotrends · Microsoft Annual Report FY2025 · OpenAI Revenue Reuters
📝 Originally published in Spanish at cristiantala.com
Top comments (0)