Cloudsmith Secures $72M to Fortify AI-Era Software Supply Chains
April 27, 2026, 4:18 am
Cloudsmith secures $72M Series C funding. This elevates its universal artifact management platform. The company tackles pressing software supply chain security issues. AI-driven development rapidly generates code. This significantly expands potential threat surfaces. Cloudsmith provides critical infrastructure. It manages, secures, and governs software components. The platform ensures robust compliance and trusted development. New capital will accelerate product innovation. It will add advanced cybersecurity and AI-powered automation capabilities. This positions Cloudsmith for major growth in the AI era.
Cloudsmith, a leader in software artifact management, has successfully closed a $72 million Series C funding round. This substantial investment further cements its role in securing the increasingly complex software supply chain. The funding round was spearheaded by TCV. Existing investors, including Insight Partners, also participated. This latest capital infusion brings Cloudsmith's total outside funding to over $110 million. The company is now positioned for significant expansion.
The modern software landscape faces unprecedented challenges. Artificial intelligence (AI) agents now generate code at remarkable speed and volume. This acceleration introduces a vast array of new software artifacts and dependencies. Each new component represents a potential vulnerability. Enterprises must manage these expanding software supply chains. They span open-source libraries, internal packages, and third-party dependencies. Regulatory pressure grows. Companies must prove AI-generated software is secure by design. This evolving threat surface demands advanced solutions. Boards now recognize supply chain security as a critical concern.
Cloudsmith offers a cloud-native platform. It provides universal artifact management. The platform is designed for the AI-driven development era. It gives engineering teams essential infrastructure. They can manage, secure, and govern every package. This applies across all formats and environments. Cloudsmith acts as a central hub. It simplifies the often fragmented process of sourcing components. Developers frequently use open-source components. These come from various sources. GitHub repositories are common. AI models often originate from portals like Hugging Face. Managing these disparate sources creates significant overhead.
Cloudsmith's platform centralizes this management. Administrators gain a single point of control. This replaces the complex task of monitoring scattered third-party repositories. The system can store diverse software building blocks. These include code, configuration scripts, AI models, and operating systems. Software containers also find a home on the platform. Containers often package dozens of individual artifacts. Each artifact presents a potential cybersecurity risk. Cloudsmith addresses this complexity directly. It automatically generates a Software Bill of Materials (SBOM) for each container. An SBOM details all components within a workload. This provides crucial transparency.
Security forms a core tenet of the Cloudsmith offering. Before making any open-source component available, the platform scans it. It identifies known vulnerabilities. The Exploit Prediction Scoring System (EPSS) determines issue severity. EPSS estimates the likelihood of exploitation by hackers. This helps prioritize remediation efforts. Cloudsmith also detects other critical issues. It scans components for problematic licensing terms. This includes clauses that prohibit commercial use. Such terms can complicate software projects. The platform provides this vital intelligence.
Customers leverage this data. They build powerful automation workflows. A company might, for instance, establish a policy. This policy could automatically block open-source components. It would block those containing high-severity vulnerabilities. These automation workflows are crafted in Rego. Rego is a specialized programming syntax. It is optimized for configuring cloud instances and similar tasks. This level of control enhances enterprise security postures. It mitigates risks proactively.
The new funding will fuel Cloudsmith's aggressive product development. Plans include adding more robust cybersecurity controls. Enhanced AI-powered automation capabilities are also on the roadmap. The company will expand its go-to-market strategies. This investment follows a period of strong year-over-year growth. Enterprises increasingly seek modern infrastructure. They need systems that keep pace with AI-generated software's speed and scale. Many Fortune 500 and Global 2000 companies replace legacy tools. They upgrade to Cloudsmith's cloud-native platform. Organizations adopting AI-coding agents turn to Cloudsmith. They need guardrails and governance for their software supply chains.
Cloudsmith stands at the forefront of securing the digital supply chain. Its platform is critical for compliance, control, and security. It provides scalable solutions for the global enterprise. The era of AI-driven development is here. Cloudsmith ensures that enterprises can navigate its complexities with confidence. It delivers the visibility and supply chain controls essential for shipping secure software. This funding round underscores Cloudsmith's vital position. It is defining artifact management for the AI era.
Cloudsmith, a leader in software artifact management, has successfully closed a $72 million Series C funding round. This substantial investment further cements its role in securing the increasingly complex software supply chain. The funding round was spearheaded by TCV. Existing investors, including Insight Partners, also participated. This latest capital infusion brings Cloudsmith's total outside funding to over $110 million. The company is now positioned for significant expansion.
The modern software landscape faces unprecedented challenges. Artificial intelligence (AI) agents now generate code at remarkable speed and volume. This acceleration introduces a vast array of new software artifacts and dependencies. Each new component represents a potential vulnerability. Enterprises must manage these expanding software supply chains. They span open-source libraries, internal packages, and third-party dependencies. Regulatory pressure grows. Companies must prove AI-generated software is secure by design. This evolving threat surface demands advanced solutions. Boards now recognize supply chain security as a critical concern.
Cloudsmith offers a cloud-native platform. It provides universal artifact management. The platform is designed for the AI-driven development era. It gives engineering teams essential infrastructure. They can manage, secure, and govern every package. This applies across all formats and environments. Cloudsmith acts as a central hub. It simplifies the often fragmented process of sourcing components. Developers frequently use open-source components. These come from various sources. GitHub repositories are common. AI models often originate from portals like Hugging Face. Managing these disparate sources creates significant overhead.
Cloudsmith's platform centralizes this management. Administrators gain a single point of control. This replaces the complex task of monitoring scattered third-party repositories. The system can store diverse software building blocks. These include code, configuration scripts, AI models, and operating systems. Software containers also find a home on the platform. Containers often package dozens of individual artifacts. Each artifact presents a potential cybersecurity risk. Cloudsmith addresses this complexity directly. It automatically generates a Software Bill of Materials (SBOM) for each container. An SBOM details all components within a workload. This provides crucial transparency.
Security forms a core tenet of the Cloudsmith offering. Before making any open-source component available, the platform scans it. It identifies known vulnerabilities. The Exploit Prediction Scoring System (EPSS) determines issue severity. EPSS estimates the likelihood of exploitation by hackers. This helps prioritize remediation efforts. Cloudsmith also detects other critical issues. It scans components for problematic licensing terms. This includes clauses that prohibit commercial use. Such terms can complicate software projects. The platform provides this vital intelligence.
Customers leverage this data. They build powerful automation workflows. A company might, for instance, establish a policy. This policy could automatically block open-source components. It would block those containing high-severity vulnerabilities. These automation workflows are crafted in Rego. Rego is a specialized programming syntax. It is optimized for configuring cloud instances and similar tasks. This level of control enhances enterprise security postures. It mitigates risks proactively.
The new funding will fuel Cloudsmith's aggressive product development. Plans include adding more robust cybersecurity controls. Enhanced AI-powered automation capabilities are also on the roadmap. The company will expand its go-to-market strategies. This investment follows a period of strong year-over-year growth. Enterprises increasingly seek modern infrastructure. They need systems that keep pace with AI-generated software's speed and scale. Many Fortune 500 and Global 2000 companies replace legacy tools. They upgrade to Cloudsmith's cloud-native platform. Organizations adopting AI-coding agents turn to Cloudsmith. They need guardrails and governance for their software supply chains.
Cloudsmith stands at the forefront of securing the digital supply chain. Its platform is critical for compliance, control, and security. It provides scalable solutions for the global enterprise. The era of AI-driven development is here. Cloudsmith ensures that enterprises can navigate its complexities with confidence. It delivers the visibility and supply chain controls essential for shipping secure software. This funding round underscores Cloudsmith's vital position. It is defining artifact management for the AI era.