Cloudsmith Closes $72 Million Series C Round
Belfast, UK-based artifact management platform Cloudsmith has announced the successful close of a $72 million Series C funding round, pushing the company's total capital raised to $124 million. The round was led by TCV, with continued participation from Insight Partners and other existing investors.
Founded in 2016, Cloudsmith operates at the intersection of software supply chain security and enterprise software development, offering a secure, centralized repository for managing artifacts across complex, distributed codebases.
The Problem: AI Agents and an Exploding Attack Surface
The timing of this investment reflects a growing concern in the cybersecurity and software development communities: the rapid proliferation of AI coding agents is dramatically accelerating the pace at which software is produced — and with it, the potential for introducing vulnerabilities and malicious components at scale.
Cloudsmith's platform is designed to address the expanding threat surface that AI-driven development introduces, particularly through artifacts and software dependencies. As AI agents autonomously generate large volumes of code, human review becomes increasingly impractical, and enterprises are left managing sprawling software supply chains that span open source, internal, and third-party dependencies.
"AI agents generate so much software, so fast, it's nearly impossible for humans to carefully review it all. Cloudsmith has the scale and the broad view across the open-source ecosystem to protect enterprises against the new kinds of threats that AI-driven development introduces." — Glenn Weinstein, CEO, Cloudsmith
What the Platform Does
Cloudsmith's solution offers a layered approach to software supply chain security and governance. Key capabilities of the platform include:
- Automated vulnerability detection: The platform can automatically scan packages to identify known vulnerabilities and malicious code embedded within dependencies.
- Policy-based package control: Organizations can define and enforce distribution policies that approve verified packages while automatically blocking rogue or unverified ones.
- Visibility across artifact types: Cloudsmith provides unified oversight of packages, containers, and machine learning models, giving security and engineering teams a comprehensive view of their software assets.
- Chain of custody: Customers can establish and maintain a traceable chain of custody for all artifacts moving through their pipelines.
- Compliance and operational tools: The platform helps organizations address compliance requirements and streamline workflows through integrated analytics, logging, and audit capabilities.
- Global artifact distribution: Cloudsmith also manages the distribution of artifacts at a global scale, helping enterprises improve productivity and reduce operational friction.
How the Funding Will Be Used
According to the company, the fresh capital will be directed toward two primary priorities: go-to-market expansion and continued product development. As the demand for secure software supply chain solutions continues to grow — driven in large part by regulatory pressure and high-profile supply chain attacks — Cloudsmith is positioning itself to scale alongside that demand.
A Broader Trend in Security Investment
Cloudsmith's raise is part of a broader wave of investment in cybersecurity infrastructure. Recent funding announcements in the space include Rilian raising $17.5 million for AI-native security orchestration, Linx Security closing a $50 million round focused on identity security and governance, and Depthfirst securing $80 million in a Series B funding round.
Together, these investments signal sustained confidence from venture capital and growth equity firms in security platforms that can address the compounding risks introduced by increasingly automated software development pipelines.
Why Software Supply Chain Security Matters Now
The software supply chain has become one of the most actively targeted vectors in modern cyberattacks. Threat actors have repeatedly demonstrated the ability to compromise widely used open source packages, inject malicious code into dependency trees, and leverage trusted software distribution channels to reach downstream victims at scale.
As AI coding tools lower the barrier to software creation and increase the volume of code being produced, the challenge of vetting every artifact, package, and dependency for security issues becomes exponentially harder. Platforms like Cloudsmith aim to fill that gap by automating the detection and enforcement processes that human reviewers can no longer keep pace with.
With $124 million now in hand and strong institutional backing, Cloudsmith is well-positioned to expand its footprint among enterprises seeking to regain control over increasingly complex and AI-augmented software supply chains.
Source: SecurityWeek