Cloudsmith Raises $72M to Secure the AI Software Supply Chain

The rise of AI coding agents has transformed software development from a manual, line‑by‑line process to an automated torrent of binaries, containers, and libraries. Enterprises now face a deluge of artifacts that traditional source‑code scanners cannot keep pace with, creating blind spots in compliance and security. Regulators are tightening requirements for software bills of materials, pushing firms to adopt solutions that can verify every component, regardless of its origin.

Cloudsmith’s platform tackles this challenge by sitting at the artifact layer, offering a cloud‑native, universal repository that ingests over 30 package formats. Acting as a single source of truth, it scans, quarantines, and signs each artifact before it reaches internal developers, effectively extending the security perimeter beyond the code editor. The recent launch of a Model Registry further blurs the line between traditional software and machine‑learning assets, ensuring that ML models receive the same provenance checks as any other binary.

The $72 million Series C, led by TCV and Insight Partners, signals strong market confidence in artifact‑centric security as a growth engine. Cloudsmith plans to expand its go‑to‑market teams and double down on AI‑focused R&D, positioning itself against legacy on‑premise tools that struggle to scale in the cloud. As Fortune 500 firms scramble to meet SBOM mandates and safeguard AI‑generated supply chains, Cloudsmith’s approach could set a new standard for secure, compliant DevOps at global scale.