Cloudsmith Lands $72M to Tackle AI‑Driven Software Supply Chain Risks

Cloudsmith secured a $72 million Series C funding round to address rising software supply chain risks amplified by AI-driven coding agents. The investment underscores the increasing demand for tools that ensure software integrity as development cycles accelerate.

The rapid adoption of AI coding tools has fundamentally changed software development. These agents accelerate code production, introducing new security challenges across the entire software supply chain. This speed often creates a wider attack surface.

Cloudsmith, a Belfast-based software supply chain management platform, raised $72 million in Series C funding. This marks one of the largest investment deals in Northern Ireland's history, reflecting investor confidence in addressing modern cybersecurity needs. The round saw participation from TCV, Insight Partners, and existing backers.

This significant capital injection follows Cloudsmith's earlier $15 million Series A investment in 2021. Since then, the company has expanded its customer base, attracting Fortune 500 and Global 2000 businesses. Its platform helps organizations manage the thousands of open-source libraries, internal packages, and third-party dependencies critical to modern applications.

AI-driven coding agents generate software artifacts at high volume and speed. While this boosts productivity, it simultaneously elevates the risk of insecure code, vulnerable dependencies, or malicious components entering the software supply chain. For enterprises, managing this complexity has moved from an IT concern to a boardroom priority.

Regulators are also increasing scrutiny, requiring organizations to prove that software, including AI-generated code, meets security-by-design and traceability standards throughout its lifecycle. Cloudsmith positions its cloud-native platform as a critical control layer for this environment. It offers engineering teams granular visibility over every software package across diverse formats and environments.

This capability enables organizations to govern which components enter production, allowing them to block insecure or non-compliant elements. Security teams face growing pressure to manage a sprawling digital estate, where the provenance and integrity of every software component are paramount. Cloudsmith's approach helps automate governance and compliance, ensuring that fast-paced development does not compromise security posture. This investment will fuel product development, adding features for enhanced security, compliance, and automation, alongside expanding global market reach.

The focus shifts to how effectively organizations can implement control and visibility over their AI-accelerated software pipelines.