Cloudsmith Just Secured $72M—Is Your Startup Next in Line for Funding Fail?

Cloudsmith Inc., a startup based in Belfast, has successfully raised $72 million in its Series C funding round, bringing its total external funding to over $110 million. This recent investment was spearheaded by TCV, which was also the largest contributor in the company’s previous funding round last year. Insight Partners, along with other existing investors, participated in this latest round.

Cloudsmith specializes in helping software teams manage application components more effectively. As developers increasingly rely on a diverse array of open-source components sourced from platforms like GitHub and Hugging Face Inc., ensuring that these components meet cybersecurity standards has become a major challenge. The process of verifying these components can be cumbersome, consuming valuable time for administrators.

To address these challenges, Cloudsmith offers a cloud-based platform resembling an app store, specifically designed to facilitate the storage and management of open-source projects and other software building blocks. This centralization allows administrators to manage components more efficiently, eliminating the need to monitor numerous third-party repositories scattered across different sites.

The platform doesn't just support code; it can host a range of artifacts, which include configuration scripts, AI models, and even entire operating systems. Additionally, Cloudsmith plays a critical role in managing software containers, which can consist of many individual artifacts, each harboring potential cybersecurity vulnerabilities. To mitigate this complexity, the platform automatically generates a software bill of materials (SBOM) for each container, outlining all its components.

Before any open-source component becomes available for download, Cloudsmith conducts a thorough scan for known vulnerabilities. The platform assesses the severity of any identified issues using a framework called the Exploit Prediction Scoring System, which estimates the likelihood of a vulnerability being exploited by hackers within a 30-day window. This proactive approach helps organizations stay ahead of potential security threats.

Cloudsmith also scans for licensing issues that could complicate software projects. For instance, it can identify license clauses that restrict commercial use, ensuring that customers remain compliant with various licensing terms. This level of scrutiny allows companies to build robust automation workflows, blocking components that contain high-severity vulnerabilities, for example. Customers can utilize a programming syntax called Rego for crafting these workflows, optimized for tasks like configuring cloud instances.

“AI agents generate so much software, so fast, it’s nearly impossible for humans to carefully review it all,” said Cloudsmith Chief Executive Officer Glenn Weinstein. “Cloudsmith has the scale, and the broad view across the open-source ecosystem, to protect enterprises against the new kinds of threats that AI-driven development introduces.”

With its new funding, Cloudsmith plans to enhance its platform by adding more cybersecurity controls and incorporating AI-powered automation capabilities. As the landscape of software development continues to evolve, the need for robust management tools that ensure security and compliance has never been more critical.

As companies grow increasingly reliant on open-source components, Cloudsmith is positioning itself as an essential resource in the tech ecosystem. The rise of AI-driven software development introduces new complexities, making the role of comprehensive management solutions even more vital for developers and organizations aiming to maintain a secure and compliant software environment.