Computer and cloud security start-up Chainguard hit the headlines recently by closing its latest funding round valued at USD 3.5 billion, almost tripling in less than a year, underscoring sustained investor appetite for robust digital infrastructure. The company had raised USD 356 million in a series D round, led by new investor Kleiner Perkins and existing investor IVP, with additional participation from new investors such as Salesforce Ventures and Datadog Ventures.
As industries are embracing AI and technology rapidly, so are the worries around cybersecurity. Enterprises prioritise protective measures against online attacks and hacks, prompting businesses to spend more on safeguarding their domains.
Against this backdrop, Chainguard, whose customers include Anduril, ANZ Bank, Canva, GitLab and Hewlett Packard Enterprise, has stood up to the occasion by providing tools and services to help clients keep their software secure. At the same time, it is also cementing its place as a key cybersecurity player, as it has so far raised USD 612 million. The start-up, founded in 2021, grew its annual recurring revenue seven times to USD 40 million in fiscal year 2025.
In today’s episode of the “Start-up of the Week,” International Finance will talk about the company in detail.
The Safe Source For Open Source
Chainguard has built a secure, trusted software supply chain that “empowers teams to build the future instead of patching the past.”
“The status quo in open source has led to high-profile security breaches, countless hours of engineering toil, and compliance failures. Enterprises need a new mechanism for open-source software delivery,” the start-up stated.
The safe open-source software has been rebuilt from source in secure environments with end-to-end integrity, with the vision of ensuring a future where security and innovation move in lockstep and every line of code makes software safer.
“As high-profile attacks exposed systemic weaknesses, organisations struggled to secure their development pipelines without adding friction for engineers. Existing solutions were complex, reactive, and often ineffective, so Chainguard set out to build a safe source for open source. Today, Chainguard helps organisations eliminate threats in their software supply chains by providing guarded open-source software, built from source and updated continuously,” the company added.
Chainguard’s software supply chain has enabled its client companies to save 288,000 engineering hours. Additionally, it has addressed more than 72,000 Common Vulnerabilities and Exposures (CVEs)—a widely recognized list of publicly disclosed security flaws in computer systems. Most importantly, this effort has resulted in an 80% reduction in the attack surface.
Chainguard’s software supply chain is run by “Container Image Security,” which builds, ships, and runs hardened, minimal container images.
The company commented, “Our suite of hardened, minimal container images help developers start secure and stay secure throughout the software development lifecycle. With 97.6% fewer vulnerabilities than alternatives, Chainguard Containers help you reach vulnerability requirements for compliance frameworks like NIST 800-53, FedRAMP, or StateRAMP.”
The software supply chain performs another crucial function called “Vulnerability Remediation,” where it prioritises speed and precision to eliminate CVEs daily in the open-source software the client companies consume, so the latter’s developers can spend their time honing their craft. No more constantly monitoring security spreadsheets, running known-vulnerable software, or manually patching images.
When it comes to compliance and risk mitigation, the Chainguard Containers solution eliminates vulnerabilities in the clients’ containers that repeatedly impact their compliance certifications for FedRAMP, PCI-DSS, SOC 2, and more. Human cybersecurity professionals get relieved of repetitive tasks like patching, updating, and hardening container images to meet and maintain compliance requirements faster.
The start-up also helps its clients build secure software with images that include Signatures, SLSA Provenance (verifiable information about software artefacts describing where, when and how something was produced), and SBOMs (Software Bill of Materials is a comprehensive inventory of all the software components, including their versions, dependencies, and associated metadata, that make up a software application), thereby providing the building blocks for a secure software supply chain.
On the AI/ML Security front, Chainguard AI Images are a suite of CPU and GPU-enabled container images, including popular frameworks like PyTorch, Conda, and Kafka. These images are hardened, minimal, and optimised for efficient AI development and deployment. By leveraging Chainguard AI Images, organisations can confidently secure their AI infrastructure, streamline vulnerability management, and maintain high performance with low-to-zero vulnerabilities.
PCI DSS (Payment Card Industry Data Security Standard) requirements for vulnerability management drive add significant worry and complexity for companies investing in their digital architectures, especially when it comes to the data authentication task.
Chainguard simplifies PCI compliance with minimal, zero-CVE containers built entirely from source. The start-up offers minimal, zero-CVE images by default, shrinking its clients’ compliance and auditing worries from day one.
Chainguard helps its clients eliminate PCI DSS overhead and costs with source build pipelines, supply chain transparency, and CVE management. The start-up mitigates the risk of costly security breaches and failed audits, which incite heavy fines and penalties from regulators.
Here Is The Product Line-up
Among Chainguard’s key products is “Chainguard Containers,” which helps companies build software better with minimal, zero-CVE container images guarded under the start-up’s industry-leading remediation SLA (Service-Level Agreement).
The solution enables companies to adopt inherently secure software, allowing engineers to focus more on delivering products and less on patching Common Vulnerabilities and Exposures (CVEs). Additionally, it leverages trusted open-source solutions to enhance security and minimize the attack surface for potential threats. Addressing critical compliance controls by default helps reduce overhead costs and accelerates the time to market for products.
Next is “Chainguard Libraries,” which stop software supply chain attacks without compromising developer experience and productivity with language dependencies built securely in SLSA-hardened build infrastructure.
Using the tool, companies can eliminate risks from compromised build systems and hijacked package distribution mechanisms to prevent attacks like XZ-Utils, MavenGate, and Lottie Player. Chainguard Libraries free up developers to ship faster by eliminating toil and productivity erosion associated with manual and/or policy-based package curation, apart from offloading the hard work of vendors in shared system libraries for dynamically linked languages.
These language libraries get built from source in Chainguard’s SLSA Level 2 build infrastructure, eliminating supply chain attacks at the build and distribution phases of the package lifecycle. Businesses can use the start-up’s language libraries anywhere to develop and deploy the code.
Chainguard helps IT companies standardise their developers on a safe and secure mechanism to consume language dependencies. Chainguard Libraries natively integrate with common artefact managers so developers can pull trusted dependencies without any additional friction.
Finally, we have Chainguard’s “Virtual Machine Software,” which hosts image containers on optimised, minimal, zero-CVE virtual machine images rebuilt from source daily for ephemeral cloud instances. The start-up described this particular solution as the security and innovation-friendly container host that meets “critical compliance controls by default with zero-CVE container hosts guarded under a CVE remediation SLA.”
The “Virtual Machine Software” also focuses on differentiated product experiences, in addition to reducing the burden on engineering and security teams for CVE triage, management, and remediation, while carrying out innovations on the security and performance optimisation front without costly and complex major upgrades.
Image Credits: Chainguard