Cloudsmith Raises $72M to Lock Down AI's Software Backdoor

Cloudsmith, a Belfast-born artifact management platform that's become critical infrastructure for companies building AI-powered software, just closed a $72 million Series C led by TCV, with participation from existing backer Insight Partners. The round values the company north of $300 million and marks one of the largest enterprise infrastructure bets this year on a problem most organizations don't realize they have until it's too late.

The timing isn't accidental. As generative AI tools flood enterprise codebases with machine-written packages — from internal libraries to open-source dependencies — the software supply chain has become simultaneously more complex and more opaque. Cloudsmith's pitch: you can't secure what you can't see, and most companies have no unified visibility into the artifacts flowing through their build pipelines.

"The attack surface just exploded," says Ciaran McHale, Cloudsmith's co-founder and CTO. "Teams are shipping faster than ever, but they're also pulling in more external code than ever. AI coding assistants don't audit dependencies — they optimize for speed. That's where the cracks appear."

Founded in 2016, Cloudsmith started as a universal package repository — a single place to store Docker images, Python wheels, npm packages, and every other artifact format developers use. What began as a developer convenience tool evolved into a security-first platform as software supply chain attacks like SolarWinds and Log4Shell moved from theoretical risks to front-page breaches. The company now counts over 500 enterprises as customers, including names like Red Hat, Databricks, and several Fortune 100 financial institutions it won't name publicly.

Here's the unsexy truth about modern software: most of what ships isn't code your developers wrote. It's packages they imported. The average enterprise application pulls in hundreds of dependencies — open-source libraries, third-party SDKs, internal tools built by other teams. Each one is an artifact. Each one is a potential entry point.

Traditional security tools scan code repositories. They catch vulnerabilities in what you write. But they struggle with artifacts — the compiled, packaged, ready-to-deploy units that actually run in production. You can have a perfectly secure codebase and still ship malware if a compromised npm package slips through your CI/CD pipeline.

Cloudsmith sits at the chokepoint. Every artifact that enters or leaves an organization's infrastructure flows through its platform, where it's scanned, signed, indexed, and — critically — tracked. If a vulnerability appears in a dependency six months after deployment, Cloudsmith knows exactly which builds are affected and where they're running.

"We're not replacing GitHub or GitLab," says CEO Alan Carson. "We're securing the layer below that — the binaries, the containers, the packages that actually get deployed. That's where the risk concentrates, and that's what regulators are starting to demand visibility into."

The Series C was oversubscribed, according to Carson, in part because investors see AI as an accelerant for Cloudsmith's core thesis. The conventional narrative is that AI-powered coding assistants — GitHub Copilot, Cursor, Replit — make developers more productive. The less-discussed reality: they also make supply chains messier.

Generative AI tools suggest code snippets based on patterns scraped from billions of lines of open-source code. They're optimized for functionality, not for vetting the provenance of the libraries they recommend. A junior developer using Copilot might import a package that solves their immediate problem but introduces a licensing conflict or a known CVE two versions back.

Cloudsmith doesn't block AI-assisted development. It audits the artifacts that result from it. Every package added to a project gets fingerprinted, scanned against vulnerability databases, and checked for policy violations — license incompatibilities, unsigned binaries, dependencies flagged by security teams. If something doesn't pass, it doesn't deploy.

The shift matters because velocity is the new default. Organizations that used to ship quarterly now ship daily. The manual reviews that once caught risky dependencies don't scale at that pace. Artifact management platforms automate the part that breaks first when speed increases.

Cloudsmith's growth also tracks the rise of software supply chain regulation. The Biden administration's 2021 executive order on cybersecurity mandated Software Bill of Materials (SBOM) requirements for federal contractors. The EU's Cyber Resilience Act, expected to take full effect in 2027, imposes similar transparency mandates on commercial software sold in European markets. Organizations that can't produce an SBOM on demand — a machine-readable inventory of every component in their software — face procurement disqualification or compliance penalties.

Carson says the $72 million will fund three priorities: expanding the go-to-market team in North America, building deeper integrations with AI development toolchains, and scaling the platform to handle what he calls "artifact explosion" — the exponential growth in the number of packages enterprises need to manage as microservices architectures fragment monolithic applications.

The company plans to double headcount over the next 18 months, with most hires concentrated in sales and customer success. Cloudsmith's product is technical — it sells to DevOps teams and security architects — but the buying decision increasingly involves procurement and legal, which means longer sales cycles and more hand-holding.

On the product side, Cloudsmith is building native integrations with AI coding platforms. The goal: surface security and compliance warnings directly in the IDE, at the moment a developer imports a risky package, rather than waiting for a CI/CD pipeline failure hours later. Think real-time policy enforcement embedded in the tools developers already use.

The third investment area — platform scale — addresses a problem that sounds mundane but becomes existential at enterprise scale. Some Cloudsmith customers manage millions of artifacts across hundreds of repositories. Querying that volume in real time, especially during incident response, requires infrastructure that doesn't buckle under load. The company is rebuilding parts of its backend to handle 10x current artifact volumes without degrading search or scan performance.

"We don't want to be the platform that works great until you actually need it," says McHale. "When someone discovers a zero-day in a widely used library, our customers need to know within minutes — not hours — which of their deployments are exposed. That's not a features problem. That's an infrastructure problem."

TCV, the Menlo Park firm that previously backed Spotify, Netflix, and Airbnb, doesn't typically lead rounds in infrastructure startups this early. The firm's enterprise portfolio skews toward later-stage companies with clear paths to IPO. That it moved on Cloudsmith at Series C signals conviction that artifact management is transitioning from niche tooling to foundational infrastructure — the kind that becomes difficult to rip out once embedded in an organization's deployment pipeline.

"Software supply chain security was a checkbox item three years ago," says David Yuan, the TCV general partner who led the investment. "It's now a board-level risk. The companies that win this category won't be the ones with the most features. They'll be the ones developers don't have to think about — the infrastructure that just works, every build, every deploy."

Artifact management sits in a strange competitive position. It's adjacent to several mature software categories — version control, CI/CD, vulnerability scanning — but doesn't neatly belong to any of them. GitHub offers package registries. JFrog built a business around Artifactory. Sonatype focuses on open-source governance. Docker has its own registry for container images.

Cloudsmith's differentiation, according to Carson, is universality. Most competitors specialize in one or two artifact formats. Cloudsmith supports 28, from Maven to Cargo to Alpine packages. For organizations with polyglot development teams — some building in Python, others in Go, others in Rust — managing artifacts across multiple format-specific registries creates visibility gaps.

The company also differentiates on deployment flexibility. Cloudsmith offers both SaaS and on-premises deployments, which matters in regulated industries where data residency requirements prohibit storing artifacts in third-party clouds. Financial services customers, in particular, want the control of self-hosted infrastructure with the feature velocity of a SaaS product. Cloudsmith's architecture makes that possible without forking the codebase.

Still, the market isn't winner-take-all. JFrog, the most established player, went public in 2020 and trades at a $3 billion market cap. Sonatype raised $400 million in a 2019 Vista Equity Partners buyout. There's room for multiple large outcomes, especially as enterprises increasingly deploy multiple tools in this category rather than betting on a single vendor.

One unresolved tension: much of the artifact ecosystem is built on open-source infrastructure. Docker registries run on open-source software. So do many npm and PyPI mirrors. Cloudsmith competes with free, self-hosted alternatives that technically offer similar functionality — if you're willing to staff a team to maintain them.

Carson's counterargument is operational leverage. Running your own artifact registry is possible. Running it securely, at scale, with global replication, automated vulnerability scanning, and audit trails that satisfy SOC 2 auditors is a multi-person job. Most organizations would rather outsource that complexity, especially as compliance requirements tighten.

Cloudsmith's Series C arrives during a broader reset in enterprise software valuations. The frothy 2021-2022 period, when infrastructure startups raised at 30x ARR multiples, is over. Growth-stage deals are getting done, but at more grounded valuations and with higher bars for unit economics.

That Cloudsmith attracted TCV — a firm known for backing capital-efficient, high-retention businesses — suggests the company's metrics cleared those bars. Carson declined to share specific ARR figures but confirmed the company is growing north of 100% year-over-year and has been cash-flow positive on a quarterly basis since late 2024.

The unit economics make sense in part because Cloudsmith's product has high technical switching costs once deployed. Migrating artifact repositories isn't impossible, but it's disruptive — the kind of project that gets perpetually backlogged unless something breaks. That creates the retention profile investors prize in infrastructure businesses.

The other investor-friendly attribute: Cloudsmith sells into a budget that's growing. Cybersecurity spending remains one of the few areas where enterprises aren't cutting, even as broader IT budgets tighten. Software supply chain security, specifically, is a line item that didn't exist five years ago and now commands eight-figure allocations at large organizations.

Three open questions shadow Cloudsmith's growth trajectory, none of which this funding round resolves.

First: does artifact management remain a standalone category, or does it get absorbed into broader DevOps platforms? GitHub, GitLab, and Atlassian all have the distribution to bundle artifact management into their existing products. If they decide to compete aggressively on features rather than just offer basic registries, Cloudsmith's differentiation narrows.

Second: how much of the market actually needs universal artifact management versus format-specific tools? Cloudsmith's pitch assumes polyglot development teams are the norm. But plenty of organizations standardize on a single language stack and don't need a registry that supports 28 formats. The addressable market might be smaller than the pitch suggests.

Third: what happens when the AI coding assistant providers build supply chain security directly into their products? If GitHub Copilot starts warning developers about risky dependencies in real time, does that erode Cloudsmith's value proposition, or does it validate the category and drive more awareness? The answer probably depends on execution, but the possibility that AI platforms vertically integrate this capability is real.

Despite those risks, the core investment thesis holds: software supply chains are more complex and more attacked than ever, and most organizations lack basic visibility into what's running in production. Cloudsmith solves a problem that's only getting worse as AI accelerates development velocity and regulatory scrutiny intensifies.

The company's advantage isn't just technical — it's temporal. Cloudsmith has been building in this space since before software supply chain security was a boardroom topic. It has customer relationships, integration partnerships, and institutional knowledge that competitors would need years to replicate. In infrastructure categories, that head start compounds.

The $72 million gives Cloudsmith runway to capitalize on that lead before the market fragments or consolidates. Whether it ends up a standalone public company, an acquisition target for a larger DevOps platform, or something in between depends on how the next 24 months unfold. What's harder to argue against: the problem it's solving isn't going away.

And in enterprise infrastructure, solving a problem that persists is usually enough.