3rd Party Risk Management,
Application Security,
Governance & Risk Management
Chainguard Secures $356M in Series D Funding Valued at $3.5 Billion to Expand SaaS Offerings Beyond Containers
Chainguard, a security startup focused on supply chain vulnerabilities, has successfully raised $356 million to enhance the security of widely used software components susceptible to both accidental and malicious threats. The funding will allow the Seattle-based company to broaden its offerings from merely protecting container images to encompassing virtual machines and language-specific libraries.
Co-founder and CEO Dan Lorenc indicated that this move is crucial to cover almost all open-source code utilized by enterprises. He emphasized that by fundamentally rebuilding open-source components, Chainguard aims to address vulnerabilities often neglected by other vendors. “You raise rounds when you can, when the market supports it, and before you need to,” said Lorenc, noting that their latest fundraising was driven by robust customer demand and positive market conditions.
Challenges of Open-Source Security Amid Rapid AI Adoption
Founded in 2021, Chainguard now employs over 350 individuals and has raised a total of $612 million across five funding rounds. The most recent influx of capital comes on the heels of a $140 million Series C round completed just nine months prior, during which the company’s valuation tripled to $3.5 billion.
Open-source software is integral to many sectors, ranging from aviation to financial services. However, Lorenc warns of the inherent risks posed by such systems, as they invite contributions from any individual, whether well-intentioned or malicious. To mitigate these risks, Chainguard generates secure versions of commonly used software packages, ensuring they are internally vetted and verified before deployment in enterprise environments.
“We’re addressing both accidental vulnerabilities, such as those seen with log4j, and malicious threats,” Lorenc stated, pointing out the unique challenges posed by the open contributions model. He further highlighted that unlike traditional components, which typically exhibit slower integration in regulated sectors, the adoption of new AI frameworks is progressing at an unprecedented rate. This swift uptake presents challenges for security teams, often pushing security requirements into projects that are not yet fully matured.
Expanding Coverage: From Container Management to Virtual Machines
Virtual machines (VMs) play an essential role since each container operates on one, and numerous applications still depend on VMs for optimal performance. Additionally, programming libraries introduce distinct risks, typically sourced from anonymous contributors, making them prime candidates for malware injection. This comprehensive strategy positions Chainguard to protect a significant portion of open-source software in enterprise settings.
Governmental operations face unique hurdles since many employ open-source solutions within air-gapped environments devoid of internet connectivity, contrasting with the frequent updates seen in commercial enterprises. Nonetheless, Lorenc remains optimistic about the potential for growth as government entities require more advanced security assurances for software utilized in critical infrastructure.
Chainguard has set ambitious revenue goals, projecting an increase from $40 million in 2024 to $100 million by 2025, while also targeting growth in both traditional enterprise markets and public sector engagements. Lorenc reaffirmed the global relevance of Chainguard’s solution, highlighting that open-source software use is universal and transcends geographical boundaries, thereby making security concerns a worldwide issue.
