Cloudsmith secures $72M for AI security

Software supply chains are having an AI moment — and not the fun kind. The more code companies generate with copilots and agents, the more packages, models, containers, and hidden dependencies they have to trust. That is the gap Cloudsmith is selling into. On April 23, 2026, the Belfast-founded company said it raised a $72 million Series C led by TCV, with Insight Partners joining in, to build more tooling around controlling and securing AI-powered software delivery. (cloudsmith.com) ### What does Cloudsmith actually do? Cloudsmith is basically an artifact management platform. That means it gives companies one place to store, govern, and distribute the building blocks that go into software — not just source code, but packages, containers, configuration files, operating systems, and AI models too. Instead of teams pulling critical components from a mess of scattere(cloudsmith.com)to flow through one controlled system. (siliconangle.com) ### Why is that suddenly more important? Because AI coding tools change the math. When developers — or autonomous agents — can generate software much faster, review becomes the bottleneck. A human team might still understand one new dependency added by hand. It is much harder to understand hundreds of machine-assisted changes landing(siliconangle.com)act layer, not just at the code editor. (cloudsmith.com) ### What is the company promising to secure? The interesting part is the scope. Cloudsmith is not talking only about open-source libraries. It says enterprises are using the platform to govern full software supply chains, including containers and AI-related artifacts. SiliconANGLE’s breakdown makes the product feel more concrete — the platform can generate software bills of materials, (cloudsmith.com)rms, and enforce policies before components get used downstream. (siliconangle.com) ### Why do investors care? This is not a generic AI-tools round. TCV led Cloudsmith’s Series B and came back for the Series C, while Insight Partners also doubled down. That matters because repeat backing usually signals the investors think the company’s core market got bigger, not smaller. Cloudsmith said the round comes after stron(siliconangle.com)gement tools. (cloudsmith.com) ### Is this really about “AI security”? Yes — but in a narrower, more useful sense than the phrase usually implies. This is not model safety in the “will the chatbot misbehave?” sense. It is supply-chain security for the stuff AI systems help create and consume. Think provenance, vulnerability scanning, compliance, and policy enforcement. If AI agents are now junior developers that ne(cloudsmith.com)nts are shipping. (cloudsmith.com) ### What changes after this round? Cloudsmith says the money will go into faster product development and broader go-to-market expansion. In plain English — more features, more enterprise sales, and a bigger push to become the default control plane for software artifacts in AI-heavy organizations. SiliconANGLE also notes the company’s total outside funding now tops $110 million, which gives it real room to chase that position. (cloudsmith.com) ### What is the catch? The hard part is proving that artifact control becomes a must-have budget line, not just a nice-to-have DevSecOps tool. Plenty of companies still treat package management as plumbing. But AI-generated software makes the plumbing strategic. More output means more chances for vulnerable, unlicensed, or just plain unknown components to slip through. That is the wedge Cloudsmith is betting on. (siliconangle.com) ### Bottom line This round matters because it points to where AI infrastructure spending is moving next. Not just toward building models faster, but toward verifying everything those models and agents pull into production. Cloudsmith is betting the next enterprise AI winner might be the company that says “no” at exactly the right moment. (cloudsmith.com)