Chainguard
Category: AI in Cybersecurity
Chainguard is the trusted source for secure, hardened open source software — providing minimal container images, libraries, VMs, and packages with zero CVEs, built to secure the software supply chain for the AI era. Chainguard was founded in 2021. The company is led by Dan Lorenc. Based in Kirkland, Washington, USA. Team size: 500+. Total funding raised: $892M. Latest round: Debt. Key investors include Sequoia Capital, Spark Capital, Amplify Partners, IVP, Kleiner Perkins, Redpoint Ventures, Lightspeed Venture Partners, General Catalyst, Salesforce Ventures, Datadog Ventures, Mantis VC, Banana Capital.
- Founded
- 2021
- Headquarters
- Kirkland, Washington, USA
- Team size
- 500+
- Total funding
- $892M
Value proposition
Secure-by-default open source software — hardened, minimal, production-ready builds with zero CVEs, continuous patching, and full provenance (SBOMs, Sigstore signatures), eliminating the burden of vulnerability management for engineering teams
Products and solutions
Chainguard Containers (minimal, zero-CVE container images), Chainguard Libraries (guarded catalog of libraries), Chainguard VMs (optimized VM images rebuilt from source daily), Chainguard OS Packages (secure ingredients for custom container builds), Chainguard Actions (secure CI/CD workflows), Chainguard Agent Skills (hardened AI agent skills catalog), Chainguard Factory (agentic software factory for building, patching, and hardening open source), Chainguard AI Images (GPU-enabled container images for AI workloads like PyTorch, Conda, Kafka)
Unique value
Only Chainguard delivers zero-CVE open source artifacts across the entire stack (containers, libraries, VMs, packages) built from source in a SLSA L3-compliant Factory, reducing attack surface by 85% and saving thousands of engineering hours per year
Target customer
Enterprise engineering and security teams at Fortune 500 companies, technology providers, and government/federal agencies needing to secure their software supply chains, meet compliance requirements (FedRAMP, PCI DSS, SOC 2, CMMC), and protect AI workloads
Industries served
Technology/Software, Financial Services, Defense/Government (FedRAMP), Healthcare, Public Sector, Startups
Technology advantage
Proprietary Chainguard Factory (agentic software factory); Wolfi Linux distribution (community Linux undistro designed for containers); Sigstore co-creation (keyless signing standard); Distroless container approach; SLSA L3-compliant build pipeline; automated rebuild bots that patch CVEs in hours not weeks; 1,400+ container images, 13,000+ packages maintained; upstream-first contribution philosophy
How they differentiate
Unlike traditional security tools that merely scan for vulnerabilities (shift-left), Chainguard starts left — building secure artifacts from source by default. Their images have 97.6% fewer CVEs than alternatives. They maintain their own Linux distribution (Wolfi), build from source in a SLSA L3-compliant Factory, and provide continuous automated rebuilds that patch CVEs before scanners even detect them. They cover the full stack: containers, libraries, VMs, OS packages, CI/CD actions, and AI agent skills.
Main competitors
Snyk (developer security scanning), Aqua Security (cloud-native security), Anchore (container security scanning), Ubuntu Chiselled (minimal container images from Canonical)
Key partnerships
Cursor (secure open source artifacts for agentic coding), Endor Labs (end-to-end supply chain security), Upwind (runtime verification), Anchore (container scanning integration), CISA/OpenSSF (open source security foundations), FINOS (financial services open source), ILS (federal government)
Notable customers
Anduril, Canva, Snowflake, Hewlett Packard Enterprise, Snap Inc., OpenAI, Fortinet, Wiz, Cyera, Checkmarx, Appian, Sourcegraph
Major milestones
Founded Oct 2021, Seed $5M Dec 2021, Series A $50M Jun 2022, Series B $61M Nov 2023, Series C $140M Jul 2024 (unicorn at $1.12B), Series D $356M Apr 2025 ($3.5B valuation), $280M debt financing Oct 2025, $40M ARR in FY2025 (7x YoY growth), Named Leader in 2026 Gartner Magic Quadrant for Software Supply Chain Security, 1,400+ container images, 500+ employees, 100+ enterprise customers
Growth metrics
$40M ARR (FY2025, 7x growth); targeting $100M+ ARR; 424,000+ engineering hours saved; 106,000+ CVEs remediated; 85% reduction in attack surface; 97.6% avg reduction in CVEs; 500+ employees (up from 87 in 2023); 100+ enterprise customers
Market positioning
Leader in software supply chain security; named a Leader in the 2026 Gartner Magic Quadrant for Software Supply Chain Security; valued at $3.5B; $40M ARR in FY2025 (7x growth), targeting $100M+ ARR; trusted by Fortune 500 enterprises
Geographic focus
Global (HQ in Kirkland, WA, USA; fully remote with 500+ employees globally; expanding international markets)
Patents and IP
Key open source projects created/maintained: Wolfi (Linux undistro), Sigstore (co-creator), Distroless (co-creator), apko (declarative OCI image builder), melange (APK packaging), gitsign, cosign, Rekor, Octo-STS, digestabot, policy-controller
About Dan Lorenc
Ex-Google software engineer (nearly a decade) working on containers, Kubernetes, and open source infrastructure; co-creator of Sigstore and Distroless; MIT graduate (BS Mechanical Engineering)
Official website: https://www.chainguard.dev