The software supply chain is entering a new phase of complexity. Developers are shipping code faster than ever through AI assistance, yet the tools that orchestrate those builds remain among the least secured layers of the technology stack. Chainguard, a software security company, is now racing to close that gap by expanding its hardening approach across three critical frontiers: automated CI/CD workflows, commercial software, and the emerging ecosystem of AI agent skills.
The need is urgent. Last year, attackers compromised the widely used tj-actions/changed-files GitHub Action and exposed secrets across more than 23,000 repositories by redirecting version tags to a malicious commit. More recently, an autonomous AI bot known as hackerbot-claw demonstrated how easily these workflows can be exploited by scanning public repositories continuously for a week to find vulnerable GitHub Actions configurations, then successfully breaching multiple major organisations. These incidents reveal a fundamental vulnerability: CI/CD pipelines power modern software delivery, but the privileged workflows inside them remain one of the least secured layers of the stack.
Chainguard's response combines continuous monitoring with automated remediation. Using agents, Chainguard Actions ingests popular third-party CI/CD workflows, starting with GitHub Actions, and evaluates them against a comprehensive security ruleset that detects unsafe patterns, excessive permissions, and supply chain risks. Actions that fail the review are automatically remediated and published in a secure catalogue, ready for use in production workflows. The system continuously adapts: whenever upstream Actions change or the Chainguard ruleset evolves, affected workflows are automatically resecured without requiring manual intervention.
Yet the company is not simply hardening existing tools. It is expanding into commercial software and, crucially, into the realm of AI agent skills. Chainguard's product strategy is expanding from hardened container images for Kubernetes environments to secure library artifacts across Python, Java and Javascript, and from there the focus shifts to AI adoption, with new efforts aimed at helping customers use AI tools and agents safely without increasing security risk.
The challenge posed by AI agents is distinct. AI agent skills, or small, modular instruction sets that extend what an AI agent can do, are rapidly spreading across platforms such as Claude Code, Codex, and OpenClaw. These skills operate with deep permissions and minimal oversight. Chainguard Agent Skills enables developers to frictionlessly install top skills to drive more value and expand the use cases of their agents without extending their attack surface. It automatically ingests skills from open source registries, reviews them against a security and quality ruleset, hardens them using Chainguard reconciliation agents, and publishes them with a complete audit trail.
The rationale for this expansion is pragmatic: nearly 455,000 new malicious packages flooded npm, PyPI, and Maven Central in 2025, the average container carries more than 600 known CVEs, and 89% of container images in production contain known vulnerabilities. As AI increases the speed, scale, and sophistication of supply chain attacks, any vulnerability becomes more exploitable in the future. The math is stark. Traditional security approaches rely on human review and periodic patching. But developers and AI agents are generating and shipping code faster than ever before, and attackers are too, exposing the limits of traditional security models that try to find and fix vulnerabilities after the fact.
The counterargument is worth stating clearly: some observers worry that centralising security control through a single vendor creates dependencies and potential lock-in. When asked about this criticism, CEO Dan Lorenc responded: "I don't believe it's possible to provide hardened containers with real software choice without from-source builds and your own distro." The argument has weight. Security-by-default tends to require deep technical control over the build process; true interoperability is difficult to achieve in practice.
Yet the scale of Chainguard's customer base suggests the market is accepting that trade-off. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, Canva, Fortinet, Hewlett Packard Enterprise, OpenAI, Snap Inc., and Snowflake. The company has also launched partnerships with major software vendors: early partners in the Commercial Builds program include Azul, Chainloop, Elastic, Expanso, F5 NGINX, GitLab, Grafana Labs, Mattermost, Nirmata, Percona, Smallstep, and Tiger Data.
What emerges is a pragmatic bet on a new operating model. Rather than asking developers to be security experts and patch managers, Chainguard and its growing partner ecosystem propose that security be embedded as an inherent property of the software itself. The real challenge now isn't just writing code faster; it's building trusted software that is secure from the start. Whether that vision will survive contact with the complexity of real-world deployment, and the human friction of adopting new tools, remains to be tested.