Cloudsmith, a Belfast-based cloud-native artifact management platform, has raised $72M in Series C funding led by TCV and Insight Partners. The platform supports over 30 package formats, containers, and AI/ML models to secure software supply chains. The capital will accelerate product development, hiring, and go-to-market efforts amid rising AI-driven threats.
AI Threats Drive Funding Surge
The raise follows a wave of supply chain security investments, with JFrog securing $226M in total funding and Sonatype raising $156M. Recent reports highlight escalating risks, including 21,764 malicious open-source packages in Q1 2026 per Sonatype. Cloudsmith's fully managed SaaS model differentiates from competitors' self-hosted options by simplifying security for AI-generated code.
Supply Chain Attacks Explode
Software supply chain threats have surged, with a 73% increase in malicious packages in 2025 according to ReversingLabs. The artifact repository market stands at $1.85B growing at 14.8% CAGR. Enterprises face challenges from AI agents producing code too rapidly for manual review, exacerbating vulnerabilities in dependencies and artifacts.
Cloud-Native Security Layer
Cloudsmith provides universal support for 30+ formats with built-in vulnerability scanning, policy enforcement, and global edge caching across 600+ PoPs. Unlike JFrog Artifactory or Sonatype Nexus, which often require complex setups, Cloudsmith offers a managed service with end-to-end encryption and automated governance. Customers like PagerDuty achieved 50% cost savings and zero downtime after migrating.
As CEO Glenn Weinstein noted:
"AI agents generate so much software, so fast, it's nearly impossible for humans to carefully review it all."
Repeat Investors Signal Scale
TCV, which led the prior $23M Series B, doubled down alongside Insight Partners, bringing total funding to $124M. This growth capital validates Cloudsmith's 103% YoY ARR growth and positions it for enterprise expansion. The round marks the largest ever for a Northern Ireland tech firm, per BBC News.
DevSecOps Market Accelerates
The broader DevSecOps market reached $11.49B in 2026, projected to hit $31.96B by 2034 at 13.65% CAGR. Regulatory pressures like US Executive Order 14028 mandate SBOMs, driving adoption. Cloudsmith's focus on AI/ML registries and policy-as-code enforcement aligns with trends like exploding OSS malware reported by Sonatype.
Founders Built from NYSE Pains
Co-founders Alan Carson and Lee Skillen developed Cloudsmith after experiencing artifact management challenges at NYSE's Belfast operations. CEO Glenn Weinstein, former Twilio Chief Customer Officer, brings SaaS scaling expertise. This team has grown the company to 146 employees with 99.99% uptime and customers including Shopify and Thrivent.
Belfast Eyes Unicorn Status
With deployments serving Fortune 500 clients like Thrivent—handling 49M+ monthly downloads and reducing incidents by 62%—Cloudsmith plans US expansion and security hires. CEO Weinstein hinted at nearing $1B valuation, fueling national growth from its Belfast HQ.