Rost-9D by way of iStock / Getty Photographs Plus
Observe ZDNET: Add us as a most popular supply on Google.
ZDNET’s key takeaways
- Chainguard targets open-core packages, GitHub Actions, and agent abilities.
- The strategy begins with its new AI-powered Chainguard Manufacturing facility 2.0.
- The corporate is launching new safety-first programmer companies.
From the stage of the Chainguard Assemble 2026 occasion in Manhattan, programming safety firm Chainguard Co‑Founder and CEO Dan Lorenc pulled up an viewers member to noticed a bit of wooden with an old style handsaw. It didn’t go effectively, however the wooden was lower finally. Then, Lorenc pulled out a small energy noticed and lower the identical piece in a number of seconds. He then stated, “It is laborious to make errors with guide instruments since you’re going slower, whereas [AI] energy instruments are much more enjoyable, however they’re additionally much more harmful. We lose much more fingers.”
In brief, we should be taught to make use of energy instruments safely — and that is what Chainguard is trying to do. Lorenc framed the second as an trade transition from “hand woodworking” to energy instruments after which to totally automated meeting strains, with AI brokers driving a lot of the change. “Within the subsequent 12 months, the vast majority of code goes to be written by one thing completely different and one thing new,” Lorenc stated. The one approach to sustain with AI‑accelerated attackers is to automate away the normal 30/60/90‑day patch cycle and begin from methods which might be safe by design.
To realize that focus on, Chainguard has moved its methodology for robotically constructing working system and utility photos from a brittle one to Chainguard Manufacturing facility 2.0. Manufacturing facility 2, the corporate urged, has already eliminated greater than 1.5 million vulnerabilities from buyer manufacturing environments, up from 270,000 a 12 months in the past, by constantly rebuilding and repatching its photos and packages from supply.
Additionally: Why AI is each a curse and a blessing to open-source software program – in response to builders
Chainguard Manufacturing facility 2.0 is a reconciling, AI‑pushed pipeline that pushes the corporate’s catalog towards a desired state, whether or not which means zero identified Widespread Vulnerabilities and Exposures (CVEs), passing a specific QA suite, or assembly efficiency or dimension constraints.
To realize this state, Dustin Kirkland, Chainguard’s SVP of engineering, defined in an interview with ZDNET, “We invested early and sometimes with a number of completely different AI fashions, OpenAI, Claude, and Gemini.” Early brokers solely succeeded “50–60%” of the time, he famous, however the misses turned coaching information: “We might take the exhaust — the issues that did not work — go and repair that, after which feed that again into the mannequin. And issues simply obtained higher.”
The turning level, stated Kirkland, was the corporate’s Driftless agentic framework, which “actually plumb[ed] the reconciler mannequin instantly into the manufacturing facility itself.” He continued: “Right here we get the self‑therapeutic mode… we resolve what we wish the top state to be… after which the reconciler will principally simply run in a loop fixing issues till it meets these standards.”
Additionally: AI is getting scary good at discovering hidden software program bugs – even in decades-old code
That mode is so much higher than what Lorenc described as a fragile, occasion‑pushed Steady Integration (CI) pipeline held collectively by “duct tape and baling wire” to a Kubernetes‑type reconciler sample the place brokers constantly nudge actuality towards a goal description. Because of brokers monitoring upstream releases, Chainguard can monitor greater than twice as many packages as earlier than, securing and producing them in far much less time.
For builders who need to produce protected, helpful packages, that recent strategy means Chainguard is providing greater than half a dozen new and improved companies.
Embracing self-service
On the base of this stack is Chainguard OS. Chainguard stated this Linux distribution is “totally bootstrapped from supply” and never a by-product of Debian, Fedora, or different mainstream foundational Linux distributions that lag behind the newest patch releases. Utilizing Chainguard OS, corporations can now construct their very own bug-free customized Linux distributions, Kirkland stated: “Clients can construct any picture they need from these packages… in any mixture that they need.”
He framed the shift as a part of a broader push towards developer self‑service: “Builders can get hold of the software program they want on the velocity that they want it — which is now.”
Additionally: Is Perplexity’s new Laptop a safer model of OpenClaw? The way it works
Chainguard’s container catalog stays its flagship product, and Product SVP Patrick Donahue highlighted that the corporate is now constructing greater than 2,200 upstream tasks into container photos and sustaining over 30,000 OS packages. Donahue stated that this quantity is “an order of magnitude greater than anyone else.”
To make its merchandise extra accessible, Chainguard launched a free ChainGuard Catalog Starter tier. This tier provides customers a alternative of 5 free photos. The tier is for builders who need to “give it a style” and scale up later. Kirkland referred to as this strategy “leaning into developer self‑service,” giving engineers “entry to 5 photos at no cost” to allow them to get going with out speaking to gross sales.
Extra strategically, the corporate is transferring past open‑supply photos into what it calls Chainguard Business Builds. These are safe, Chainguard‑constructed photos for industrial and open‑core software program, similar to GitLab Enterprise, Elastic, or NGINX. Kirkland defined: “More and more, we have had prospects who come to us with both shared supply fashions or industrial open‑supply fashions… ‘How can we use Chainguard in our proprietary builds?’ And the reply unequivocally is sure.”
In these offers, Kirkland stated Chainguard offers “the safe compiler and language runtimes and all of these libraries that it takes to construct that picture,” giving distributors a hardened, zero‑CVE‑SLA base whereas permitting them to maintain their proprietary IP closed. He predicted this strategy “will revolutionize a bunch of the software program on the market that’s distributed, constructed on high of a Debian or Fedora or an Alpine by providing a protected, safe, hardened, zero CVE various.”
On the language aspect, Chainguard secures upstream repositories similar to PyPI, Maven Central, and npm, the place Donahue stated greater than 450,000 new malicious packages have been noticed throughout main registries in 2025. That is nearly one per minute, if you happen to’re counting.
Additionally: 7 AI coding strategies I take advantage of to ship actual, dependable merchandise – quick
The corporate now claims about 96% protection of Python dependencies, over one million Java artifact variations, and almost 90% of the highest 500 npm dependencies by obtain quantity, with manufacturing facility automation pointed at Java and JavaScript after Python. On condition that many well-liked open-source repositories have been poisoned with malicious code, it is excessive time somebody offered clear, safe packages.
To make consumption simpler, Chainguard has launched the Chainguard Repository, its personal artifact repository fronting these curated libraries. As a substitute of configuring each developer to fall again on to upstream registries, prospects can level CI and AI coding brokers on the Chainguard Repository and implement insurance policies similar to license permit‑lists or a “cool‑down interval” that blocks model‑new libraries for a configurable variety of days, permitting time for malware to be detected.
For patrons with heavy utilization or constrained bandwidth, Kirkland emphasised that Chainguard will “proceed to work with Artifactory and Cloudsmith and others and publish into these artifact registries,” and that these repositories could be mirrored in‑home to keep away from hammering public companies. That functionality additionally reduces the load on struggling open‑supply mirrors that “actually can’t afford the bandwidth quotas.”
Safety and abilities
Recognizing that CI methods at the moment are among the many most delicate components of the software program provide chain, Chainguard unveiled two new product households: Chainguard Actions and Chainguard Agent Expertise.
Lorenc took direct intention at GitHub Actions’ safety mannequin, mentioning how tough it’s for even diligent groups to confirm {that a} market motion is reliable or appropriately scoped. He cited examples the place actions pulled distant scripts or binaries at runtime, or contained shell‑injection dangers that would leak tokens in advanced pipelines, patterns paying homage to actual‑world assaults just like the GitHub‑hosted HackerBot/Flaw campaigns.
Chainguard Actions are “secured by default, drop‑in replacements of upstream GitHub Actions,” constructed and constantly hardened within the manufacturing facility, with exams auto‑generated to make sure that safety fixes do not break habits. To undertake them, Lorenc stated, prospects can “exchange [the upstream org] with chainguard‑dev” of their workflows after which use a single GitHub setting to limit utilization to Chainguard’s curated set.
Additionally: I obtained 4 years of product growth finished in 4 days for $200, and I am nonetheless shocked
Kirkland urged comparable issues are rising within the quick‑transferring world of AI agent abilities. These markdown bundles encode instruments and greatest practices for AI brokers. Kirkland loves agent abilities. The second AI turned a part of his “day‑to‑day workflow” was when he might ask Claude “to encapsulate this set of greatest practices… issues that I would like my groups and my builders and my managers and our engineers to do. Encapsulate that as a talent, after which feed that talent into the agent and say, that is the proper approach to do issues.” That is the nice aspect of brokers. The dangerous is that every one too usually, AI agent abilities, like these shared in Moltbook, are crammed with malicious capabilities.
To fight this subject, Kirkland defined that Chainguard has encapsulated “a few hundred” of those abilities and is now making a curated, hardened subset out there to prospects as Chainguard Agent Expertise, so groups can plug the capabilities instantly into software program construct and assessment processes with out worrying {that a} compromised talent would possibly introduce vulnerabilities or exfiltrate information: “That is what we’re insulating our prospects towards.”
Maybe probably the most bold announcement was Chainguard Gardener. This GitHub app brings items of Chainguard’s manufacturing facility into buyer repositories. As soon as put in, Gardener scans chosen repos for Dockerfiles, library dependencies, AI abilities, and different artifacts that may very well be changed with Chainguard‑secured equivalents, then robotically opens pull requests emigrate, replace exams, and hold dependencies present.
Additionally: 10 ChatGPT Codex secrets and techniques I solely realized after 60 hours of pair programming with it
“The Gardener can continuously look by any of the repositories you resolve to hook it as much as,” Kirkland defined. “It may establish artifacts that may very well be secured utilizing Chainguard artifacts. So it could possibly have a look at Dockerfiles and discover photos that may very well be Chainguard. It will have a look at libraries that purposes are utilizing that may very well be Chainguard… [and] the talents and the brokers that may very well be Chainguard.” The concept, he stated, is to provide prospects “a very nice flywheel,” Chainguard’s personal greatest practices, constantly utilized inside their software program growth life cycle.
Wanting forward, each Lorenc and Kirkland stated they see the developer position itself altering quickly. “The way forward for software program growth is… altering proper earlier than our eyes,” Kirkland stated, arguing that the brand new merchandise collectively supply “every thing that an enterprise or a developer must journey that wave to push issues additional, sooner, safer.” Lorenc was even blunter: “This was the very best time in historical past to be writing software program, however it’s additionally the worst time… The bottleneck is not code anymore. It is establishing belief.” He isn’t improper.
