Cloudsmith raises $72M Series C to secure AI-driven software supply chains as enterprise demand surges

Enterprises are being flooded with code—and much of it isn’t written by humans anymore. That shift is driving fresh urgency around one problem many teams can’t ignore: how to control, verify, and secure the software generated by AI coding tools.

Cloudsmith, a Belfast, Northern Ireland–based startup, thinks it has an answer. The artifact management company just raised $72 million in a Series C round led by TCV, with participation from Insight Partners and existing backers, as it moves to position itself at the center of the shift to AI-driven software development.

The funding lands a year after its Series B and follows a period of strong growth. More large organizations are moving away from legacy systems and adopting cloud-native infrastructure to keep pace with the volume and speed of AI-generated code. Cloudsmith says customers across the Fortune 500 and Global 2000 are already making that switch, turning to its platform to manage software packages, dependencies, and internal artifacts across increasingly complex supply chains.

The timing isn’t accidental. AI coding agents are producing code at a pace that few teams can fully review line by line. That’s creating new risks across open-source libraries, internal builds, and third-party components. For many companies, this has moved from an engineering concern to a board-level issue, especially as regulators push for clearer accountability around software security.

“Cloudsmith is the only platform built for the way software is being developed today — by AI agents. We’re never going back to hand-crafted software. AI agents generate so much software, so fast, it’s nearly impossible for humans to carefully review it all. Cloudsmith has the scale, and the broad view across the open-source ecosystem, to protect enterprises against the new kinds of threats that AI-driven development introduces. TCV and Insight Partners both recognize this profound shift, and their backing is helping Cloudsmith scale up for the massive wave of adoption of AI agents across enterprise software teams,” said Glenn Weinstein, CEO of Cloudsmith.

Investors are doubling down on that thesis. TCV, which led the previous round, returned to lead this one as well, signaling confidence in Cloudsmith’s role as AI reshapes software infrastructure.

“Having led Cloudsmith’s Series B and now its Series C, TCV is proud to deepen our partnership with a company we see as defining artifact management for the AI era. As AI shapes the software supply chain, we believe Cloudsmith is uniquely positioned to become a platform enterprises rely on for compliance, control, and security at global scale,” said Morgan Gerlak, Partner at TCV.

Insight Partners sees the same shift playing out across enterprise software.

“In an era increasingly defined by AI-driven development, securing the software supply chain is critical. As a cloud-native offering, Cloudsmith is well-positioned to do this – providing the scale and reliability needed to help power enterprise and AI-driven builds and mitigate emerging risks. We believe in Cloudsmith’s vision to secure the software supply chain by serving as a curated, AI-ready solution for enterprises of all sizes,” said Thomas Krane, Managing Director at Insight Partners.

What’s changing here goes beyond tooling. The artifact management category itself is being reshaped as AI-generated code becomes a primary source of production software. Each generated component introduces new dependencies, new vulnerabilities, and new questions about trust. Companies now have to track and validate far more software artifacts than before, across more environments and at a higher frequency.

Cloudsmith’s pitch is straightforward: give engineering teams full visibility into every package moving through their systems, with controls that allow them to ship faster without losing oversight. The company plans to use the new capital to accelerate product development and expand its go-to-market efforts.

As AI continues to write more of the world’s software, the bottleneck is shifting. It’s no longer about producing code—it’s about knowing what that code contains, where it came from, and whether it can be trusted. That’s the gap Cloudsmith is betting it can fill.