Chainguard’s Plan to Secure AI-Generated Software

The transition to AI-powered software development is accelerating, but this new velocity introduces significant security risks. At a recent industry event, Chainguard’s CEO Dan Lorenc illustrated this shift by comparing manual coding to using a power saw: while far more efficient, the faster tools are also far more dangerous. His company’s mission is to build the safety mechanisms for this new era, where the majority of code will soon be written by AI. To keep pace with AI-accelerated threats, the traditional slow patch cycle must be replaced with systems that are secure by design from the outset.

Chainguard’s response is Chainguard Factory 2.0, an AI-driven pipeline that continuously reconciles software toward a desired secure state. This system has already removed over 1.5 million vulnerabilities from customer environments by constantly rebuilding images and packages from source. Dustin Kirkland, Chainguard’s SVP of Engineering, explained that the breakthrough came from integrating their Driftless agentic framework, which creates a self-healing loop. Agents work continuously to nudge software toward predefined criteria, whether that means zero known CVEs or passing specific quality tests, moving beyond fragile, event-driven CI pipelines.

This foundational technology enables a suite of new and improved services aimed at developer self-service. At the base is Chainguard OS, a Linux distribution bootstrapped from source rather than derived from mainstream distributions that often lag on patches. This allows companies to build their own custom, bug-free Linux images. The company’s container catalog remains a flagship, now building over 2,200 upstream projects and maintaining more than 30,000 OS packages. To lower the barrier to entry, Chainguard introduced a free ChainGuard Catalog Starter tier, offering five free images so developers can experiment without a sales conversation.

A strategic expansion is Chainguard Commercial Builds, which provides secure, hardened images for commercial and open-core software like GitLab or NGINX. For vendors, this means accessing a secure build environment and zero-CVE base while keeping their proprietary intellectual property closed. On the language side, Chainguard is securing upstream repositories like PyPI and npm, where malicious package uploads are a constant threat. The company now offers high coverage of popular dependencies and provides the Chainguard Repository, a curated artifact repository where organizations can enforce security policies and license controls.

Recognizing CI systems as critical vulnerabilities, Chainguard unveiled Chainguard Actions as secure, drop-in replacements for GitHub Actions. These are continuously hardened to prevent issues like shell-injection or token leakage. Similarly, the rise of AI agents prompted the creation of Chainguard Agent Skills, a curated set of hardened skills that prevent malicious capabilities from infiltrating build and review processes.

Perhaps the most ambitious tool is Chainguard Gardener, a GitHub app that brings the factory’s capabilities directly into customer repositories. Once installed, it automatically scans for Dockerfiles, dependencies, and AI skills that could be replaced with Chainguard-secured equivalents, then opens pull requests to migrate and update them. This creates a continuous “flywheel” of security best practices within the development lifecycle.

Looking forward, both executives see the developer’s role transforming. The bottleneck is no longer writing code, but establishing trust in the software supply chain. The new suite of products is designed to help enterprises and developers move faster while embedding security into every layer of the process.