Today’s digital playing field demands rapid innovation and exponential digital transformation. In that frenzy, progress often outpaces oversight. In balancing innovation and security, Chainguard Inc. is creating tools that secure open-source software without slowing down development teams.

Chainguard’s Ryan Carlson talks with theCUBE about open-source software security.

“Chainguard is riding a couple of massive waves,” said Ryan Carlson (pictured), president of Chainguard. “First, anybody using open-source software can be made better with Chainguard, and anybody who cares about keeping their company secure can benefit from Chainguard. Obviously, that’s every company on the planet. Our customers range from series A startups building [artificial intelligence] applications to Fortune 500, pharmaceutical and healthcare companies.”

Carlson spoke with theCUBE’s John Furrier at the RSAC 2025 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed Chainguard’s approach to creating security solutions that accelerate innovation. (* Disclosure below.)

How visibility drives action in open-source software security

The cybersecurity sector is undergoing a replatformization — a fundamental rethinking of the tech stack from the ground up. The rapid adoption of AI infrastructure, integrated large language models, cloud-native technologies and a growing movement toward low-code/no-code development is driving this shift, according to Carlson.

“Most security solutions maybe come at the expense of speed, or most innovative solutions come at the expense of security and risk,” he said. “We feel like we can solve a security problem and help companies go faster because we’re doing work on their open-source software that they would have had to do themselves.”

Chainguard began by offering visibility into software supply chains, but quickly realized that insight wasn’t enough — customers needed actionable remediation. The team applied its Kubernetes and open-source expertise to build a solution that uses distroless container architecture, stripping out unnecessary components to reduce vulnerabilities and rebuild software securely from the source, according to Carlson.

“We know open-source software and how it’s built and the nuances of packages, libraries and dependencies,” he said. “We realized we can help people fix these things by rebuilding from source. Our products today are container images that are rebuilt from source all the way through to registry, so people have visibility and context, but really, what they’re getting is open-source software with the vulnerabilities remediated.”

Chainguard started with container images but is now expanding its product suite to include virtual machine host images and language-specific libraries. Importantly, the company hasn’t had to shift its customer base — these new products still serve the same DevSecOps teams. This consistency in audience has streamlined the company’s go-to-market strategy and allowed for rapid scaling without complex repositioning, Carlson added.

“I think typically when any kind of iconic startup becomes a really big company, they go from being a single product company to a multi-product company,” he said. “Where I think most companies fail when they bring multiple products into the mix is that they don’t appreciate the fact that they might now have to sell those additional products to different types of people. We’re creating a budget in many cases for something that didn’t exist before — we have to show them quickly why this is a good investment.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2025 Conference event:

(* Disclosure: Chainguard Inc. sponsored this segment of theCUBE. Neither Chainguard nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE