Operations | Monitoring | ITSM | DevOps | Cloud

AI-generated code is now nearly universal. Enforcement is not. That gap is where your software supply chain is most exposed. Cloudsmith's CEO Glenn Weinstein, Co-Founder & CTO Lee Skillen, and VP of Product Alison Sickelka join Product Marketing Manager Meghan McGowan to unpack the 2026 State of Artifact Management report – a survey-based look at how AI development is reshaping the threat landscape, what organizations are getting wrong, and what the highest-leverage fix actually looks like.

Cloudsmith raised $72 million in Series C funding, led by TCV and Insight Partners, to build the operating system for the modern software supply chain. AI agents are writing code faster than teams can secure it. That shifts the risk calculus because more software, built faster, means more attack surface. Artifact management is the control point between every software producer and consumer, and it's where Cloudsmith sits.

100M+ weekly downloads. One compromised maintainer account. A remote access trojan in two active release branches. This is a 30-minute breakdown of the Axios npm supply chain attack – how it happened, why it was hard to detect, and what any engineering team can do right now to reduce exposure. Nigel Douglas, Head of Developer Relations at Cloudsmith, is joined by Jenn Gile, co-founder of Open Source Malware, a community-driven threat intelligence platform focused on malicious open source packages.

What does it take to build a "Golden Path" that developers actually want to use? In this expert-led webinar, Cloudsmith and Octopus Deploy team up to explore the missing link in your software supply chain: turning artifact creation and management into an automated, trust-backed journey from source to ship.

You’ve built a world-class platform – now how do you get it into the hands of your users without "download friction"? In this video, we look at how DataHub, the leading open source metadata platform, uses Cloudsmith as its cloud-native distribution engine to deliver high-performance software artifacts to a global audience with zero downtime and zero maintenance.

Are you spending more time maintaining your artifact servers than building software? In this video, we explore how BHS Corrugated–a global leader in manufacturing technology with a presence in 20 countries–transformed their developer experience by moving from fragmented, self-hosted GitHub repositories to Cloudsmith: the world’s leading cloud-native artifact management platform.

Is your artifact management slowing down your development velocity? In this video, we dive into how ConstructConnect migrated from JFrog Cloud to Cloudsmith–the world’s leading cloud-native artifact management platform–to eliminate hidden costs, simplify their CI/CD pipelines, and secure their software supply chain.

Learn how to control, secure, and distribute software artifacts with this full on-demand platform demo of Cloudsmith. In this video, Solutions Engineers Dan and Ciara walk you through key features, including web app setup, logging, policy enforcement, signing, and global distribution. Through live demos, you'll see how to integrate Cloudsmith into your CI/CD pipeline, enforce security and compliance, control access with entitlement tokens, and automate everything using the API.

Docker's VP of Product, Michael Donovan, discusses the importance of risk management and the security challenges introduced by the scale of 3rd party software dependency in development. See the full webinar: https:/cloudsmith.com/webinars Get to know Cloudsmith: About Cloudsmith We offer the world's best cloud-native artifact management platform to control, secure, and distribute everything that flows through your software supply chain. Cloudsmith operates at enterprise scale, reduces risk, and streamlines builds.

Join Ian Duffy, Senior Site Reliability Engineer at Cloudsmith, as he discusses using credential providers in Kubernetes to securely pull images from private repositories. Credential providers are a great new feature that appeared in recent versions of Kubernetes. They allow you to pull images using a short-lived authentication token, which makes them less prone to leakage than long-lived credentials - bolstering security in the software supply chain.