Operations | Monitoring | ITSM | DevOps | Cloud

AI is accelerating both sides of the supply chain problem. Developers ship faster using it. Attackers use it to find vulnerabilities, create malicious packages, and automate social engineering.

Every dependency pull is a trust decision. Public registries don't vet what they serve. Cooldown policies give you a gate at the moment that matters most: when a package first enters your environment. Dan McKinney (Solutions Engineering Manager) walks through how Cloudsmith's cooldown policies work and how to configure one in under five minutes. What Dan covers.

Miasma has already hit Red Hat and 73 Microsoft GitHub repos. Here's how it works and what your team can do right now. Nigel Douglas, Head of Developer Relations at Cloudsmith, breaks down the Miasma worm – a self-replicating supply chain attack and evolved variant of Mini Shai-Hulud from threat group TeamPCP. Learn how Miasma uses the yo-yo attack method to move laterally across registries and workstations, why conventional scanners missed it, and the practical steps security teams can take today, including cooldown policies and continuous risk assessment.

AI-generated code is now nearly universal. Enforcement is not. That gap is where your software supply chain is most exposed. Cloudsmith's CEO Glenn Weinstein, Co-Founder & CTO Lee Skillen, and VP of Product Alison Sickelka join Product Marketing Manager Meghan McGowan to unpack the 2026 State of Artifact Management report – a survey-based look at how AI development is reshaping the threat landscape, what organizations are getting wrong, and what the highest-leverage fix actually looks like.

Cloudsmith raised $72 million in Series C funding, led by TCV and Insight Partners, to build the operating system for the modern software supply chain. AI agents are writing code faster than teams can secure it. That shifts the risk calculus because more software, built faster, means more attack surface. Artifact management is the control point between every software producer and consumer, and it's where Cloudsmith sits.

100M+ weekly downloads. One compromised maintainer account. A remote access trojan in two active release branches. This is a 30-minute breakdown of the Axios npm supply chain attack – how it happened, why it was hard to detect, and what any engineering team can do right now to reduce exposure. Nigel Douglas, Head of Developer Relations at Cloudsmith, is joined by Jenn Gile, co-founder of Open Source Malware, a community-driven threat intelligence platform focused on malicious open source packages.

What does it take to build a "Golden Path" that developers actually want to use? In this expert-led webinar, Cloudsmith and Octopus Deploy team up to explore the missing link in your software supply chain: turning artifact creation and management into an automated, trust-backed journey from source to ship.

You’ve built a world-class platform – now how do you get it into the hands of your users without "download friction"? In this video, we look at how DataHub, the leading open source metadata platform, uses Cloudsmith as its cloud-native distribution engine to deliver high-performance software artifacts to a global audience with zero downtime and zero maintenance.

Are you spending more time maintaining your artifact servers than building software? In this video, we explore how BHS Corrugated–a global leader in manufacturing technology with a presence in 20 countries–transformed their developer experience by moving from fragmented, self-hosted GitHub repositories to Cloudsmith: the world’s leading cloud-native artifact management platform.

Is your artifact management slowing down your development velocity? In this video, we dive into how ConstructConnect migrated from JFrog Cloud to Cloudsmith–the world’s leading cloud-native artifact management platform–to eliminate hidden costs, simplify their CI/CD pipelines, and secure their software supply chain.