Cloudsmith

Cloudsmith

Cloud-native artifact management platform

Overview

Cloudsmith provides a cloud-native artifact management platform with a universal repository for all enterprise software packages and containers. It supports 28+ formats (including Docker, Maven, PyPI, and npm) so teams store, manage, and distribute dependencies and internal assets in one place. An OPA Rego-based policy engine blocks malicious or non-compliant artifacts before they reach the build, and the platform adds auditing, vulnerability scanning, and automated promotion across 600 global edge points for fast, compliant DevOps. Its Embodied Security and AI-driven protection offer governance and visibility to accelerate software delivery while safeguarding the software supply chain.

About Cloudsmith

Simplify's Rating
Why Cloudsmith is rated
B-
Rated B on Competitive Edge
Rated B on Growth Potential
Rated C on Differentiation

Industries

Data & Analytics

Enterprise Software

Cybersecurity

AI & Machine Learning

Company Size

51-200

Company Stage

Series C

Total Funding

$123.4M

Headquarters

Belfast, United Kingdom

Founded

2016

People at Cloudsmith

People at Cloudsmith who can refer or advise you

Simplify Jobs

Simplify's Take

What believers are saying

  • AI-generated dependencies increase demand for stronger artifact governance.[10][1]
  • Fortune 500 and Global 2000 customers validate enterprise-scale adoption.[1][2]
  • $72 million Series C funds product expansion and go-to-market growth.[1][2]

What critics are saying

  • Bundled competitors like JFrog, GitHub, and AWS compress pricing power.[5][2]
  • AI-native IDE controls can reduce Cloudsmith to an integration layer.[10][4]
  • Enterprise security reviews and procurement cycles slow bookings and expansion.[1][2]

What makes Cloudsmith unique

  • Cloudsmith unifies 30+ artifact formats in one cloud-native registry.[1][5]
  • Its policy-as-code engine blocks non-compliant packages before builds start.[5]
  • The platform now extends governance to AI/ML models and datasets.[4][5]

Help us improve and share your feedback! Did you find this helpful?

Funding

Total Funding

$123.4M

Meets

Industry Average

Funded Over

5 Rounds

Series C funding is usually for startups that are doing well and are looking for more money to fuel major growth, such as acquiring other companies, expanding into global markets, or launching new product lines. Investors typically include larger venture capital firms and private equity.
Series C Funding Comparison
Above Average

Industry standards

$50M
$50M
Medium
$62M
SeatGeek
$72M
Cloudsmith
$100M
Oura

Growth & Insights and Company News

Headcount

6 month growth

2%

1 year growth

2%

2 year growth

1%
Cloudsmith
Jun 7th, 2026
Cloudsmith expands leadership with CFO and General Counsel appointments.

Cloudsmith expands leadership with CFO and General Counsel appointments. Jun 7 2026 Belfast, Northern Ireland, 2 June, 2026 - Cloudsmith, the universal artifact management platform trusted by the world's leading enterprises, today announced the appointment of Mark O'Connor as Chief Financial Officer and Dan Lascell as General Counsel, strengthening the executive leadership team as the firm wins an increasingly large share of its market. More enterprises now depend on Cloudsmith to secure and govern their software supply chains. The appointments reflect the company's scale as Fortune 500 and Global 2000 customers are selecting Cloudsmith as their trusted partner. O'Connor had served as an advisor to Cloudsmith's finance organisation through its last three venture financings, including last month's $72m Series C. Lascell had also served in an advisory role, helping build the company's legal and governance infrastructure. O'Connor brings deep experience leading high-growth SaaS businesses through venture stage, acquisition, and public markets. He has served as CFO or in senior finance roles at Bugcrowd, Tenfold, Appirio, Nuance Communications, and BeVocal. O'Connor's deep institutional knowledge will help Cloudsmith establish financial and procurement controls suitable for an IPO-scale company. "Our focus is on building Cloudsmith's infrastructure for longevity," said Mark O'Connor, Chief Financial Officer, Cloudsmith. "That means ensuring our financial controls and commercial rigor are up to audit-ready standards, while enabling our customer-facing teams to move fast and lead the market. That combination means customers can trust Cloudsmith as a mission-critical infrastructure partner." Lascell brings extensive experience across technology and security companies, with legal leadership roles at Appirio, Bugcrowd, Tercera, AmberPoint, and webMethods. His background in corporate development and international expansion, combined with knowledge of Cloudsmith's commercial and compliance posture, provide Lascell with deep institutional context. He will lead legal, compliance, and commercial contracting, focusing on enterprise procurement and internal governance. "Cloudsmith's platform is built on trust, providing secure artifacts, provable provenance, and policy-driven governance. Our internal legal and compliance posture reflect that same commitment," said Dan Lascell, General Counsel, Cloudsmith. "Our job is to scale the legal and risk frameworks to ensure Cloudsmith is a dependable long-term partner for large enterprise customers with complex regulatory and legal obligations." "Mark and Dan are important additions to our leadership team," said Glenn Weinstein, Chief Executive Officer, Cloudsmith. "Enterprise customers rely on Cloudsmith as a dependable partner they can trust at every level, including the platform, their commercial relationship with Cloudsmith, and our internal governance. Mark and Dan will help ensure we meet the highest standards for financial rigor and legal credibility." The appointments follow Cloudsmith's $72M Series C financing from TCV and Insight Partners. Cloudsmith is scaling to meet the needs of the world's largest and most complex software development organizations, offering customers a secure software supply chain with artifact management that is simple by design, secure by default, and cloud-native. The company's universal artifact management platform serves over 30 formats, delivering secure low-latency distribution from a global package delivery network. Cloudsmith's customers include many Fortune 500 and Global 2000 organizations. About Cloudsmith. Cloudsmith is the leading cloud-native, fully managed universal artifact management platform that helps platform engineering, DevOps, and cybersecurity teams control, secure, and distribute software artifacts globally. Supporting over 30 artifact formats - including containers, language packages, OS packages, and AI/ML models - Cloudsmith delivers enterprise-grade features including continuous vulnerability and malware scanning, SBOM generation, cryptographic signing, a policy-as-code engine, and a global package delivery network with intelligent edge caching. Cloudsmith is built for scale, compliance, and automation, enabling customers in banking, fintech, telecom, software, and AI-native industries to modernize their software supply chains with confidence. Cloudsmith is ISO 27001 and SOC 2 certified and trusted by customers worldwide. Learn more at https://www.cloudsmith.com. Media contact. Other press articles Belfast, UK, 23 April, 2026 - Cloudsmith, the universal artifact management platform trusted by some of the world's leading enterprises, today announced a $72M Series C financing led by TCV and with participation from Insight Partners, along with investments from other existing investors. The additional funding positions Cloudsmith for massive growth to power the era of AI-driven software development. Apr 23 2026 Cloudsmith announced an expansion of its advanced security capabilities, framing the platform as a unified control plane that bridges the gap between threat intelligence and active enforcement. The release highlights two core capabilities - continuous package enrichment (pulling from OSV.dev, EPSS, and OpenSSF malicious package data) and OPA-based policy management with features like cool-down periods, exploitability prioritization, deep SBOM inspection, and malicious package detection. The underlying argument: security tools surface risk just fine, but enforcement is disconnected from where software actually moves - and Cloudsmith fixes that. Mar 23 2026 Cloudsmith announced the early access launch of its Model Context Protocol (MCP) Server. This new integration layer brings Cloudsmith's capabilities directly into the developer's AI-powered workflows Nov 10 2025

Irish Tech News
Apr 7th, 2026
The word cloud is in our name Glenn Weinstein, CEO Cloudsmith - Irish Tech News

Northern Ireland is a launchpad for thriving startups, and one startup that has done very well is Belfast based Cloudsmith. Back in March they had an

MSP Channel Insights
Nov 10th, 2025
Cloudsmith unveils AI-driven model context protocol server

Cloudsmith unveils AI-driven model context protocol server. Cloudsmith launches its MCP Server to seamlessly integrate AI with software development workflows. * Monday, 10th November 2025 Posted 10 hours ago in by Aaron Sandhu Cloudsmith has announced early access to its Model Context Protocol (MCP) Server, an integration designed to embed AI capabilities directly into developers' workflows. This advancement connects popular AI tools like Claude and CoPilot with the software supply chain, guiding teams to better manage and understand their artifacts while operating within existing processes. The surge in AI-powered development is reshaping developers' interactions with software artifacts. As reliance on AI agents and LLMs increases, integration with these modern tools is paramount. The MCP Server facilitates developer interactions by ensuring seamless workflows, negating the need for API calls or switching between multiple interfaces. Using Cloudsmith's new protocol, developers can leverage AI assistants to review builds or trigger workflows through natural language - a transformative approach to ensure trusted data and governance across interfaces without diversions. Built on the open Model Context Protocol, Cloudsmith connects LLMs directly to its artifact ecosystem. Developers gain the ability to retrieve repository details and initiate secure actions through MCP-mediated API calls, ensuring complete audit logs for transparency in all interactions. Within predefined governance boundaries, these AI-driven actions, like analyzing trends or defining policies, happen seamlessly within the developers' workflow environments. AI's influence is manifesting in multiple ways, as noted by Alison Sickelka, VP of Product at Cloudsmith. She highlights the integration of tools like Claude and CoPilot, ensuring engineers effectively manage and secure software artifacts. By merely asking questions within their familiar environments, engineers can execute tasks, ensuring governance and trusted data integration are intrinsic to the software supply chain. Continuing advancements in AI redefine software development. Cloudsmith meets these challenges by launching an ML Model Registry, addressing the need to manage emerging artifact types as meticulously as traditional packages. Furthermore, Cloudsmith enhances the Enterprise Policy Manager with robust policy enforcement, automation, and real-time visibility capabilities, addressing the rapid pace driven by AI-assisted development. These innovations form essential components of a modern, AI-ready software supply chain, empowering developers to build securely and scale efficiently.

Prism Thinking Media Limited
Nov 10th, 2025
Cloudsmith launches MCP Server to enhance developers' AI-powered workflows

Cloudsmith launches MCP Server to enhance developers' AI-powered workflows. Cloudsmith, a leading cloud-native artifact management platform, today announced the early access launch of its Model Context Protocol (MCP) Server. This new integration layer brings Cloudsmith's capabilities directly into the developer's AI-powered workflows. Built to connect the AI tools developers already use like Claude or CoPilot directly into the software supply chain, it's helping teams better understand, manage, and make decisions around their artifacts - all within existing workflows. A new phase in ai-led development. The rise of AI-powered development has changed how developers and engineers interact with software artifacts, introducing new ways of working. Developers are increasingly relying on AI agents and LLMs to handle the day-to-day tasks, and as these workflows evolve, the tools that power modern software development must integrate seamlessly with the agents and interfaces developers use today and those they will use in the future. The MCP Server ensures those interactions happen where developers already build, without the need to make API calls, log into separate UIs, or switch between tools. With Cloudsmith's MCP Server, developers can simply ask their AI assistant to inspect a package, review a build, or trigger a workflow in natural language - meeting developers where they work, ensuring the same trusted artifact data and governance are available across every interface. A bridge between AI and the software supply chain. Built on the open Model Context Protocol (MCP) standard, Cloudsmith's implementation connects LLMs directly to Cloudsmith's artifact ecosystem. Through natural language, developers can retrieve and interpret details about their repositories, packages, and builds. They can also initiate secure, non-destructive actions through MCP-mediated API calls with full audit logs to maintain visibility over every interaction. Within defined governance boundaries, each LLM or agent can perform meaningful actions like analyzing usage trends, defining policies through Cloudsmith's policy-as-code engine, or taking approved actions on their repositories, all from within the environments where developers already work. "AI is redefining how developers work, moving from manual clicks to natural language interactions. We see this shift every day with our customers. Cloudsmith's MCP Server is a necessary bridge to this new way of working," said Alison Sickelka, VP of Product at Cloudsmith. "By integrating directly with tools like Claude and CoPilot, we ensure engineers can manage, secure, and make decisions about their software artifacts simply by asking a question within the environment they already use. This isn't just about convenience, it brings trusted artifact data and governance exactly where developers build, making the AI part of the secure software supply chain, not separate from it." AI is transforming software development in several important ways. The first is through tools like the MCP Server, which bring AI directly into developers' everyday workflows. The second is through the emergence of new artifact types and data models that require the same level of management and control as traditional software packages - a challenge Cloudsmith addresses with its ML Model Registry, now generally available. And the third is through the sheer acceleration of software creation itself, driven by AI-assisted development. To support this new reality, Cloudsmith has expanded its Enterprise Policy Manager with enhanced policy enforcement, automation, and real-time visibility features. Together, these innovations form three pillars of a modern, AI-ready software supply chain - one that gives developers the confidence, control, and insight they need to build securely and at scale.

D2 Emerge
Sep 3rd, 2025
Cloudsmith launches ML Model Registry to provide a single source of truth for AI models and datasets

Cloudsmith launches ML Model Registry to provide a single source of truth for AI models and datasets.

Recently Posted Jobs

Sign up to get curated job recommendations

There are no jobs for Cloudsmith right now.

Find jobs on Simplify and start your career today

We update Cloudsmith's jobs every few hours, so check again soon! Browse all jobs →