Senior Director

Percona, a provider of enterprise-grade open source database software, has partnered with Chainguard to deliver secure container images of open source databases with full enterprise support. The collaboration addresses a key challenge: organisations struggling to securely deploy containerised databases without building custom images themselves. Chainguard will create hardened, minimal container images with verifiable provenance, FIPS readiness and defined CVE service-level agreements, whilst Percona provides enterprise-grade support. The partnership covers Percona's entire database portfolio, including software for MySQL, PostgreSQL and MongoDB, plus community versions of PostgreSQL, MySQL, MariaDB, Valkey and Redis. The collaboration aims to help organisations meet stricter security requirements and compliance frameworks whilst reducing the time teams spend patching and adapting container images.

Introducing the Activity Center: one place for every change that matters. Matt Stead, Product Marketing Manager, and Ron Norman, Director of UX and Design Today, Chainguard, Inc. is introducing the Activity Center: a unified, configurable notification experience built directly into the Chainguard Console. The Activity Center provides every team in your organization with a single, reliable source of truth for updates that affect their work, including breaking changes, security advisories, image lifecycle events, and entitlement updates. No more missed communications. No more deployment failures from changes you didn't see coming. The problem with "good enough" communications. Security and platform teams move fast. But staying ahead of breaking changes, CVE fixes, image end-of-life dates, and product updates requires too much manual effort: monitoring multiple channels, chasing down customer success managers, or discovering critical information after something breaks in production. The cost of that gap is real. Missed communications lead to downtime, deployment errors, and eroded trust in the tools your team depends on. This is especially true for teams building AI and ML pipelines, where changes to the base image or CVE advisories in model-serving infrastructure can have a major downstream impact. Chainguard customers deserve better. The Activity Center is its answer. A centralized feed for every update that matters. The Activity Center is part of Chainguard's Platform and Console experience and surfaces updates across every category that can impact your operations: * Breaking changes: Timely, targeted alerts before product and engineering changes affect your workflows * Incidents: Real-time transparency when customer-facing issues arise * CVEs and advisories: Critical security notifications that require immediate awareness or action * Image version updates: Targeted alerts scoped to the images your organization actually uses * Entitlement updates: Changes to your product and feature access * Product and feature news: Announcements, improvements, and end-of-life awareness Everything is filterable by category, so each team - platform engineers, security engineers, downstream developers, executive sponsors, and more - can tune the Activity Center to surface what's relevant to their role. The right update, through the right channel. The Chainguard Console is the Activity Center's home base, but your team shouldn't have to live there to stay informed. Chainguard routes notifications to wherever your teams work: * Console feed: A centralized, always-available view of recent activity * Email: Updates based on your preferences * Slack / Microsoft Teams: Configurable integrations so updates land directly in the tools your teams already use Admins can configure distinct points of contact, so the right notifications reach the right people automatically, without manual routing or CSM intervention. What's coming next. The current release focuses on breaking changes and incident notifications, the highest-urgency category for most teams. Granular image lifecycle notifications, entitlement updates, and advanced CVE filtering will be introduced in subsequent phases. Longer term, Chainguard, Inc. is building toward an API feed so teams can consume image update events, including fixed CVEs, new versions, and severity details directly in their own tooling, automation pipelines, and AI/ML workflows. Chainguard, Inc. is also adding CVE severity thresholds and advanced filtering options for teams that need finer-grained control. Get started. The Activity Center is available now in the Chainguard Console. Admins can configure notification preferences and set up essential contacts directly in Console Settings. If you're a current customer, Chainguard, Inc. recommend reviewing your notification preferences during your next team check-in to ensure every role is covered.

Chainguard is working quickly to restore trust in software created by AI. At the recent Chainguard Assemble 2026 event in Manhattan, Chainguard's co-founder and CEO, Dan Lorenc, vividly illustrated the challenges of programming security by demonstrating the differences between manual and power tools. After a humorous struggle with an old-fashioned handsaw, he effortlessly cut through the same piece of wood with a power saw, remarking on the mistakes that can arise from using faster tools. This metaphor served as a reminder that, as the industry shifts towards AI-driven solutions, learning to navigate these new technologies safely is essential. Lorenc emphasized that the transition marks a significant shift in how code is produced, foreseeing that in the coming year, a considerable portion of programming will be conducted by innovative automated systems. In response to the sophisticated threats posed by AI-enhanced attackers, the company aims to eliminate traditional patch cycles by fostering a culture of secure system designs from the outset. Chainguard is transforming its approach to building operating system and application images, evolving from a fragile methodology to the more robust Chainguard Factory 2.0. This new version has reportedly eradicated over 1.5 million vulnerabilities from client production environments, a drastic increase from the previous year's figure of 270,000, by consistently rebuilding and updating its images and packages. The Factory 2.0 operates on a refined AI-driven mechanism that steers the company's catalog toward achieving a secure state, whether that entails having zero known vulnerabilities or meeting specific performance benchmarks. Dustin Kirkland, the senior vice president of engineering at Chainguard, shared insights on the company's commitment to integrating various AI models to refine their processes. Initially, these models only operated successfully about 50-60% of the time, but the continuous improvements yielded more reliable outcomes. A pivotal advancement within Chainguard's strategy is the Driftless agentic framework, which directly integrates the reconciliation model into the production process, enabling a self-healing capability in the system. This framework allows the company to address issues and maintain desired operational parameters reliably. With this fresh methodology, Chainguard is introducing a variety of enhanced services aimed at helping developers create secure and effective software. At its foundation is Chainguard OS, a Linux distribution built entirely from source code, distinguishing itself from common distributions like Debian or Fedora, which may not always reflect the latest security updates. This product empowers organizations to customize their Linux distributions without the typical constraints. Chainguard's premier product remains its expansive catalog of container images, with ongoing efforts to incorporate over 2,200 upstream projects and maintain a library of more than 30,000 OS packages. To enhance accessibility, the company has unveiled a free tier known as ChainGuard Catalog Starter, allowing users to experiment with five complimentary images, paving the way for later expansions. Strategically, Chainguard is moving toward developing Chainguard Commercial Builds, which are secure images tailored for both commercial and open-source software, allowing businesses to leverage Chainguard's capabilities without publicly exposing their proprietary code. This initiative responds to increasing requests from clients who utilize shared or commercial open-source models for integration with Chainguard's secure infrastructure. In addition, as a response to the rising threats of malicious code in popular libraries, Chainguard is enhancing the security of upstream repositories like PyPI, Maven Central, and npm. The company now maintains robust coverage of dependencies in these environments, identifying vulnerabilities, and ensuring clean and safe software distribution. To further facilitate development processes, Chainguard has introduced its own Chainguard Repository, an artifact repository that aggregates curated libraries. This setup allows organizations to enforce security policies and manage library use more effectively, thereby addressing bandwidth concerns and reducing reliance on public infrastructures. Recognizing the importance of CI systems in the software supply chain, Chainguard has released two new product lines: Chainguard Actions and Chainguard Agent Skills. These offerings aim to enhance the security around common development practices, specifically targeting security flaws found in shared scripts and resources commonly used in AI tools. Chainguard Actions provide secure alternatives to traditional GitHub Actions, while the Chainguard Agent Skills package best practices for AI capabilities, protecting teams from vulnerabilities introduced by compromised tools. One of the standout innovations presented is Chainguard Gardener, a GitHub application that systematically scans repositories and identifies opportunities for securing artifacts using Chainguard's offerings. This tool proposes updates and maintenance, ensuring constant alignment with best practices in software development. Both Lorenc and Kirkland conveyed a sense of urgency regarding the evolving landscape of software development. Kirkland remarked on the rapid changes in developer roles and capabilities, positing that the newly introduced products equip developers to advance more efficiently and securely. Lorenc echoed this sentiment, highlighting the paradox of this moment: while it's perhaps the most exciting era for software creation, it also presents significant challenges in establishing trust.