Socket Raises $40M to Enhance AI-Powered Open Source Security

Cybersecurity Firm Socket Raises $40 Million With Backing From Bret Taylor, Jerry Yang

(Reuters) - Cybersecurity services provider Socket said on Tuesday it has raised $40 million in a mid-stage round from a host of existing and new investors, including OpenAI Chairman Bret Taylor, Yahoo Co-Founder Jerry Yang and Shopify CEO Tobias Lutke. The funding was led by Abstract Ventures. Venture capital firm Andreessen Horowitz also participated. Startups that use the artificial intelligence technology has attracted investors' attention even as dealmaking activity has remained subdued in private markets elsewhere. Socket uses AI to detect and prevent threats in open source code. While the company did not disclose the valuation at which the funding round happened, a source familiar with the matter said it was around $500 million. Socket, which has raised $65 million till date, plans to use the proceeds to build out its team across engineering, product and design. Founded in 2021, the company currently supports six programming languages, including Java and Ruby. Socket claims to detect and block more than 100 software supply chain attacks every week. Its services are used by over 7,500 organizations. (Reporting by Rishi Kant in Bengaluru; Editing by Shilpi Majumdar)

Socket Secures $40M to Combat Software Supply Chain Attacks, Backed by Abstract Ventures, Andreessen Horowitz, and Bret Taylor

Socket looks to address security gaps in open source software models. Socket, a developer-first security platform that protects critical applications from software supply chain attacks, has raised $40 million in a Series B funding round. Led by Abstract Ventures, the round saw participation from Elad Gil, Andreessen Horowitz (a16z), and notable angel investors including Bret Taylor (OpenAI), Phil Venables (Google), and Tobias Lütke (Shopify). The funding brings Socket's total capital to $65 million, with plans to scale its team and accelerate product development. With over 90% of modern applications relying on open-source software, security has become more essential than ever. Traditional Software Composition Analysis (SCA) tools are proving inadequate in handling the growing frequency and sophistication of supply chain attacks. Socket addresses this gap by offering a proactive solution, monitoring open-source packages for malicious behaviours such as backdoors, typo-squatting, and obfuscated code. "We've seen incredible momentum over the past year," said Feross Aboukhadijeh, founder and CEO of Socket. "Our technology has enabled leading AI, B2B, and finance companies to switch from legacy SCA tools like Snyk to Socket. We're not just catching vulnerabilities -- we're detecting and blocking malicious threats in real-time." Socket, built by prolific security experts whose open-source software is installed over 1 billion times per month, is trusted by top organisations in tech, media, manufacturing, and finance. The platform now supports six programming languages, including recently added Java and Ruby, and handles critical use cases like licence enforcement and reachability analysis, positioning itself as a comprehensive replacement for legacy SCA tools. "As generative AI drives unprecedented speed in software development, the risk of malicious or vulnerable packages slipping through is higher than ever," noted Amjad Masad, Replit founder and CEO. "Socket provides preventative protection, catching threats before they can compromise organisations and enabling developers to innovate without sacrificing security." In the past year, Socket's AI-powered threat detection has enabled the company to block over 100 software supply chain attacks each week, a key factor in its rapid growth. Today, the platform protects more than 7,500 organisations and 300,000 GitHub repositories. "Socket is revolutionising how companies secure their software," said Ramtin Naimi, Founder and Managing Partner at Abstract Ventures. "Their preventative and developer-friendly approach is exactly what's needed as organisations face increasing software supply chain threats." With the new funding, Socket intends to expand its engineering, product, and sales teams to address the increasing demand for its platform. According to Aboukhadijeh, the company is focused on building a world-class team to tackle one of the most urgent challenges in software today.

Socket secures $40M to strengthen open-source software security - SiliconANGLE

Socket secures $40M to strengthen open-source software security Supply chain security startup Socket Inc. announced today that it has raised $40 million in new funding to fuel its mission to modernize security for open-source software and expand its team across engineering, product and design. Founded in 2020, Socket offers a developer-first security platform that is designed to protect code from malicious or vulnerable dependencies. The platform proactively monitors open-source packages to detect potential threats such as malware, backdoors and typo-squatting. The platform proactively blocks potential threats before they infiltrate systems, enabling real-time protection. Socket's platform also uses artificial intelligence features, including dependency analysis, to assist with threat detection to ensure faster and more efficient identification of vulnerabilities. Socket's platform supports six programming languages, including Java and Ruby, which have recently been added, and handles critical use cases like license enforcement and reachability analysis. According to Socket, this makes the company's service a comprehensive replacement for legacy tools. "Our technology has made it possible for leading AI, B2B and finance companies to switch from legacy SCA solutions like Snyk to Socket," said founder and Chief Executive Feross Aboukhadijeh. "We're not just catching vulnerabilities -- we're detecting and blocking malicious threats in real-time." The company claims an impressive customer list that includes Replit Inc., Figma Inc., Athropic PBC, Vercel Inc., Brave Software Inc., SymphonyAI Group LLC and Metamask. "As generative AI drives unprecedented speed in software development, the risk of malicious or vulnerable packages slipping through is higher than ever," said Replit founder and CEO Amjad Masad. "Socket provides preventative protection, catching threats before they can compromise organizations and enabling developers to innovate without sacrificing security." The Series B round was led by Abstract Ventures LP, with participation from Elad Gil, Andreessen Horowitz and a sizable list of angel investors. Angels participating in the round include Sierra Technologies Inc. co-founder and OpenAI Chairman Bret Taylor, Phil Venables from Google LLC, Scott Johnston from Docker Inc., Christina Cacioppo from Vanta Inc., Alphabet Inc. board member Ann Mather and Tobias Lütke from Shopify Inc. Including the new funding, Socket has raised $65 million to date.

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an "enterprise-wide risk" to their organizations. Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. Security firm Synopsys found in its 2023 report that 89% of businesses' codebases contained open source tools over four years out of date. A 2024 report by the Ponemon Institute found that over half of organizations have experienced a software supply chain attack. These attacks could cost the economy almost $81 billion in lost revenue and damages by 2026, estimates Juniper Research. Socket, a startup that provides tools to detect security vulnerabilities in open source code, has raised $40 million to help address the problem. CEO Feross Aboukhadijeh founded Socket in 2020. A prolific open-source maintainer and web security lecturer at Stanford, Aboukhadijeh says he came to believe that traditional security tools were insufficient to address the challenges of modern software development. "The extensive network of dependencies -- numbering in the thousands -- pose significant security risks that traditional tools fail to mitigate," Aboukhadijeh told TechCrunch. Dependencies are pieces of software or libraries that an app relies on to function. "Even with rigorous internal code reviews, external dependencies introduce the risk of software supply chain attacks that are hard to detect and manage," Aboukhadijeh continued. Socket's solution is a scanner that looks for malicious activity, like backdoors and obfuscated code, in open source components, and alerts developers when dependencies and packages are updated or added. Through integrations with generative AI APIs from Anthropic and OpenAI, Socket can also generate summaries of vulnerabilities (with minimal hallucinations, one hopes). In addition, the platform can optionally check to see that open source code is properly licensed -- and therefore legal -- for re-use. "Socket is designed for engineering teams and application security teams who rely heavily on open-source software," Aboukhadijeh said. "It integrates seamlessly into the developer workflow, providing real-time insights during code reviews and dependency updates without overwhelming users with false positives." More software companies are relying on open source than ever before. In a 2023 report published in collaboration with the Open Source Initiative and the Eclipse Foundation, 95% of respondents said that their organizations increased -- or at least maintained -- their open-source usage in the past year. With the software supply chain security platform market expected to grow to as much as $3.5 billion by 2027, it's not surprising that Socket has rivals. Oligo, a company that focuses on runtime app security and observability, came out of stealth in February backed by $28 million. Endor emerged from stealth with $25 million last October, following Chainguard's $50 million raise in early June. What sets Socket apart, Aboukhadijeh argues, is its ability to catch possibly harmful code other tools miss -- in particular code to exfiltrate sensitive data. Socket is detecting over 100 zero-day software supply chain attacks every week, he claims. Socket's impressive list of backers -- and clients -- would suggest that there's some credence to those assertions. Entrepreneur Elad Gil and Andreessen Horowitz participated in Socket's Series B, along with Yahoo co-founder Jerry Yang (disclosure: Yahoo is TechCrunch's corporate parent), OpenAI chairman Bret Taylor, Twilio co-founder Jef Lawson, and Shopify co-founder and CEO Tobias Lütke. Socket's customers, meanwhile, include Anthropic, Harvey, Figma, Vercel, one of the four biggest banks in the U.S., and "the largest and most well-recognized AI company." (Interpret the last one as you will.) Aboukhadijeh described the new Series B round as "pre-emptive," claiming that Socket still hasn't spent the Series A cash that it raised last August. "We are on track to grow revenue by 400% in 2024," Aboukhadijeh told TechCrunch. "Socket currently has over 100 customers and protects more than 7,500 organizations, defending 300,000 code repositories and supporting over 1 million developers worldwide." The new cash brings Socket's total raised to $65 million during what Aboukhadijeh described as a pivotal moment in open source history. AI, he pointed out, is being used to write more and more code, which is introducing the potential for security holes. "Now was the right time to raise these funds," Aboukhadijeh said. "New AI attack vectors have created a pressing need for Socket to bring security assurances to the code generated by these AI-powered tools. Socket's technology addresses this critical gap in the market, and the additional funding will help scale its impact." Socket, which has 32 employees today, plans to grow its team to 50 people by the end of the year with a focus on the engineering, product, design, and sales sides of the Stanford-based company.