Socket Raises $60M for Wider Software Supply-Chain Defense

3rd Party Risk Management , Agentic AI , Application Security Socket Raises $60M for Wider Software Supply-Chain Defense Funding at $1B Valuation Will Expand Controls Across Developer and AI Ecosystems Michael Novinson (MichaelNovinson) • May 26, 2026     Credit Eligible Get Permission Feross Aboukhadijeh, founder and CEO, Socket (Image: Socket) A startup led by a former Stanford University lecturer raised $60 million to bring security controls to endpoints, laptops, notebooks and local developer environments. See Also: Know Thy Enemy: Threats to Cyber Resilience The Thrive Capital-led Series C round will help San Francisco-based Socket expand beyond traditional package managers into broader software ecosystems such as browser extensions, editor plug-ins, MCP servers and artificial intelligence skills marketplaces, said founder and CEO Feross Aboukhadijeh. Socket views all of these components as part of the modern software supply chain and believes enterprises need protection (see: Socket Buys Secure Annex to Expand Supply-Chain Visibility). "Security is a winner-take-all market, and the company that sees the most attacks is going to build the best detections, and they're going to attract the most customers because they have a better product," Aboukhadijeh said. "And then that will help them surface even more attacks. So, it's basically a flywheel." Socket, founded in 2020, employs 103 people and has raised nearly $125 million, having last completed a $40 million Series B round in October 2024 led by Abstract Ventures. The company has been led since its inception by Aboukhadijeh, who spent several years as a visiting lecturer at Stanford and was an open-source developer at WebTorrent and Standard JS. Socket got a $1 billion valuation with the Series C (see: Socket Accelerates Open-Source Security With $40M Series B). "Talking to Cursor, OpenAI and Anthropic, they all independently told Thrive that Socket was the most important security tool that they had adopted in response to AI-driven development," Aboukhadijeh said. "When three of the most sophisticated AI companies are converging on the same vendor unprompted, that's what got them to pay attention." How Attackers Are Directly Targeting Software Supply Chains The widespread use of AI coding tools is creating entirely new attack surfaces because employees are increasingly pulling third-party dependencies and open-source packages into enterprise environments without full visibility into what's being installed, Aboukhadijeh said. This shift is creating visibility issues for CISOs because much of the generated code never reaches traditional repositories such as GitHub. "AI is generating more code than ever before, and so there's more code being written by humans and AI agents, and it's less vetted than it's ever been," Aboukhadijeh said. The pace of AI-driven vulnerability discovery now exceeds the ability of many open-source maintainers to respond, with maintainers often overworked and unable to quickly review, merge or release fixes, Aboukhadijeh said. That gap creates operational challenges for enterprises that depend heavily on open-source software but can't wait for official fixes to become available, Aboukhadijeh said. "The total volume of vulnerabilities is about to explode, and every one of those creates the need to patch the exploit, and that's something Socket can help with," Aboukhadijeh said. Attackers are evolving beyond traditional exploitation techniques and increasingly targeting software supply chains directly through malicious packages, browser extensions and developer tooling, he said. Traditional vulnerability scanners are poorly equipped to detect these threats because there may be no exploitable coding flaw at all since the malicious functionality is intentionally embedded, he said. "Sophisticated attackers have been attacking the supply chain directly," Aboukhadijeh said. "They're not looking for vulnerabilities necessarily. They're inserting intentional backdoors, and no vulnerability scanner catches that. This is a completely different class of problem." How Socket Reduces the Risk of Malicious Dependencies Socket Firewall blocks malicious packages before they reach endpoints or CI pipelines, and organizations are using the product as a protective layer that allows broader AI adoption while reducing the risk of introducing malicious dependencies, Aboukhadijeh said. Socket plans to expand its Firewall product into additional ecosystems, including browser extensions, AI skills platforms and editor plug-ins, he said. "A lot of companies will literally use Firewall as a guardrail for AI so they feel safe rolling out AI and allowing anyone in the company to use these tools," Aboukhadijeh said. Socket currently offers approximately 10,000 certified patches and provides critical fixes to the community free of charge while monetizing fixes for high-, medium- and low-severity vulnerabilities. The new funding will support expansion beyond JavaScript into all major software ecosystems, with the company hiring more engineers and working with open-source maintainers to scale patch development. "We're talking about a vulnerability being discovered in the morning and your company being exploited in the afternoon," Aboukhadijeh said. "It's just an unprecedented increase in the pace of how quickly you need to patch these vulnerabilities before you're going to be attacked through them. That's the reason why we built this product." The surge in supply-chain attacks has strained Socket's internal resources because the company still performs substantial human analysis on malicious packages, extensions and threat campaigns, and the Series C round will help Socket expand both its AI compute infrastructure and its human security research teams. Human review remains necessary to ensure accuracy and reduce false positives, he said. "We do have humans looking at all our findings," Aboukhadijeh said. "Socket does not just take the results of AI and give them directly to our customers. Everything that we do is vetted by humans."