GoKawiilRost-9D via iStock / Getty Images Plus
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Chainguard targets open-core programs, GitHub Actions, and agent skills.
The approach starts with its new AI-powered Chainguard Factory 2.0.
The company is launching new safety-first programmer services.
From the stage of the Chainguard Assemble 2026 event in Manhattan, programming security company Chainguard Co‑Founder and CEO Dan Lorenc pulled up an audience member to saw a piece of wood with an old-fashioned handsaw. It did not go well, but the wood was cut eventually. Then, Lorenc pulled out a small power saw and cut the same piece in a few seconds. He then said, "It's hard to make mistakes with manual tools because you're going slower, while [AI] power tools are a lot more fun, but they're also a lot more dangerous. We lose a lot more fingers."
In short, we must learn to use power tools safely -- and that's what Chainguard is attempting to do. Lorenc framed the moment as an industry transition from "hand woodworking" to power tools and then to fully automated assembly lines, with AI agents driving much of the change. "In the next 12 months, the majority of code is going to be written by something different and something new," Lorenc said. The only way to keep up with AI‑accelerated attackers is to automate away the traditional 30/60/90‑day patch cycle and start from systems that are secure by design.
To achieve that target, Chainguard has moved its methodology for automatically building operating system and application images from a brittle one to Chainguard Factory 2.0. Factory 2, the company suggested, has already removed more than 1.5 million vulnerabilities from customer production environments, up from 270,000 a year ago, by continuously rebuilding and repatching its images and packages from source.
Also: Why AI is both a curse and a blessing to open-source software - according to developers
... continue reading