Socket raises $60M Series C at $1B valuation as AI-generated code fuels software supply chain attacks

Socket raises $60M Series C at $1B valuation

Socket, a software supply chain security company, has closed a $60M Series C at a $1B valuation, led by Thrive Capital. Founder Feross Aboukhadijeh says the business has grown 500%-plus on ARR over the last twelve months, with no sign of deceleration.

Why now

Three forces are converging. AI tools are generating more code than ever, and developers — and increasingly non-developers — are pulling in open source dependencies at a pace that outstrips any meaningful review. More code means more third-party components, and those components are being vetted less than ever before.

At the same time, frontier AI models like Mythos are now being run against legacy codebases and surfacing thousands of high-severity vulnerabilities in major operating systems and open source libraries. The volume of known vulnerabilities is rising fast, and it will keep rising as these models work through a backlog of code that has sat unreviewed for years.

The third pressure is attacker behavior. Rather than hunting for exploits in individual companies, attackers are compromising open source components to reach the thousands of organizations that depend on them simultaneously. Aboukhadijeh says three major software supply chain attacks hit on the same day at the end of last month.

“Over the last while, we've had 500% plus ARR growth over the last twelve month period. AI is generating more code than ever before, developers are pulling in open source dependencies at unprecedented velocity, and attackers have realized they can exploit the software supply chain to get into not just one but thousands of organizations. It's literally our end of quarter — three major software supply chain attacks happened that same day.”

The maintainer bottleneck

Even when vulnerabilities are found and patches are written, they often stall. Frontier labs are doing the work of identifying bugs and submitting PRs, but accepting a pull request commits a maintainer to maintaining that code indefinitely. Many maintainers, already under strain before AI-generated "slop PRs" added to their queue, are sitting on patches. That leaves a growing library of vulnerabilities with working exploit code publicly visible on GitHub and no clean upgrade path for the companies depending on those packages.

Socket's answer is a product called Certified Patches, which it describes as a one-click fix that removes a vulnerability from a project's dependencies without requiring a package upgrade or any additional developer work. Critical patches are being made available to the open source community for free.

Customer adoption

Aboukhadijeh says software supply chain security has moved from a niche concern to a top-one or top-two board-level issue at nearly every company Socket talks to. Early adoption was concentrated in crypto — where supply chain hacks can cause irreversible financial loss — followed by AI labs and SF tech companies. The concern is now close to universal across software businesses. The one exception Aboukhadijeh offers: a toilet paper manufacturer with no software products.

Takeaway: Socket's growth is being driven by a structural gap between the accelerating volume of vulnerable open source code and the capacity of the open source community to patch it. At 500%-plus ARR growth and a $1B valuation, the round reflects investor conviction that the gap is widening, not closing.