Today is a big day for @SocketSecurity. We just raised a $60M Series C at a $1B valuation, led by @ThriveCapital with participation from @a16z, @AbstractVC, and @CapitalOne Ventures. Total funding is now $125M. Four years ago, we started Socket because open source dependencies were flowing into production faster than anyone could vet them. AI has massively accelerated that. Code is being written, shipped, and deployed before any human reads it. Security has to operate at that same speed. One data point from Thrive's diligence that I keep coming back to: they first discovered Socket because @cursor_ai, @OpenAI, and @AnthropicAI all independently told them it was the most important security tool they'd adopted for AI-driven development. Three of the most sophisticated AI companies converging on the same vendor unprompted. Since our Series B, Socket has grown to more than 20,000 organizations, protecting over 1.5 million repositories and blocking more than 1,000 supply chain attacks every week. The team is now over 100 people. Three out of five FAANG companies are Socket customers. So are the companies building the most ambitious AI products: @AnthropicAI, @cursor_ai, @xai, @figma, @vercel, @Replit, @scale_AI, @GustoHQ, @Mercadolibre, and @cribl_io, alongside Fortune 100s in financial services and global media. What we've shipped since the last round: • Socket Firewall blocks malicious packages at install time, before they reach a developer's laptop or CI pipeline. Free for everyone. • Reachability analysis via our acquisition of Coana, eliminating 50-80% of irrelevant vulnerability alerts by focusing only on CVEs that are actually exploitable. • Socket Certified Patches for remediating exploitable CVEs in seconds without waiting on upstream maintainers. • Coverage extending to browser extensions, editor extensions, MCP servers, and AI tools via our acquisition of @secureannex. When the Axios compromise hit, our detection systems flagged the malicious dependency within six minutes. Within 24 hours, more than 2,000 organizations onboarded to Socket to block it. Where the funding goes: deeper investment in Firewall, massively expanding Certified Patches, moving protection closer to every point of install across the developer toolchain, and new product launches pushing Socket into a category we haven't entered before. We're hiring across engineering, sales, customer success, and threat intel. ❤️ Thank you to our customers, investors, and the open-source community for your support. Together, we’re making software safer for everyone.

Received a suspicious coding assessment for a crypto company I had zero mutual followers with (yet they had 100K followers on twitter), I just checked the package.json and found this dependency lol (thank you @SocketSecurity)

🔥 Socket Firewall is now built into @Replit's AI-powered development experience. It’s already blocking 8K malicious packages/day across builders on the platform, giving Replit users stronger protection by default the moment dependencies are introduced. socket.dev/blog/socket-partn…

Most people run a security scan for malicious packages before publishing a project But the risk starts the moment they're installed Today we're launching Package Firewall, built in partnership with Socket It blocks malware before it ever reaches your app

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

Most people run a security scan for malicious packages before publishing a project But the risk starts the moment they're installed Today we're launching Package Firewall, built in partnership with Socket It blocks malware before it ever reaches your app

Mini Shai-Hulud/Miasma/Hades are now targeting bioinformatics and MCP developers in a newer PyPI wave. Socket found 23 newly compromised PyPI package-version artifacts using multiple execution paths: → native .abi3.so extensions that run the JavaScript stealer at import time → .pth startup loaders that bootstrap Bun → a new loader variant that searches sys.path for _index.js instead of bundling it in the same wheel The payload also includes a fake prompt-injection header at the top of _index.js to interfere with LLM-based malware triage before scanners reach the obfuscated code.

We are now tracking 471 affected artifacts across npm and PyPI in the Mini Shai-Hulud/Miasma/Hades campaign. The newer PyPI artifacts from this wave have been added to the dedicated campaign tracker. Full breakdown: socket.dev/blog/mini-shai-hu…