Chainguard and Cursor partner to bring secure open source artifacts to agentic coding

As AI-generated code volume continues to grow, a business’s open source supply chain trust gap becomes a core risk in deployment. Agentic software development gets safer for everyone today: Chainguard and Cursor are partnering to make Chainguard Containers and Chainguard Libraries the trust layer for open source for Cursor, the leading AI coding platform used by millions of developers.

With this partnership, developers work with the same speed and precision as before. However, now, instead of pulling the open source images and Python, JavaScript, and Java dependencies they need for a given project from insecure public registries, they pull them from the Chainguard Repository. This allows engineering teams that use both Chainguard and Cursor to continue shipping fast, except now without the catastrophic risk of malware.

The risk hiding in plain sight

There's a pressure every engineering and security leader is feeling today. Everyone wants their developers to move fast using the most capable tools available. However, they also want to confidently know that the code inside their applications won't send their cloud service credentials, SSH keys, GitHub secrets, and cryptocurrency tokens to a malicious actor.

Every time a developer or AI agent pulls a package from npm, PyPI, or Maven Central or an image from Docker Hub, your organization is making a trust decision whether you realize it or not. Public registries weren't built with the trust and security guarantees production code demands. Without verifiable proof of who made an artifact, how it was built, and where it came from, that decision is closer to a coin flip than an important security control.

Over the last few weeks, we saw Trivy, LiteLLM, Telnyx, and Axios — four projects used by tens of millions of developers — spread credential harvesting malware to their users through poisoned containers and libraries. These attacks followed two waves of Shai-Hulud worms that exfiltrated hundreds of thousands of company credentials and even led to financial damages and corporate extortion.

Unfortunately, the attackers have said themselves that this is the year of the supply chain, meaning these attacks are now an unfortunate reality of coding in the age of AI and have real consequences for security teams and developers. They cause development to screech to a halt. Engineering teams' productivity craters as they go into incident response and triage mode, figuring out if they are impacted and rotating credentials if they are.

The bottleneck for software development today is no longer writing code. It's being confident that what's written is safe for production.

Shipping fast while remaining malware-free

With this partnership, Chainguard and Cursor customers are able to seamlessly access millions of versions of secure-by-default open source artifacts, including millions of malware-resistant library versions across Python, Java, and JavaScript, and 2,300+ minimal, CVE-free container images for their next agentic coding project. Developers focus on deciding what to build. Cursor helps plan, execute, test, and deploy the software. Chainguard verifies that the open source artifacts being used are secure by default. Ultimately, the team ships with confidence.

Research shows that 98%+ of malware does not have publicly verifiable source code. Rather, malware is most commonly distributed via backdoored malicious binaries that don't have matching source code or install-time scripts. In short, if there's no source code, Chainguard won't build it because Chainguard only builds libraries from publicly verifiable source and avoids building any package that uses install-time scripts. Effectively, if Chainguard won’t build it, it won’t end up in your project.

“AI agents are making dependency decisions at a scale and speed no security team can manually review. As organizations adopt agentic development, the biggest blocker is no longer how fast code can be generated—it’s whether that code can be trusted,” said Dan Lorenc, CEO and Co-founder, Chainguard. “Together, Chainguard and Cursor will help ensure that every dependency within AI-generated code comes from a verifiable, secure, and continuously maintained source, so teams can move quickly without introducing unnecessary risk into production. Engineering teams now have a path to move at AI speed without sacrificing security.”

How it works

Setup is as effortless as you’d expect. All it takes is for a developer to tell Cursor to migrate their project to use Chainguard Containers and Chainguard Libraries in plain English:

I'd like to migrate this project to use Chainguard images
and libraries. My Chainguard org is acme-corp.com

From there, Cursor gets to work migrating the project to use secure-by-default open source artifacts from Chainguard.

Developer workflows stay the same, given Chainguard Libraries are functionally identical to what you would find on npm, PyPI, or Maven Central.

“Partnering with Chainguard is another step in the direction of Cursor enabling secure agentic coding at scale,” said Brian McCarthy, President, Global Revenue and Field Operations, Cursor. “Recent supply chain attacks showcased how bad actors are working to manipulate the public tools and registries we’ve historically relied on to consume open source. With agents writing the majority of code at top businesses around the world, new tools to help ensure the code is trusted and the ability to review and monitor at speed and scale creates a safer paradigm.”

Learn more about the partnership here.