Securing the AI coding ecosystem: Chainguard and the AI tools developers use

The way software gets built has changed significantly. Developers today are directing AI agents to write code for them using tools such as Cursor, Kiro, Claude, Lovable, and Vercel. The bottleneck is no longer how fast you can ship; it's whether you can trust what your agent wrote. Every time an AI agent reaches for a dependency or a container from npm, PyPI, or Docker Hub, it's making a trust decision at machine speed, with no human in the loop. Public registries weren't built for that, and attackers know it and exploit it.

That's the gap Chainguard closes, delivering AI readiness that brings speed and security into alignment. When your agent pulls a base image or open source dependency, it should be pulling from a source built from verified source code, hardened, and free of the malware that's been hitting major packages such as Trivy, LiteLLM, Axios, in recent months. Chainguard Containers and Chainguard Libraries are the trust layer the AI coding era needs: secure-by-default, drop-in compatible, and invisible to the developer workflow.

That's why Chainguard is partnering with the AI coding tools developers already live in, such as Kiro and Cursor, our first AI coding ecosystem partnerships, to embed hardened, trusted foundations into every line of code your agent writes.

Kiro x Chainguard

Kiro is the AWS agentic AI development environment built around a core premise: AI coding should produce production-ready software, not only working prototypes. Its spec-driven approach adds structure: requirements traceability, upfront design, and property-based testing to a space where agents otherwise operate without guardrails. Chainguard reinforces that philosophy. When Kiro's agents go provision dependencies for a new project, they shouldn't be pulling from unverified registries any more than a spec-driven team should be shipping untested code. With Chainguard, you build at the same speed Kiro promises, with security built in from day one.

The Chainguard Power plugin gives Kiro the ability to migrate your projects to Chainguard's hardened supply chain on demand. Point it at a repository, ask it to harden your build, and Kiro swaps public registry base images and language packages for Chainguard Containers and Libraries. Trusted sources become the default, right inside the workflow you already use.

Cursor x Chainguard

Cursor is already where millions of developers build their fastest work. Now it's also where they can build their most secure work, without changing a thing about how they operate. Chainguard and Cursor partnered in April 2026 to make Chainguard the default trust layer for open source artifacts inside Cursor's agentic coding flow. Instead of reaching for images and dependencies from Docker Hub, PyPI, or npm, Cursor pulls from the Chainguard Repository, which contains 2,500+ hardened container images and millions of malware-free library versions across Python, Java, and JavaScript.

And now setup takes minutes: the Chainguard plugin is available natively in the Cursor Marketplace. Install it in a few minutes, and your agent is building on trusted sources from that point forward. There’s no migration overhead or workflow disruption; rather, a straightforward install that makes the secure path the default path.

What's next

The AI coding ecosystem is big and getting bigger. Developers are building with Claude, Lovable, Vercel, and many more AI coding agents. The attack surface grows with every new tool and every dependency an agent pulls. We're actively working to bring Chainguard's secure-by-default posture to more of these platforms so that wherever your team builds, the foundation is one you can trust. Stay tuned.

Get in touch if you are interested in learning more about our AI coding partnerships.