We are excited to share the news of our seed investment in Kusari, a pioneer in software supply chain security. Glasswing Ventures and J2 Ventures co-led a $6M round of new funding with participation from Unusual Ventures, which previously invested $2M in pre-seed funding. Kusari will use the capital to expand its team and build out its product offering to meet the growing demand for transparency in the software supply chain and development lifecycle.
Feeling pressure to ship new products quickly, software engineering teams often try to save time by using open-source code rather than writing custom code from scratch. As a result, according to recent estimates, 70-90% of the typical modern software solution is open-source in origin. Over time, as different engineers leverage numerous open-source libraries, an organization’s codebase grows increasingly complex, quickly reaching a point at which no one understands it in its entirety.
To put it plainly, organizations’ attack surfaces are simultaneously expanding faster than before and becoming more difficult to understand—which is exactly what malicious actors want. There were twice as many software supply chain attacks in 2023 than in the previous three years combined. This is attributable to not only the growing opacity of codebases but also the nature of open-source software itself. By infecting just one source with malicious code, an attacker can infiltrate multiple divisions of a single organization and many other organizations. The financial toll of such attacks is estimated to reach $137B in 2031.
Leveraging their unparalleled expertise in both open-source software and software supply chain security, the founders of Kusari—Tim Miller (CEO), Michael Lieberman (CTO), and Parth Patel (Chief Architect)—are on a mission to give enterprises the visibility they need to protect the creation and consumption of their software. That is why they created Graph for Understanding Artifact Composition (GUAC), an open-source solution that maps the relationships and dependencies between all the different components of an ecosystem. By ingesting metadata and producing a knowledge graph, GUAC makes it easy for engineers to visualize their codebases and identify the vulnerabilities therein.
The founding of Kusari and the subsequent release of GUAC, which currently boasts a diverse community of 50 contributors and over 1,000 GitHub stars, could not have been more timely. A recent survey of 1,000 CIOs found that 85% have been specifically instructed by their board or CEO to bolster their software supply chain security; 84% have received expanded budgets to do so.
“Code breaches are increasingly becoming a top priority for CIOs and CISOs,” said Kleida Martiro, Partner, Glasswing Ventures. “In an era where software supply chain attacks are on the rise, the demand for stringent security measures has never been more critical. At the helm of Kusari, a team of seasoned industry veterans, including Tim, Michael, and Parth, are steering the company toward new heights. We are immensely proud of our investment in Kusari. Their unparalleled knowledge and innovative approach position them at the cutting edge, as they lead the charge in defining and delivering groundbreaking security solutions in this vital and evolving space.”
We are thrilled to welcome Kusari to the Glasswing family. It is an honor to support Tim, Michael, Parth, and the rest of the team as they improve GUAC and build on it to create the leading software supply chain security platform.
To learn more about Kusari and their latest funding news, see here.