Socket announced it has raised $60 million in Series C funding at a $1 billion valuation as enterprises accelerate adoption of AI coding tools and seek better ways to secure third-party open source dependencies entering production environments. The round was led by Thrive Capital with participation from a16z, Abstract Ventures, and Capital One Ventures.
Founded in 2020, Socket has built a developer-first security platform focused on protecting organizations from software supply chain attacks. The company analyzes open source dependencies for malicious behavior before they enter an organization’s codebase, helping teams identify and block threats before they reach production.
The funding will support Socket’s next phase of growth as software development teams increasingly rely on AI-generated code, which is driving a surge in the amount of open source software entering production systems. Enterprises are looking for ways to maintain development speed while improving visibility into the security risks associated with third-party dependencies.
Socket’s customer base includes companies such as Anthropic, xAI, Replit, Cursor, Figma, Vercel, Gusto, Mercado Libre, and Cribl, along with Fortune 100 organizations in financial services and media.
According to the company, software supply chain security is becoming a growing priority for enterprises. Socket cited findings from the OWASP Top 10:2025 community survey, which ranked software supply chain failures as the leading concern, and a 2025 Linux Foundation report showing that only 36% of organizations evaluate direct open source dependencies before adopting new components.
The company also highlighted the recent compromise of Axios, a widely used JavaScript package, as an example of how quickly malicious dependencies can spread through the software ecosystem. Socket said it identified the malicious dependency within six minutes and helped customers block the package from entering their environments. The company added that more than 2,000 organizations onboarded to its platform within 24 hours following the incident.
Socket’s platform is designed to detect malicious behavior and software supply chain risks in real time rather than relying solely on known vulnerability databases that often identify threats only after public disclosure. The platform combines AI-assisted analysis with human verification to help organizations prioritize exploitable vulnerabilities and remediate dependency risks.
KEY QUOTES:
“AI is changing how software gets built at every level. Teams are moving faster, more code is being generated, and more of what ends up in production now comes from outside the company. The hard part is keeping that speed without losing visibility into what’s actually getting shipped, and that’s where Socket comes in.”
Feross Aboukhadijeh, Founder and CEO, Socket
“Security is changing radically and rapidly. Legacy tools were designed to react to known vulnerabilities and assumed there was sufficient time to prevent a breach. Today, AI models can identify vulnerabilities so well and so quickly that this is no longer an option. We need tools like Socket that can identify threats in third party code before they enter production and we believe there is no team better positioned to meet that demand.”
Philip Clark, Partner, Thrive Capital
