Python’s Security Savior: Chainguard Battles Supply Chain Risk
Chainguard, provider of a secure platform for software development and deployment, has announced Chainguard Libraries for Python, a new offering designed to eliminate supply chain risks in Python development.
As Python’s role in AI and machine learning (ML) grows, so do security threats. Recent malware attacks on packages like Ultralytics and PyTorch TorchTriton have exposed vulnerabilities in traditional sources like PyPI. Chainguard Libraries for Python solves this problem by securely rebuilding dependencies from source, ensuring every package remains free from hidden threats, the company said.
In a world where open source software powers nearly everything from enterprise applications to cutting-edge AI models, security vulnerabilities in the software supply chain represent a growing threat.
The Kirkland, Washington company’s new product aims to provide a secure alternative to public Python package repositories like PyPI, which have been the target of increasingly sophisticated supply chain attacks.
The Python Security Problem
Python has become the foundation of modern AI and ML applications, with more than half of the world’s developers relying on the language according to recent statistics. However, this popularity has made Python packages an attractive target for malicious actors.
The recent high-profile attacks against popular Python packages have demonstrated the severe risks organizations face when consuming libraries from public repositories that perform minimal security vetting.
“It’s like picking up a thumb drive off the side of the street and plugging it into your production server,” Kim Lewandowski, co-founder and chief product officer at Chainguard, told The New Stack. “When a developer pip installs a library, they’re pulling it from PyPI with no way to trace that library back to its actual origin or source code.”
Moreover, Lewandowski elaborated on the security landscape: “We all came from Google, a big organization. We started a company, and just starting to peel back this onion of open source in general, and it’s been scary. It’s like the wild, wild west.”
Shedding Light on “Dark Matter”
Beyond the issues of verification and provenance, Chainguard has identified another critical security gap unique to Python libraries. The company discovered that Python developers often bundle native system libraries (like SSL) directly into their packages instead of relying on the underlying operating system.
These bundled components create what Chainguard calls “dark matter”: hidden dependencies that security scanners typically miss, potentially harboring vulnerabilities that remain undetected.
“Developers spend a lot of time trying to bundle in everything that they need for their application,” Lewandowski noted. “What that actually does is introduce what we refer to as ‘dark matter,’ where scanners aren’t even picking up these files.”
A Secure Alternative
Chainguard Libraries for Python helps to address these issues by securely building approximately 10,000 of the most popular Python libraries and all their dependencies entirely from source code. The company employs a hardened build system that meets SLSA Level 2 security standards, providing complete visibility into every component that goes into each Python artifact.
“We want to be that safe source,” said Lewandowski. “If you have another option, it’s like clean drinking water versus dirty water. You’ve got the option to go get the clean version, something that you know was built on trusted, hardened build infrastructure. You know that what is being built is the actual source code that was intended to be built. You know that it’s been scanned for malware, that it’s been tamper-resistant. You know that you have build receipts and can go back and verify the actual provenance of where those things came from.”
Unlike many security solutions that force development teams to change their workflows, Chainguard designed its product to integrate with existing artifact managers, she said. This approach enables security teams to implement stronger controls without disrupting developer productivity — developers simply point to a different registry to access the more secure versions of the same libraries they’re already using.
“Nothing has to really materially change in their day-to-day work,” Lewandowski pointed out. “They just have a better, safer source now for the files that they’re pulling in to build their applications.”
Another notable advantage is compatibility. While Chainguard is known for its minimal Wolfi Linux distribution, the Python libraries will run on other operating systems like Ubuntu, making them accessible to a wider range of users, she said.
Building on Momentum
This release follows Chainguard’s recent launch of a similar product for Java dependencies. Together, these offerings advance the company’s mission to become “the safe source for open source” across the entire software stack.
“We’ve gone from a single product, from container images to now three product offerings,” Lewandowski explained. “And going through the motions again, of Early Access, getting going, taking these things to market with a much bigger sales and marketing team than we started with — it’s been a really fun part of the journey.”
In a statement, Joe Christian, senior engineering manager of application security at Paylocity, said: “Chainguard already helps us reduce our attack surface while giving our teams confidence in what they’re shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.”
MAN Energy Solutions, which already uses Chainguard Containers, is also looking forward to the added security layer, according to Carsten Skov, a senior DevOps engineer at the company.
“They’re excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem,” he said in a statement.
What’s Next?
Chainguard Libraries for Python will initially be available in early access starting May 14. The company has indicated that customer demand is already driving their roadmap for similar offerings for other languages in the future.
“When we announced the Java thing, we had started talking to some of our current customers, and of course, we got some inbound leads,” Lewandowski shares. “We’ve got a growing tally of lists like ‘waiting on Python, waiting on Python,’ so we definitely have a number of people in the queue that have been waiting for this announcement.”
Looking ahead, Chainguard is already fielding requests for additional ecosystems. “We hear npm a lot, Ruby a lot, and then Rust a lot,” Lewandowski revealed. “We’re hoping we can start making some good progress, especially on the npm side. Python and Java are the wild, wild west, and npm is… [even wilder].”
For organizations developing with Python, particularly those working on security-sensitive applications, the new offering presents an opportunity to significantly reduce risk without disrupting developer workflows — essentially providing “clean drinking water” in place of potentially contaminated resources.
