Chainguard has unveiled Factory 2.0, the second generation of its platform for maintaining hardened open source images and secure software artifacts. Announced at the Assemble conference in New York in March 2026, the new framework replaces the original platform's traditional, complex, event-driven, rule-based automations with a more durable system that combines standard code and agentic reconciliation bots. This shift marks a significant evolution in how organizations can continuously secure their software supply chains against increasingly sophisticated attacks.
Built with a revamped framework enabled by artificial intelligence (AI), Factory 2.0's new control plane is designed to manage software pipelines using a controller/reconciler model. This model orchestrates and continuously reconciles open source artifacts across containers, libraries, GitHub Actions, and agent skills. The open source DriftlessAF agentic framework is at the heart of this approach, designed to keep approved open source artifacts continuously updated and patched, rather than relying on delicate, throwaway scripts that are prone to failure and security gaps.
The revamp is timely, as threat actors continue to develop new ways of spreading malware into software supply chains. Just last year, attackers hijacked tj-actions/changed-files, a popular GitHub Action on GitHub's continuous integration/continuous delivery (CI/CD) platform, and redirected GitHub Actions tags to a malicious commit. This incident resulted in a leak of secrets from over 23,000 repositories, exposing sensitive data and causing widespread disruption. More recently, adversaries uploaded malicious skills to OpenClaw registries that instructed coding agents to install the Atomic macOS Stealer on developers' machines, illustrating the expanding attack surface as AI agents become more integrated into development workflows.
To address these threats, Chainguard introduced Chainguard Actions, a hardened catalog of GitHub Actions and similar CI/CD workflows built and continuously maintained in Factory 2.0. CI/CD pipelines are considered the most privileged systems in the development and maintenance of software because they have write permissions in repositories, deployment credentials, signing keys, and access to an organization's entire production infrastructure. These pipelines are wide targets because the workflows that run within them are often not inspected and, in many cases, come from unknown third parties. Rather than letting developers or AI agents pull random GitHub Actions from third parties, Chainguard Actions provides a nonstop, hardened catalog of vetted workflows that Chainguard re-creates from source and secures the restored workflows when upstream updates or new exploits appear. At the Assemble conference, Dan Lorenc, Chainguard's co-founder and CEO, emphasized that these are secure by default, drop-in replacements of upstream GitHub Actions for CI/CD pipelines, allowing developers and agents to shift fast without taking on supply chain risk in the pipeline itself.
The preview currently includes more than 100 of the top actions from the GitHub marketplace, with dozens of hardened fixes that make them easier to use without worrying about security risks. According to Patrick Donahue, Chainguard's chief product officer, the tool takes the actions as they exist and hardens them. If an action today logs into a particular system but contains potentially unsafe code, Chainguard will detect that and remediate it, so the version being run from Chainguard is much less likely to get compromised. This proactive approach reduces the burden on developers who otherwise would need to manually audit every third-party action they integrate.
Another key component is Chainguard Agent Skills, a catalog of continuously hardened, third-party AI agent skills that lets developers securely plug capabilities into AI agents. These skills are small, modular instruction sets, essentially markdown files with instructions that would otherwise need to be typed manually. Donahue explains that these skills allow developers to tap the expertise of industry specialists and ask them questions or have them perform tasks automatically. Third-party skills enhance the capabilities of AI agents for specific tasks such as browser automation, PDF processing, SEO checking, Web design, and code quality reviews. By providing a secured catalog, Chainguard eliminates the risk of using untrusted skills from public registries, which have been exploited in recent attacks.
Chainguard Guardener is an AI agent that automates the migration and maintenance of trusted open source artifacts across both development and deployment workflows. The initial release automatically converts legacy Dockerfiles into minimal, zero-CVE Chainguard container images. Future updates will add that capability to other configuration scripts. According to Ed Sawma, a Chainguard product VP, the Guardener is an agent that will be placed in customer environments to allow customers to use Chainguard's images in a more automated way. The goal is to simplify the process of adopting secure container images without manual effort.
Adeel Saeed, CISO of Kyndryl, commented that Chainguard Actions and Guardener together will automate the maintenance of secure images and agents. He noted that current adoption is very manual because developers must go to a library, download an image, and then put it into their Artifactory. With the Actions piece, they can tie it back to Git, and with the Guardener, they can tie it back to the whole Git repository, automating that process. Saeed believes this will definitely help with adoption, as it removes friction from the security workflow.
The introduction of Factory 2.0 represents a broader industry trend toward automation and AI-driven security in software supply chain management. As organizations increasingly rely on open source components and CI/CD pipelines, the need for continuous hardening and reconciliation becomes critical. Traditional rule-based systems struggle to keep pace with the volume and variety of vulnerabilities and threats. By adopting a controller/reconciler model based on standard code and agentic reconciliation bots, Chainguard aims to provide a more resilient and scalable solution. The use of AI for tasks like converting Dockerfiles into minimal images or vetting third-party actions reduces human error and accelerates deployment.
Furthermore, the new platform addresses the growing threat landscape where attackers target not only code repositories but also CI/CD systems and AI agent registries. The hijacking of tj-actions/changed-files and the Atomic macOS Stealer incidents are reminders that supply chain attacks are becoming more sophisticated and damaging. In response, security vendors are shifting from static security checks to dynamic, continuous security that adapts to new threats. Factory 2.0's ability to automatically reconcile artifacts and update them when patches or exploits emerge offers a proactive defense mechanism.
Looking ahead, Chainguard plans to expand the capabilities of Factory 2.0 by adding more actions, skills, and support for additional configuration scripts beyond Dockerfiles. The company also intends to deepen integration with popular CI/CD platforms and cloud providers, making it easier for enterprises to adopt the platform without overhauling existing workflows. As AI agents become more prevalent in software development, the need for trusted skills and secure execution environments will only grow. Chainguard's Agent Skills catalog could become a essential resource for organizations looking to leverage AI without exposing themselves to supply chain risks.
The unveiling of Factory 2.0 at Assemble drew positive reactions from attendees, with many noting the practical benefits of automation in security. The shift from event-driven automations to a reconciliation-based model aligns with best practices in cloud-native architectures, where desired state is continuously enforced. By open-sourcing the DriftlessAF framework, Chainguard also invites community contributions and feedback, potentially accelerating the development of new security features. Overall, Factory 2.0 represents a significant step forward in automating the hardening of the software supply chain, a critical need in today's cybersecurity landscape.
Source: Dark Reading News