Chainguard, the software supply chain security company dedicated to building secure open-source software, announced it has become a Gold Member of the Fintech Open Source Foundation (FINOS). This partnership is designed to help accelerate secure and trusted open-source adoption across the global financial services industry, as enterprises evolve AI driven development and adopt cloud native infrastructure.
The announcement also notes that Chainguard will be working with the FINOS community to “aid the industry-wide challenge of software security, enabling secure, scalable, and standardized open source innovation in financial services.” The company intends to bring in-depth knowledge of software supply chain security, container hardening and vulnerability management tools to financial firms modernizing their digital landscapes in the time of AI.
This partnership is occurring at a time when financial institutions are adopting open source, cloud-native, and AI development structures at an unprecedented pace. Though the open source has become an integral part of modern financial infrastructure, it has been drawing increasing attention for supply chain attack and software supply chain attack risks, vulnerabilities and compliance issues, and governance challenges.
Founded by marketers within the cyber security industry, Chainguard has established itself as the provider of hardened, minimised container images and secure software artifacts to address reducing your software’s attack surface area.
These container images are continually re-built and maintained with as few CVEs as possible. The company’s partnership with FINOS will work to assist financial institutions in moving to open-source secure-by-default and establish industry standards for software governance, AI-readiness, and trusted infrastructure, Chainguard CEO Dan Lorenc said. Lorenc noted that safe-software foundations are becoming more important as AI speeds up software development cycles and shortens the window to carry out attacks.
Also Read: Anthropic Expands Into Finance With AI Agents Built for Banking and Enterprise Operations
Implications for the IT Industry
Chainguard’s membership in FINOS reflects a much larger transformation taking place across the IT industry, where software supply chain security is becoming a strategic priority rather than simply a compliance requirement.
The rapid growth of generative AI and AI-assisted coding tools is dramatically increasing the volume of software being developed and deployed across enterprises. While AI can accelerate development productivity, it also increases the risk of introducing insecure code, vulnerable dependencies, and unverified open-source components into production systems.
With more organizations leveraging open source structures for AI, cloud infrastructure, and enterprise applications, a reliable software supply chain becomes much more important. Financial services organizations will be the most sensitive to these risks, given the highly regulated nature of their systems that work with sensitive customer data, transactions, and essential market infrastructure.
FINOS has already been working on industry-wide AI governance and open-source security programs to enable the safe adoption of AI tools for financial institutions.
The addition of Chainguard enhances this body of work by applying more focused knowledge in secure software distribution, container security and software provenance management within the FINOS community. As another illustration, the partnership indicates how open-source governance in the AI age has been changing.
In the past, when enterprises adopted open-source software, they reckoned mainly on functionality and innovation. Now they pay a lot of attention to provenance, vulnerability management, SBOMs and runtime integrity. This change will probably impact enterprise IT operations beyond financial services. Other sectors including health-care, telecommunications, government and manufacturing are also under increasing pressure to secure software supply chains while advancing AI and cloud modernization.
Business Impact and Strategic Value
In the IT and financial services sectors, where security-minded operations are the norm, smart open source adoption could bring operational and strategic gains for companies. Secure software sourcing pathways allow organizations to cut cyber risk and the time spent unplanned systems outages from software vulnerabilities, as well as providing a competitive edge through better compliance with ever-stricter security regulations.
Using hardened container images as well as static security maintained artifacts can potentially decrease the amount of engineering effort needed to patch and remediate vulnerabilities. This enables development teams to concentrate more on innovation rather than spending hours on manual security fixes.
On top of that, open-sourcing standardised governance setups can cause much-needed interoperability among financial institutions and technology vendors. Better security protocols and interoperable standards can enable financial organizations to hasten cloud migration and implement AI solutions, with better operational robustness.
The partnership also illustrates how security-consciousness is becoming a natural element of AI strategy: as more organizations start to adopt more AI-generated code and autonomous development platforms, they will rely more and more on secure-by-design systems that can audit the source code and other software components during all stages of an AI development project.
The Future of Trusted Open Source in the AI Era
Chainguard’s decision to join FINOS underscores a defining trend in enterprise technology: the convergence of AI innovation, open-source collaboration, and software supply chain security.
As financial institutions continue adopting AI-powered systems and cloud-native architectures, trusted open-source ecosystems are expected to play an increasingly important role in enterprise technology strategy. Organizations will likely prioritize platforms and vendors capable of delivering transparency, governance, and secure software foundations alongside innovation and scalability.
For the IT industry, this development signals a future where open-source adoption is no longer evaluated solely on flexibility and cost efficiency, but also on trust, resilience, and the ability to secure AI-driven digital infrastructure at scale.