Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source
more efficiently
KIRKLAND, Wash., May 14, 2025 /PRNewswire/ -- Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware has not been inserted during the build and distribution of libraries in the Python ecosystem, closing a significant gap in the threat landscape. To start, Chainguard has built nearly 10,000 of the most popular projects and will continuously grow its inventory of Python libraries to become the safe source for all open source.
The growing threat of malware in the Python ecosystem
Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has surged, so has the frequency and severity of supply chain attacks against the ecosystem. Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public registries like PyPI) for language library consumption. These public registries do minimal vetting of hosted artifacts, and they do not provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Additionally, Python libraries are susceptible to supply chain attacks because many projects include more than just pure Python code — project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior. This practice of rebundling OS dependencies into Python libraries obscures the components from security scanners, meaning the vulnerabilities they introduce to production environments go unnoticed and pose a serious risk for enterprise security.
With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers rely on to build and deploy applications. Up to now, application security teams have had no comprehensive solution for mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could waste resources, steal application secrets, break production systems, or even leak customer data. Chainguard Libraries for Python integrates with existing artifact managers to empower application security teams to close this massive security hole while meeting developers how they work.
'Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,' said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. 'We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.'
Mitigating malware attacks across Python dependencies
Following the recent launch of Chainguard Libraries for Java, Chainguard is building every dependency for every Python library from source, combating malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat vectors like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components.
Chainguard Libraries for Python furthers the company's mission to be the safe source for open source and gives customers greater confidence to ship products more efficiently and securely. Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python and Java.
'At Paylocity, application security is core to the modern HR, payroll and spend management software we're building,' said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. 'Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.'
'MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,' Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. 'Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.'
Chainguard Libraries for Python is now available in early access. For more information, visit https://www.chainguard.dev/libraries
About Chainguard
Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: https://www.chainguard.dev/
View original content to download multimedia: https://www.prnewswire.com/news-releases/introducing-chainguard-libraries-for-python-malware-resistant-dependencies-built-entirely-from-source-302454677.html
SOURCE Chainguard
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
9 hours ago
- Yahoo
BiyaPay's 6th Anniversary Celebration: Driven by Innovation, Steadily Moving Towards the Future of Global Multi-Asset Trading
BiyaPay, the world's leading multi-asset trading wallet, has entered its sixth year since its establishment in 2019. Over the past six years, BiyaPay has adhered to the concept of "user-centered", continuously innovated technology and products, continuously optimized User Experience, steadily expanded its global business scope, and provided users with safe, convenient, and comprehensive wealth management services. SINGAPORE, July 4, 2025 /PRNewswire/ -- BiyaPay is pleased to announce that in the past year, the company has focused on upgrading its core products and innovating its services, with a focus on launching digital currency contract trading functions, successfully implementing the Maker zero-fee policy for spot contract trading, and grandly launching the Swift Card, which supports global online and offline payments. These major breakthroughs have further enriched the product ecosystem and significantly improved users' trading and payment experience. Core achievements of the past year Digital currency contract trading function is fully launched In response to the growing market demand for contract trading, BiyaPay successfully launched a digital currency contract trading service in March 2025, supporting various mainstream digital currency contracts and meeting users' diverse investment strategies. This greatly enriches users' trading choices and helps investors more flexibly grasp the opportunities brought by digital asset fluctuations. Spot contract trading Maker with zero commission, incentivizing market liquidity In order to improve the active level of transactions and market liquidity, BiyaPay has implemented a zero-fee policy for spot contract trading Maker in the past year. This policy effectively reduces users' transaction costs, attracts more liquidity providers to join the platform, creates a better trading environment, and enhances the overall User Experience. Quick Card goes online, opening up new scenarios for digital asset payment In 2024, BiyaPay launched the Swift Card, which supports online and offline payments worldwide. The release of the Swift Card greatly expands the application boundaries of digital assets, allowing users to easily convert digital currency into daily payment methods, enhancing the liquidity and ease of use of assets. Continuously solidify compliance and security fundamentals BiyaPay always attaches great importance to compliance operations and user fund security, maintaining the validity of multiple international compliance licenses such as New Zealand FSP, US RIA, and Canadian MSB. The company strictly implements Anti Money Laundering (AML) and Customer Identification (KYC) policies, equipped with advanced risk management systems to ensure a transparent, secure, and trustworthy trading platform for users. Business development data is impressive As of June 2025, BiyaPay supports real-time exchange of more than 30 legal currencies and more than 200 digital currencies. The daily average trading volume of US and Hong Kong SAR stocks has exceeded 15 million US dollars, and the cumulative transaction volume of cross-border remittances has exceeded 2 billion US dollars. Users cover many important markets around the world, and the number of active users has increased by more than 60% year-on-year, reflecting BiyaPay's sustained competitiveness and brand influence in the global multi-asset trading field. Future Outlook: Diversification, Intelligence, Globalization Looking ahead to 2025 and beyond, BiyaPay will focus on the following development directions: Security tokenization BiyaPay will rely on blockchain technology to promote the on-chain innovation of traditional financial assets. By converting high-value assets such as stocks and bonds into compliance digital tokens, it achieves fragmented transactions and 24/7 settlement. Based on existing global compliance licenses (US RIA, Canadian MSB, etc.), it builds a secure and efficient securities tokenization ecosystem, significantly reducing investment barriers and improving asset liquidity. Product diversification The platform plans to further expand diversified investment categories such as foreign exchange trading and commodity futures, and create a comprehensive Asset Allocation platform covering digital currencies, securities, and derivatives to meet users' one-stop needs for global investment. Intelligent service upgrade By deepening the application of artificial intelligence and Big data technology, BiyaPay will continue to optimize the intelligent Asset Allocation engine and real-time risk control system to provide users with more accurate investment decision support and automated wealth management experience. Global market deep cultivation The company's strategy focuses on localization expansion in key markets such as South East Asia, South Asia, and the Americas, and establishes an open and inclusive international trading ecosystem based on dynamic adaptation to regional regulatory frameworks. Payment and capital flow innovation BiyaPay will continue to upgrade the global payment network of Swift Card, promote the deep integration of digital currency and traditional financial scenarios, and achieve seamless cross-scenario circulation and application expansion of user assets. Barton Wang talks about the sixth anniversary: technology and service dual-wheel drive BiyaPay CEO Barton Wang said, "For six years, BiyaPay has been driven by technological innovation and user request-oriented, promoting the deep integration of digital assets and traditional finance. We appreciate the support and trust of global users. In the future, we will continue to increase research and development investment, enhance product competitiveness and compliance capabilities, and provide users with safer, smarter, and more convenient global wealth management services. The sixth anniversary is just a new beginning, and BiyaPay will work with users to create a new era of digital finance." About BiyaPay BiyaPay is a leading global multi-asset trading wallet that supports instant exchange of over 30 legal currencies and over 200 digital currencies. The platform integrates multiple Financial Services such as digital currency trading, US and Hong Kong SAR stock investment, and cross-border remittance, committed to creating a secure, efficient, and convenient asset management platform for global users. BiyaPay has obtained international compliance certifications such as New Zealand FSP, US RIA, and Canadian MSB, continuously providing users with a compliant and trustworthy trading environment. Official website address : service Telegram : Community : service email : service@ View original content to download multimedia: SOURCE BiyaPay
Yahoo
9 hours ago
- Yahoo
TutorABC Launches ChatAI 1.0 Powered by TutorABC: Redefining Speaking Practice with AI Innovation
TAIPEI, July 4, 2025 /PRNewswire/ -- TutorABC, a global leader in online English and Chinese education, announces the launch of ChatAI 1.0 Powered by TutorABC. This next-generation AI voice speaking app is designed to help learners build fluency and confidence through real-time, intelligent speaking practice — while reinforcing the central role of live, professional teaching. Built as part of TutorABC's integrated learning ecosystem, ChatAI supports students between live lessons, helping them speak more, review faster, and get more value from their time with their live teachers. Samuel Yang, Co-Chairman and CEO of TutorABC: "This is a major leap forward. With real-time, natural voice conversations and instant feedback, ChatAI 1.0 uses cutting-edge AI to give every learner a smart speaking partner in their pocket. It's fast, flexible, and incredibly effective — and when combined with live teaching, it sets a new standard for how language learning can be delivered." Start 7-day free trial to experience ChatAI: ChatAI 1.0 – What It Can Do Practice Real Conversations – Talk with natural-sounding AI and adjust voice or speed Understand with Bilingual Support – Get translations and hints when you're stuck Improve How You Speak – Get pronunciation scores and sentence suggestions instantly Learn Useful Topics – Choose from 1,000+ real-world themes like business or travel All features are designed to enhance live classes with professional teachers — helping students arrive more prepared, and leave with deeper confidence. Start 7-day free trial to experience ChatAI: AI + Human = Better Together ChatAI 1.0 complements TutorABC's live instruction — including 1-on-1, 1-on-4, and group Masterclasses. Rodney Miles, Co-Chairman of TutorABC: "AI brings consistency, speed, and data-driven feedback. Our teachers bring human connection, cultural insight, and encouragement. Together, they create a learning experience that's both powerful and personal — helping students stay motivated, build real-world skills, and enjoy faster progress." TutorABC's approach ensures AI supports what matters most: meaningful time spent with real teachers. Start 7-day free trial to experience ChatAI: Ongoing Innovation TutorABC's R&D teams are continually enhancing both ChatAI and our live teaching systems using the latest advances in: Natural Language Processing (NLP) Speech recognition and synthesis (TTS/ASR) Conversational AI, pronunciation modeling, and adaptive learning engines These upgrades are built using research and frameworks from MIT, the Stanford NLP Group, and Cambridge's ALTA Institute. By improving both AI tools and the classroom experience, we're making the entire learning journey — from self-practice to live instruction with teachers — smarter, more connected, and more effective. Start 7-day free trial to experience ChatAI: Try It Free Today ChatAI 1.0 Powered by TutorABC is fully integrated into the TutorABC App. New students can access a free trial for a limited time. It's the perfect companion to live classes — offering flexible speaking practice and better results in every session with a real teacher. Start 7-day free trial to experience ChatAI: About TutorABC TutorABC is a global leader in online education, trusted by learners for over 20 years. At the core of our platform is live human teaching — delivered through 1-on-1, 1-on-4, and group Masterclasses led by certified professionals. This foundation is supported by: Smart Tools – Flashcards, podcasts, and articles AI Support – ChatAI, podcast suggestions, and roleplays Immersive Classrooms – Interactive tools and replays Dynamic Reports – Track progress and get improvement tips We also offer study abroad consulting (with 500+ university partners in the UK, US, Canada, and Australia) and corporate training used by professionals from Apple, Microsoft, TSMC, Micron, Toyota, Yamaha, Shiseido, Citibank, PCA Life Insurance, and more. TutorABC's content partners include Oxford and Cambridge University Press, ETS, Barron's, National Geographic, and global sources like CNN, BBC, The Economist, Reuters, Forbes, NBA, and MLB. View original content to download multimedia: SOURCE TutorABC Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
a day ago
- Yahoo
Secure Logistics Market Size Grows to USD 84.39 Billion by 2031 Exclusive Report by The Insight Partners
NEW YORK, July 3, 2025 /PRNewswire/ -- According to a new comprehensive report from The Insight Partners, the secure logistics market is observing healthy growth owing to the adoption and integration of artificial intelligence in logistics, the expanding logistics industry, and demand for real-time monitoring solutions. The secure logistics market is expected to reach USD 84.39 billion by 2031 from USD 59.06 billion in 2024; it is expected to record a CAGR of 5.2% during the forecast period. The rapidly expanding e-commerce and banking sectors are significantly boosting demand in the secure logistics tools and solutions among e-commerce and banking sectors. The growing number of digital transactions and online retail globally increases the demand for secure movement of cash, payment devices, and sensitive financial data. E-commerce systems frequently handle large amounts of valuable goods, such as electronics and jewelry, requiring secure delivery and returns processing. Similarly, banks and fintech companies rely on secured transportation and data management to safeguard their information against theft, fraud, and cyber threats. Hence, the increasing in transaction volume and data sensitivity has made safe logistics an essential infrastructure factor that drives the market. To explore the valuable insights in the Secure Logistics Market report, you can easily download a sample PDF of the report – The report runs an in-depth analysis of market trends, key players, and future opportunities. Trade shows are a robust platform that allows companies to showcase their entire business at one booth, raising company awareness among customers. This is further boosting the market growth. Overview of Report Findings Rising Demand for Expensive Goods: The growing global need for high-value goods, including medications, electronics, and luxury items, is a major factor driving the secure logistics market. These items require specialist handling, real-time tracking, and protection against theft or tampering throughout shipment. As international trade grows and supply chains become increasingly complex, businesses are investing significantly in secure logistics to protect the safety and integrity of their products. The pharmaceutical industry mainly requires temperature-controlled and highly secure transportation, particularly for vaccines and biologics solutions. Similarly, the transportation of high-end electronic devices and luxurious goods needs sophisticated security protocols to maintain the secure transfer of goods. This increases the demand for specialized and secure logistics solutions among logistics companies. Adoption of Ecosystem Integration Strategy: As the logistics companies across the globe are adding more applications and platforms to their digital ecosystems, the a need for a tool that combines all of their internal and external decentralized systems. The ecosystem integration is one of the significant tools that support logistics company secure data management. Ecosystem integration is a strategy for connecting and integrating a company's main revenue-generating business activities with those of its ecosystem partners. The strategy also has the capability of merging B2B and EDI, data and application integration, and secure file transfer technologies into a unified software platform. The strategy allows logistics companies to use a single, all-encompassing integration platform and eliminate the use of multiple solutions that link to different systems and trading partners, businesses. This not only reduces integration difficulties but also helps to reduce errors by simplifying processes and connections. Furthermore, ecosystem integration is typically less expensive than implementing several solutions. It improves data flow between systems and businesses by allowing information to be communicated more accurate in real time. Integration of Artificial Intelligence in Logistics Operations: Emerging technologies such as artificial intelligence (AI) and machine learning (ML) are revolutionizing logistics and supply chain management. These technologies are highly capable of interaction with control tower systems. The adoption of real-time data processing enables AI to compute the most efficient delivery routes by effectively considering traffic, weather, and vehicle conditions. Moreover, predictive risk analytics support logistics industries to analyze historical and real-time data patterns to predict future disruptions, including delays, equipment breakdowns, and demand fluctuations. Logistics monitoring systems integrated with AI technology can immediately detect variations from expected performance or behavior, allowing users to proactive reaction to situations, including inventory inconsistencies or unusual transportation delays. Furthermore, the demand for automation in the logistics industry has spurred the adoption of AI-based solutions that eliminate human engagement in mundane activities, streamline operational procedures, and improve decision-making in control towers. Geographical Insights: In 2024, Europe led the market with a substantial revenue share, followed by North America and Asia Pacific, respectively. Asia Pacific is expected to register the highest CAGR during the forecast period. For Detailed Secure Logistics Market Insights, Visit: Market Segmentation Based on type, the global secure logistics market is divided into static and mobile. The static segment held the largest market share in 2024. Based on mode of transport, the secure logistics market is segmented into road, air, and rail. The road segment held the largest market share in 2024. Based on application, the secure logistics market is segmented into cash management, jewelry and precious metals, manufacturing, and others. The cash management segment held the largest market share in 2024. Based on end user, the secure logistics market is segmented into financial institutions, retailers, government, and others. The financial institutions segment held the largest market share in 2024. Stay Updated on The Latest Secure Logistics Market Trends: Competitive Strategy and Development Key Players: A few of the major companies operating in the global secure logistics market are Allied Universal; The Brink's Company; G4S Limited; GardaWorld Corporation; SECURE LOGISTICS LLC; Prosegur; Serco Group plc; Securitas AB; SIS LIMITED; and Loomis. Global Headlines on the Secure Logistics Market NVIDIA's GTC 2025 and ProMat 2025 are delivering a host of groundbreaking announcements that will shape the future of AI, robotics, and logistics. In June 2025, DHL Freight, along with the BMW Group and other partners, will put two trucks into real operation. This pilot test is part of the European H2Haul project promoting hydrogen mobility. In April 2025, myDHLFreight will make road freight digital and transparent, at no extra cost, self-explanatory, and user-friendly. In October 2024, Pakistan's Secure Logistics Group Limited (SLGL) entered into an arrangement to provide transport services to Maersk West and Central Asia Limited. Purchase Premium Copy of Global Secure Logistics Market Size and Growth Report (2021-2031) at: Conclusion The growing worldwide trade of high-end products, including pharmaceuticals, electronic devices, and luxury items, generates a need for safe and legally approved transportation methods is driving the market. The growth of e-commerce and online financial services has increased the demand for secure transportation of cash, confidential information, and valuable products. Furthermore, stricter rules and industry guidelines related to the handling of sensitive chemicals and medicines are driving businesses to engage in specialist logistics. Moreover, technological advancements and demand for advanced solutions IoT, GPS tracking, and real-time monitoring solutions among businesses to improve supply chain security and transparency, are boosting the market growth during the forecast period. Trending Related Reports: About Us: The Insight Partners is a one stop industry research provider of actionable intelligence. We help our clients in getting solutions to their research requirements through our syndicated and consulting research services. We specialize in industries such as Semiconductor and Electronics, Aerospace and Defense, Automotive and Transportation, Biotechnology, Healthcare IT, Manufacturing and Construction, Medical Device, Technology, Media and Telecommunications, Chemicals and Materials. Contact Us: If you have any queries about this report or if you would like further information, please contact us: Contact Person: Ankit MathurE-mail: +1-646-491-9876Home - Logo - View original content to download multimedia: SOURCE The Insight Partners Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
