Sonatype’s decision to set up an innovation centre in India is more than just an expansion, it’s a strategic bet on the future of open source and AI-led software development. Tyler Warden, SVP of Product, Sonatype, reveals how the Hyderabad hub is designed as a fully autonomous innovation engine with cross-functional teams empowered to ideate, build, and ship products for a global market. With India emerging as the second-largest user of open source software, Warden underscores why the country’s unique mix of talent, cultural embrace of AI, and regulatory momentum makes it the perfect launchpad for reshaping the software supply chain.
Sonatype recently launched an innovation centre in India. Could you talk about the journey so far and why India is a strategic location for this hub?
We’re in the very early stages of a long-term investment in India. We officially opened our office in June and have already hired our first 20 employees, with offers out to 30 more. We’re moving fast to build a true innovation hub with complete cross-functional teams, including engineering, product, design, and customer success. The goal is to have full teams that can innovate and deliver autonomously. India is a natural fit for us for several reasons. It has a great talent pool, and the country is the second-largest user of open source software globally, with a growth rate that may soon surpass the US. For a company so focused on open source, we need to be where it is being used the most.
The India centre is structured to strategically support product innovation and global delivery, especially in areas focused on AI. How does this model work?
We serve a global customer base that demands a global delivery mindset. By building well-formed, cohesive teams in our India hub, we enable them to innovate quickly and autonomously. These teams can ideate, build, and ship products to market without unnecessary overhead from a headquarters-centric legacy model. We call it an “innovation on purpose” because it truly is a hub for cross-team innovation using an AI-first mindset. Our teams can spot market and technology trends, implement new solutions, and deliver them on their own, which is crucial for our agility.
Traditional DevEx tools often overlook areas like threat discovery, integration, policy compliance, and feedback loops. How are you reimagining product design at the India centre to go beyond DevEx, creating holistic tools that span discovery, integration, risk mitigation, and continuous feedback across engineering teams?
We work with a portfolio that manages open source from end to end, helping with everything from initial component selection to risk mitigation and continuous delivery. We focus on driving innovation in open source management, including open source AI models and components, to achieve better business outcomes. While security is a key benefit, it’s often a positive outcome of better dependency management, not the sole reason to do it. Our main focus is on developer experience and automation to give time back to engineering and application security teams. We help organisations manage their dependencies not just for security, but also for faster time to market, less tech debt, and lower development costs.
The modern software supply chain is both vital and increasingly vulnerable, with AI-generated and open-source components now making up over 80% of code. So, what are the unique resilience and adaptability challenges when building platforms from India that address software supply chain threats, and how are India teams helping craft solutions that proactively manage these risks?
The talent we see here has a unique perspective because they are deeply experienced in open source and have worked in various environments, including those with policy constraints. This translates into a deep empathy for the developers and AppSec professionals they serve. This empathy is a powerful asset in designing and building our software. Additionally, there is a general cultural embrace of emerging technologies like AI and agentic workflows in India. This hunger and willingness to research, adapt, and adopt new tech aligns perfectly with our vision for an innovation centre. We know that AI increases the use of open source, and having deep expertise in this area with a culture of embracing new technology makes India a very unique fit for us.
India’s regulatory landscape is rapidly evolving, with frameworks like CERT‑IN guidelines, SBOM standards, and the SEBI Cyber Resilience Framework. As product leaders, how do you turn regulatory uncertainty into opportunity embedding trust, traceability, and policy‑aware features into Sonatype’s products, rather than adding them as reactive controls?
We see regulation as an opportunity to drive business improvements beyond simple compliance. Adhering to and even going beyond new regulations can lead to shorter sales cycles, less tech debt, and faster RFP responses. The SEBI guidelines in India are a good example. They are pushing for supply chain security best practices, which we’ve long advocated for. While adapting to new regulations is always a challenge, it’s also a chance to improve overall supply chain management. Decades of evidence from the physical manufacturing world show that a better supply chain leads to a better business. We view regulations as a way to introduce these best practices and drive real top-line and bottom-line benefits for organisations.
What is your roadmap for scaling Sonatype’s IP-led innovation?
We are driving innovation in three key areas. The first is dependency management automation. Our vision is to use our tech and the world’s most comprehensive open source dataset to automate the work of security and developer teams. We are also innovating in open source malware detection and prevention. We already use AI and machine learning to predict and catch malware, and we are continuing to invest in deeper and broader defence capabilities. Finally, we are focused on innovating our Nexus Repository in terms of delivery models and scale so that more artifacts can be served securely and faster. These three areas, automated dependency management, advanced malware protection, and hyperscale dependency delivery, are our big focus areas for innovation coming out of India and beyond.