Agentic Hackers Have Entered the Chat — Introducing BIMP, the Base Image Management Platform

BIMP automates container base image CVE remediation, reducing migration from months to minutes.

YORK, UK — Cyber security has always been important. Today, it is no longer a theoretical risk to be managed. If there is a chink in your cyber-armour, an AI agent will find it and exploit it. Meanwhile, open source maintainers are drowning in a sea of AI-authored code-slop and agentic tools like Claude Code are uncovering a tsunami of new vulnerabilities in existing projects.

Against this backdrop, serial enterprise platform builders Hannah Foxwell and Stuart Preston are launching BIMP, the Base Image Management Platform — a product designed to secure the foundation of the software supply chain, automatically.

BIMP fully automates base image CVE remediation, eliminating vulnerabilities today and preparing teams for the next zero-day tomorrow. For developers, it is practically invisible: automated pull requests land on a schedule the development team chooses, with nothing required but a merge.

“All of our development teams receive a pull request with a base image update once a month. All they need to do is merge the change.”

The Messy Reality of Enterprise Security

Security teams face two compounding challenges: visibility and actionability. Fragmented toolchains, diverse technology stacks and siloed organisations mean that blind spots are inevitable, and blind spots carry enormous risk.

Even when a risk is visible, knowing who to talk to and which repository needs updating is rarely straightforward. Most of the time it is a simple fix, blocked by an organisational communication breakdown.

“Security teams are all suffering from information overload and alert fatigue,” says Hannah Foxwell, former Product Director of Snyk Container and co-founder of BIMP. “I have so much empathy for security teams.”

Unlike traditional security tools that surface dashboards full of bad news, BIMP connects risk to action, and then automates that action, so neither security nor development teams need to think about it.

“We believe that for security to be successful it must be fast and frictionless.” explains Foxwell. “Especially now we are up against hackers with AI agents”

The Value of a Hardened Base Image

A single base image update can eliminate hundreds of vulnerabilities in a single line change to a Dockerfile. The industry has taken notice. Chainguard, founded in 2021 and having raised $892m in funding, pioneered the hardened zero-CVE base image catalogue. In 2025, Minimus raised an unprecedented $50m pre-seed to compete in the same space. Then, in December 2025, Docker made its own catalogue of zero-CVE hardened base images available for free.

2026 is the year everyone migrates to a hardened, secure base image. BIMP is here to accelerate that transition.

“Auditors are now asking about the container base images we use and how we manage those,” says the Head of Security at a global financial services institution.

Whether an organisation chooses one base image provider or several, BIMP provides a centralised platform to manage and enforce a “golden image” catalogue, automating compliance through a developer-friendly workflow.

A Story of AI-Powered Development

BIMP was built as an experiment: What does product development look like in 2026 with the current advances in AI Coding Agents?

The answer is not just about the speed of code creation. Every part of the product development lifecycle needed to change.

“We removed all of the processes that we’ve relied on throughout our careers - backlogs, daily standups, tickets, sprints, and we started from zero. We had to radically change our ways of working to take advantage of the speed of code creation today.”

Foxwell brings over a decade of experience in enterprise technology transformation from companies like Pivotal, VMware and Snyk, most recently focussing on the intersection of Cloud Native Platform Engineering, Cybersecurity and Agentic AI. Her co-founder, Stuart Preston, was promoted to CTO of Conchango (acquired by EMC) at 28, served as a Principal Engineer at Chef Software (acquired by Progress), and was a Product Leader for VMware’s (acquired by Broadcom) vSphere Kubernetes Service.

“This isn’t a vibe-coded experiment, this is an enterprise-ready platform” reassures Foxwell “Building enterprise platforms is what we do.”

Hannah and Stuart didn’t just build BIMP the product, they are also building the agentic tools they need to support the business. An early experiment is an AI Agent called Otis that assists the founders with meeting notes, task tracking and insights.

“Everything we build leads us to more ideas for things to build, and instead of dismissing them we can quickly ship something and test if it works” explains Preston.

“Building has never been so fast or fun so why would we stop!” Adds Foxwell “We’re incredibly proud of what we’ve built already but we’re only just getting started. We’re going to be sharing everything we learn along the way”

Availability

BIMP is currently available in private beta. Organisations interested in early access can join the waitlist at bimp.ai.

Press Contact

Hannah Foxwell, Co-founder hannah@bimp.ai

About BIMP

BIMP (Base Image Management Platform) automates container base image CVE remediation for enterprise engineering teams. Founded in 2026 by Hannah Foxwell and Stuart Preston, BIMP connects security risk with automated action, delivering developer-friendly compliance without interrupting engineering workflows. BIMP is headquartered in York, UK.

###