Welcome to the JFrog Blog

Latest:

Beyond the Hype: Building a Future-Proof Foundation for the AI-Native Enterprise

January 7, 2026 Yuval Fernbach, JFrog VP and CTO MLOps

6 min read

We are witnessing a fundamental transformation in how software is built. The industry has moved beyond the experimental phase of Machine Learning Operations and entered a complex new reality: the era of the AI Software Supply Chain. The adoption metrics confirm this shift is irreversible. Google reports that 90% of tech workers are now using…

Read More

All Blogs

Level Up Your Container Security: Introducing the JFrog Kubelet Credential Provider

Level Up Your Container Security: Introducing the JFrog Kubelet Credential Provider

December 3, 2025 Carmit Hershman, JFrog Senior Software Architect, CTO Office Eldad Assis, JFrog Principal Software Architect, CTO Office Muhammed Shahin, JFrog Senior Software Engineer Robin Duhan, JFrog Software Engineer | 10 min read

Editors Note: the JFrog Kubelet Credential Provider now supports Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), and Amazon EKS including projected tokens (KEP-4412 enhancement). This blog is updated to reflect these capabilities. Amazon EKS, GKE, and AKS are fully managed, compliant Kubernetes services that simplify running, managing, and scaling containerized applications. These services automatically…
Read More
PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

PyTorch Users at Risk: Unveiling 3 Zero-Day PickleScan Vulnerabilities

December 2, 2025 David Cohen, JFrog Senior Security Researcher | 14 min read

AI Model Scanning as the First Layer of Security JFrog Security Research found 3 zero-day critical vulnerabilities in PickleScan, which would allow attackers to bypass the most popular Pickle model scanning tool. PickleScan is a widely used, industry-standard tool for scanning ML models and ensuring they contain no malicious content. Each discovered vulnerability enables attackers…
Read More
Shai-Hulud npm supply chain attack – new compromised packages detected

Shai-Hulud npm supply chain attack – new compromised packages detected

November 24, 2025 Andrey Polkovnichenko, JFrog Security Researcher | 9 min read

IMPORTANT UPDATE:  Shai-Hulud Returns  (Nov 24, 2025) JFrog continues to track, provide research and document another wave of the Shai-Hulud Software Supply Chain Attack which was originally reported by the JFrog Security Research team on 16-Sep-2025. Following the initial campaign, threat actors have returned with more advanced tactics, compromising an additional 796 new malicious packages…
Read More
Secure and Productionize Databricks AI Models with the JFrog Platform

Secure and Productionize Databricks AI Models with the JFrog Platform

November 25, 2025 Grig Duta, JFrog Solution Engineer | 10 min read

It’s well-known that Databricks is a world-class platform for data engineering and ML experimentation. Yet, for most organizations, the challenge isn't building models; it's the complex journey from a model in a notebook to a secure, governed, and production-ready application. In this blog, we’ll show you how integrating the JFrog Platform with Databricks bridges that…
Read More
Securing Vibe Coding: JFrog Introduces AI-Generated Code Validation

Securing Vibe Coding: JFrog Introduces AI-Generated Code Validation

November 13, 2025 Jacqueline Basil, JFrog Product Marketing Manager, Security | 5 min read

A fundamental shift in software development is already here. Gartner predicts that by 2028, 75% of enterprise software engineers will use AI code assistants - a massive leap from less than 10% in early 2023. While this AI-driven speed creates a competitive advantage, it also opens a dangerous new front in the battle for software…
Read More
Beyond Models: JFrog AI Catalog Evolves to Detect Shadow AI and Govern MCPs

Beyond Models: JFrog AI Catalog Evolves to Detect Shadow AI and Govern MCPs

November 13, 2025 Ran Romano, JFrog VP of P&E | 5 min read

When we first introduced the JFrog AI Catalog, it was our mission to provide the industry with a single system of record for governing the complex landscape of internal, open-source, and external commercial AI models. This foundational step was critical for enterprises to move from uncontrolled innovation to delivering AI with trust and confidence. However,…
Read More
The Security Imperative: Trust, Speed, and Integral Defense

The Security Imperative: Trust, Speed, and Integral Defense

November 11, 2025 The JFrog Team | 10 min read

The systemic nature of software supply chain attacks is growing more complex, creating a critical tension between speed and security. The Israeli National Cyber Directorate’s (INCD) recent "Breaking the Chain" report validates that the most significant threats live outside your first-party code, highlighting a crisis of trust in the open-source-software (OSS) supply chain. While the…
Read More
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk

Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk

November 4, 2025 Or Peles, JFrog Senior Security Researcher | 12 min read

The JFrog Security Research team recently discovered and disclosed CVE-2025-11953 - a critical (CVSS 9.8) security vulnerability affecting the extremely popular @react-native-community/cli NPM package that has approximately 2M weekly downloads. The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s development server, posing a significant risk to…
Read More
JFrog & GitHub: Unifying the Software Supply Chain, One Step at a Time… and Our 2025 GitHub Technology Partner Award

JFrog & GitHub: Unifying the Software Supply Chain, One Step at a Time… and Our 2025 GitHub Technology Partner Award

October 28, 2025 Paul Garden, JFrog Partner and Industry Solutions | 6 min read

Organizations increasingly demand platforms that not only accelerate software delivery but also provide trust, security, and traceability. At JFrog, the software supply chain is managed and secured by default, from commit to runtime. That’s why our deep integration with GitHub is central to how we help teams manage, monitor, and secure every step of software…
Read More

Popular Tags