From Agentic Risk to Agentic Confidence: The JFrog MCP Registry is GA

In an AI-native world where Model Context Protocol (MCP) is the universal standard for AI connectivity, the security and governance stakes have never been higher. AI’s ability to take autonomous action through MCPs means that a single breach of an MCP server can grant attackers control over mission-critical enterprise systems, putting enterprises in an immediate and escalating state of agentic risk that cannot be ignored.

Last November, we pledged to provide a single source of truth for the AI ecosystem. Today, we are delivering on that promise.

We are proud to announce the General Availability of the JFrog MCP Registry: the industry’s only enterprise-scale control plane that unifies governance and security for MCP servers across the entire Agentic Software Supply Chain. It serves as the single source of truth for all your MCP servers that blocks malicious servers at the gate and enforces granular access controls for MCP tools, preventing unauthorized or destructive commands.

The Shift: When AI Starts “Doing”

The critical difference in this new AI era isn’t just intelligence; it’s access.

Unlike our habit of using AI models as conversational chatbots that live safely inside a browser window, agentic AI operates directly within your infrastructure. To function, these agents need permissions—to read proprietary code, query internal databases, and execute commands, for example.

MCP servers provide unprecedented access, but without a registry to govern them, that access is blind trust. As AI adoption scales, so does your exposure, effectively granting external entities “hands-on-keyboard” privileges inside your environment with zero oversight.

The risk of unmanaged agents

For the past year, developers have been downloading and connecting to thousands of MCP servers from scattered sources (e.g., GitHub repositories, community catalogs, direct vendor downloads) straight to their local machines.

For many leaders, the immediate reaction to this dilemma was a hard block.

This wasn’t because they wanted to stifle AI adoption. It was because they saw that unverified MCP servers introduced a level of risk that simply couldn’t be ignored, making enterprise-wide adoption a non-starter for any responsible CISO:

• Zero visibility: You cannot secure what you cannot see. These MCP threats weren’t just bypassing gates—they were entering the perimeter completely unmonitored.
• Zero governance: There was no existing mechanism to enforce governance policies or prevent over-privileged agents to access MCP tools.
• Execution risk: An MCP server is a potential executable binary. If a developer unknowingly pulls a malicious server, the agent using it could exfiltrate keys, inject bad code, or wipe directories.

Why current tools fail MCP security and governance

Until today, enterprises have had to rely on incomplete point solutions to manage MCP adoption risks. Current solutions are fragmented into two extremes, leaving a critical gap in securing and governing the Agentic Software Supply Chain.

Current options include:

1. Runtime point solutions: Niche tools that focus strictly on observability, identity authentication, and monitoring the MCP server upon execution, only after it has entered your organization.
2. Gateway point solutions: Tools that treat MCP servers purely as network endpoints, focusing on traffic management and routing logic.

Both options ignore the realities of the Agentic Software Supply Chain, treating MCP servers as ephemeral network endpoints rather than persistent software artifacts. By focusing only on the “pipe” or the “action,” and not the provenance, these tools only react once a server is inside your environment—at the point of maximum risk. This failure to govern agentic access at the source leaves you exposed to supply chain attacks that bypass the perimeter entirely.

The Solution: A Single Source of Truth for the Agentic Supply Chain

We built the JFrog MCP Registry to bridge the gap between “wild west” execution and “proactive block” control. Enterprises don’t need another isolated tool to monitor the traffic; they need a single system of record that actively governs pre-approved AI assets for both developers and agents.

By treating MCP servers as managed software artifacts, we provide the control required to bring autonomous agents under unified control. Now, you can empower your developers with agentic tools while maintaining the rigorous security and compliance standards your enterprise requires, striking a balance between innovation, speed, and risk.

Here’s what that looks like in practice:

1. Centralized Governance
We bring all local, remote, and custom MCP servers under a single control plane. To prevent over-privileged agents access, we enforce project-based, granular permissions down to the individual MCP tool level, ensuring agents execute commands only on explicitly authorized systems.

2. Frictionless Integration with AI-Native IDEs
The JFrog MCP Registry is compatible with AI-native IDEs, such as Cursor, VS Code, and Claude Code. By routing developers’ connections through the Gateway, we ensure that only approved, compliant servers are ever executed.

3. Automated Policy Gate
We stop risk at the perimeter. Before any MCP server can be used, it is automatically vetted against your security, compliance, and operational standards. Our automated gates strictly enforce your policies, blocking malicious or non-compliant MCP servers before they ever reach a developer’s machine.

4. Unified AI Registry
We go beyond managing MCP servers by unifying them with your AI models, agent skills, and all your artifacts into a single system of record. This provides complete context across your entire AI supply chain, allowing you to apply the exact same rigorous security and governance policies to your agents that you apply to your software. No silos, no double standards.

The Payoff: No Trust Tradeoffs

We built the JFrog MCP Registry because you shouldn’t have to sacrifice developer velocity for enterprise-grade security. By delivering this capability, we are closing the loop on our vision to make the JFrog AI Catalog the single system of record for the Agentic Software Supply Chain.

You can finally stop saying ‘no’ to your developers and start scaling MCP adoption without compromising trust. Book a demo with a JFrog expert or join our upcoming live briefing to see the MCP Registry in action.