Welcome to the JFrog Blog

Latest:

New Invisible Attack Creates Parallel Poisoned Web Only for AI Agents

September 4, 2025 Shaked Zychlinski, JFrog AI Architect

7 min read

AI agents are rapidly evolving from simple text generators into powerful autonomous assistants that can browse the web, book travel, and extract complex data on our behalf. This new "agentic" AI, which operates in a "sense-plan-act" loop, promises to revolutionize how we interact with the digital world. But as we grant these agents more autonomy…

Read More

All Blogs

Confessions of a CISO: I Have Trust Issues

Confessions of a CISO: I Have Trust Issues

September 3, 2025 Paul Davis, Field CISO | 12 min read

The speed of software development today is driven by fierce competition and the constant demand for innovation. Organizations are launching software faster than ever to keep up with the market and drive growth. This need for speed has led to several key trends: Greater Accountability Demanded of Developers: Developer productivity is no longer only measured…
Read More
Using JFrog to Align Your Systems for ISO 27001 Compliance

Using JFrog to Align Your Systems for ISO 27001 Compliance

August 28, 2025 Paul Davis, Field CISO | 8 min read

ISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations - JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and…
Read More
8 Malicious npm Packages Deliver Multi-Layered Chrome Browser Information Stealer

8 Malicious npm Packages Deliver Multi-Layered Chrome Browser Information Stealer

August 27, 2025 Guy Korolevski, JFrog Security Researcher | 7 min read

Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate. The JFrog Security Research team regularly monitors open-source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential software…
Read More
FrogML SDK: the Gateway to Model Governance

FrogML SDK: the Gateway to Model Governance

August 19, 2025 Rami Pinku, Senior Product Manager, JFrog ML | 5 min read

Data-driven decisions are critical. And to support high-stakes decision-making – from fraud detection in credit card transactions to demand forecasting in retail – organizations are increasingly relying on complex models. According to McKinsey, 78% of organizations report using AI in at least one business function, highlighting just how embedded AI and ML models have become…
Read More
The Innovation vs. Control Syndrome: Unlocking Enterprise AI’s Full Potential

The Innovation vs. Control Syndrome: Unlocking Enterprise AI’s Full Potential

August 5, 2025 Ohad Shalev, JFrog Product Marketing Manager, AI/ML | 4 min read

From optimizing supply chains to personalizing customer experiences, artificial intelligence and machine learning models are no longer statistics-based revenue initiatives; they’re foundational to modern business strategy. Organizations are pouring resources into developing and deploying AI, driven by the promise of unprecedented efficiency, insight, and competitive advantage. Yet, beneath this surging wave of innovation lies a…
Read More
Not Built to Scale: The Hidden Fragility of Cloudsmith

Not Built to Scale: The Hidden Fragility of Cloudsmith

July 29, 2025 The JFrog Artifactory Team | 11 min read

Cloudsmith claims that they are an enterprise-ready solution, a platform designed to meet the needs of modern organizations at scale. On the surface, they "talk the talk": reliability, performance, security, scalability -- they even go as far as presenting themselves as an "infinitely-scalable alternative to JFrog". However, when a vendor claims to be built for…
Read More
Top 5 Reasons to Make the Quantum Shift by Attending swampUP 2025

Top 5 Reasons to Make the Quantum Shift by Attending swampUP 2025

July 28, 2025 The JFrog Team | 3 min read

The software industry stands at the precipice of a "Quantum Shift," driven by rapid AI advancements and digital demands that require a fundamental transformation in how software is built, secured, and scaled. JFrog's annual swampUP conference is the ultimate gathering of the brightest minds in DevOps, DevSecOps, and MLOps where they exchange ideas, insights and…
Read More
JFrog Deployed on AWS: The Foundation for Cloud-Native Excellence

JFrog Deployed on AWS: The Foundation for Cloud-Native Excellence

July 25, 2025 Kate Kwiatkowski, Senior Director of Global Alliances | 4 min read

We are delighted to share the exciting news that JFrog has earned the "Deployed on AWS" badge in AWS Marketplace, marking yet another milestone in our journey of innovation and collaboration with Amazon Web Services (AWS). This achievement underscores our commitment to providing cutting-edge solutions that leverage AWS’s robust infrastructure to enhance the user experience…
Read More
Still Trusting Automated Patches Blindly? Think Again

Still Trusting Automated Patches Blindly? Think Again

July 23, 2025 Yonatan Arbel, JFrog Developer Advocate | 4 min read

The Breach: A High-Impact Compromise JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million…
Read More

Popular Tags