Inside EveryOps APAC: What India and Australia’s Tech Leaders Are Focused On

Last June, we hosted the first EveryOps Day in Sydney – born from the convergence of DevOps, DevSecOps, and AI/MLOps we were witnessing across every industry in APAC. A year later, with AI’s proliferation across software delivery and security, we took EveryOps Day to Mumbai on May 15, then embarked on the EveryOps Tour: a series of invitation-only executive events across Canberra, Sydney, and Melbourne.

The key question every CIO, CTO, and CISO I’ve spoken with is forced to answer is: How do you know what’s being deployed when software increasingly writes itself?

The answer that emerged from every room was the same: the companies that win will be the ones that can prove what they shipped, when, and with whose authority.

Mumbai: The Scale Signal

EveryOps Day Mumbai 2026 attracted approximately US$3 trillion worth of enterprises (by market cap) ranging from banks, and automakers, to Global Capability Centres, ecommerce giants, and SaaS hyperscalers. Despite this diversity, all of them were confronting the same problem: AI-generated code and agentic pipeline workflows are outpacing the governance structures built to control it.

Our JFrog 2026 Software Supply Chain Security State of the Union report helps quantify this governance gap: 97% of Indian organisations claim they have certified AI model governance, yet only 59% of IT leaders report full provenance visibility, and 48% still need a week or more to produce audit-ready proof.

These data points signal that the way software gets built, secured, and shipped has to fundamentally change. There is now a surge of binaries moving through enterprise software supply chains with which no human review process can keep pace. In fact, Indian teams spend 51% of their time reviewing and hardening AI-generated code. AI hasn’t reduced developers’ work – it’s simply shifted the burden from writing code to validating it, yet 34% treat AI-suggested fixes as definitive with only a cursory review, the highest rate globally and nearly double the non-APAC average. The irony is:65% of Indian organizations lack malicious package detection.

Why software provenance is the defining challenge of the AI-era

Five key themes surfaced across the EveryOps Day keynotes, panels, and customer stories that I believe will define India’s software development market over the next 18 months:

• AI agents are not black boxes. AI models, MCPs, skills, MCP servers, IDE extensions, etc. create a new governance surface layer.
• Security must move from being a blocker to being an enabler. Discovering vulnerabilities is no longer enough. Organisations must absorb threat signals, prioritise what’s exploitable, and patch every binary that touches production. The focus must move from “find” to “govern, fix, and prove.”
• The software supply chain is the new battleground. Enterprises are facing a unique challenge where the exact same AI tools used by defenders to find vulnerabilities can also be used by attackers to exploit them. The race isn’t to discover – it’s to remediate faster than adversaries can act.
• Provenance is now a board-level concern. Auditors and regulators want to know who wrote the code and what dependencies it carries.

Australia: The Right Room, The Right Questions

Across executive roundtables in Canberra, Sydney, and Melbourne, senior technology leaders from Australia’s public sector, financial services, and enterprise technology debated what AI-driven trusted software delivery means in practice. We explored the importance of a single source of truth for all software and AI models, as well as the layers of security controls and governance required to achieve trust.

• In Canberra, the focus was on the public sector, and government readiness- not just to detect threats, but to remediate them at the speed AI now demands. There was a clear urgency around preparedness: whether agencies have the tools, processes, and visibility to identify and respond to vulnerabilities across the software supply chain before they become incidents. The question kept coming back to provenance and accountability: if you cannot provide who, or what, committed a change, you cannot govern it.
• In Sydney, the conversation centred on trust – specifically, the risk of giving AI a free hand to write software without modernising the security practices around it. Regardless of language or source, the challenge isn’t tool sprawl; it’s whether today’s workflows can keep pace with the demands of leveraging AI securely.
• In Melbourne, trust in AI’s role within the software delivery lifecycle was front and centre too, but the lens shifted to why securing binaries matters more than source code alone. The central question was: how do you implement true end-to-end security for the software supply chain?

If Mumbai showed me what EveryOps looks like under load, the Australia tour showed me what it looks like under scrutiny. Same operating model. Different pressure test.

The Bet APAC Is Making

Across India and Australia, the enterprises shaping APAC’s next decade have reached a common conclusion: speed alone is no longer a defensible strategy. The organisations investing in software supply chain governance, provenance tracking, binary-level security, and platform-enforced compliance  are the ones their boards, regulators, and customers will trust   as AI-generated code becomes the norm.

APAC’s enterprises are increasingly betting that the platforms which can trust and prove what they shipped will outlast the ones that only ship fast.

That is the bet JFrog is built on.

To every leader who joined us in Mumbai, Canberra, Sydney and Melbourne: thank you. The next chapter is already being written, and we’ll be in the rooms where it happens.

To dive deeper into the data from our 2026 Software Supply Chain Security report, join us at our upcoming webinar: The Illusion of Mastery: Bridging the AI Governance Gap in 2026.

Schedule a demo · Take an online tour · Start a free trial