swampUP Europe 2025 Recap

The energy was electrifying as the inaugural swampUP Europe 2025 kicked off at the JW Marriott this past November! For three days Berlin became the epicenter of the DevOps, DevSecOps, and MLOps universe, buzzing with a sense of intrigue and excitement. This wasn’t just another tech conference; it was a convergence of innovation and regulation, exploring the interplay between technological advancements and the legal frameworks that govern them.

The overarching narrative for the show: the industry is undergoing a “Quantum Shift” toward DevGovOps and AI Supply Chain Security. While the rapid adoption of AI is accelerating software delivery to warp speeds, it’s simultaneously introducing dangerous blind spots that organizations can no longer afford to ignore.

Here is a look at the conversations that took place at swampUP Europe 2025, and how JFrog is helping organizations navigate this Quantum Shift.

The Quantum Shift: Anticipating the Future

JFrog Co-Founder and CEO Shlomi Ben Haim opened the event with a visionary speech on the “Quantum Shift” in software delivery. He highlighted that we are entering a new era wherein AI agents work alongside humans, creating a tangled web of dependencies and increased security threats. To maintain control of one’s software infrastructure, it’s imperative to anticipate and prepare for these changes rather than react to them.

This message was backed by action and tangible deliverables with the launch of JFrog’s Shadow AI Detection and AI-Generated Code Validation.

The Regulatory Reality: Illuminating “Shadow AI”

A major focus of the event was the collision between rapid innovation and the increasingly stringent regulatory landscape. With emerging frameworks like the EU Cyber Resilience Act, the EU AI Act, Germany’s BSI Guidelines, and NIS2, the stakes have never been higher and governance is no longer optional – it’s law. Non-compliance isn’t just about financial penalties; it poses existential risks regarding trust, reputation, and legal liability.

This regulatory pressure has also exposed a new enterprise security challenge: Shadow AI.

In their quest for efficiency, developers are increasingly integrating models from third party sources or making direct API calls to services like OpenAI and Anthropic without organizational oversight. This creates significant “blind spots” within companies, leading to potential data leaks and supply chain attacks.

To combat this, JFrog introduced Shadow AI Detection, which helps automatically detect and create an inventory of all internal AI models and external API gateways used across the organization to access data from either approved or ad-hoc third-party sources. Once discovered, these newly visible models and services can now be governed centrally, empowering teams to:

• Manage Access: Establish defined paths for authorized users to access and utilize third-party AI services, ensuring controlled and fully auditable interactions.
• Enforce Policy: Apply security policies across all AI assets.
• Centralize Management: Track and monitor the usage of external APIs and models, bringing them into a single system of record.

By transforming invisible risks into vetted, managed assets, organizations can finally govern what they couldn’t previously see.

Integration and Security: AI-Generated Code Validation

Gartner predicts that by 2028, 75% of enterprise software engineers will use AI code assistants—a massive leap from less than 10% in early 2023. While this speed offers a competitive advantage, it also creates a dangerous new frontier for software supply chain security.

For example, swampUP Berlin speakers highlighted three key dangers of untracked AI-generated code including:

1. “Viral” License Risk: A developer might inadvertently copy a snippet with a strong “copyleft” license (like GPL), potentially forcing the company to release its proprietary source code.
2. Hidden Vulnerabilities: Functional code generated by AI might carry known critical vulnerabilities, creating invisible backdoors.
3. Broken Audit Trail: Without knowing the origin of every line of code, the chain of evidence required for security reviews is broken.

To solve this, JFrog introduced AI-Generated Code Validation. Unlike slow, resource-intensive LLM-based solutions, JFrog uses intelligent semantic matching. This approach analyzes the code’s underlying logic and function—understanding what the code does, not just what it looks like. This allows teams to protect the integrity of their software, turning code provenance from a blind spot into a strength.

Real-World Impact: Insights on DevGovOps Best Practices from Admiral

The concept of “DevGovOps” was grounded in reality through powerful customer sessions such as the one by Admiral, a UK-based financial services company.

In his session titled “From Fire to Flow,” Owen Delaney, Senior Chapter Lead at Admiral, detailed his platform engineering transformation. By switching from a legacy setup of stitching together point solutions to leveraging the JFrog Platform, Admiral achieved massive consolidation and modernization of their Identity and Access Management (IAM) infrastructure.

Key outcomes of partnering with JFrog, and leveraging its Advanced Security and Curation offerings, included:

• Drastic Reductions: Reducing service accounts from 50+ down to 4, and slashing Active Directory (AD) groups from 200+ to just 5.
• Value Realized: Admiral successfully rationalized their tooling (including SAST and CSPM), standardized pipeline templates and Terraform modules, and gained significant efficiencies through contextual analysis.

Summary: Prepare to Take the Quantum Shift

swampUP Europe 2025 demonstrated that the future of software delivery isn’t just about speed; it’s about unified control. The JFrog Platform has evolved to seamlessly unify DevOps, Security, MLOps, and DevGovOps, providing the foundational system of record needed for the AI era.

We want to extend a massive thank you to our attendees, speakers, and incredible ecosystem of partners—including Google Cloud, AWS, Microsoft Azure, NVIDIA, ServiceNow, Docker, Chainguard, and Sonar—for making this inaugural European swampUP event a resounding success.

As we embark on this journey through the quantum shift in our industry together, we encourage you to explore the new JFrog solutions via an online tour, by scheduling a 1:1 demo, or signing up for the free trial.