Your agents are only as trustworthy as what they consume, build, and ship. JFrog governs every AI model, agent skill, MCP server, AI-generated code, and assembled artifact in a single source of truth.
Secure your entire agentic software supply chain so you can ship trusted software at your new speed.
As organizations aggressively shift from static Large Language Model (LLM) chatbots to fully dynamic, autonomous AI agents (e.g. systems designed to plan workflows, call APIs, write runtime code, and modify enterprise databases), traditional compliance and governance frameworks are hitting a breaking point. A landmark press release from Gartner highlights a critical systemic risk: treating AI …
There’s a category of security risk that most organizations aren’t ready for. It doesn’t live in your code repository, your CI pipeline, or your developer laptops. It lives in your runtime, in the autonomous AI agents already running in your environment, extending their own capabilities, and making decisions that no human explicitly approved. This is …
Your developers install agent plugins every day: pulling from unmanaged GitHub repos, copying Cursor commands out of Slack, pointing Codex at a personal Git fork. Each of those is a new, uncontrolled distribution channel inside your software development lifecycle, and your platform team has zero visibility into any of it. A plugin is not a …
Picture two realities for the same compliance control reaching production. Reality One: Your AppSec team writes a new rule. An engineer uses Claude Code or Cursor to generate the OPA (Open Policy Agent) Rego policy in minutes. They deploy it. It blocks a legitimate release on a missing context variable, and the on-call engineer routes …
Imagine this: your security team has done everything right. All development teams are using a centrally managed artifact repository with scanning in place. Your engineering organization has clear policies about where packages can come from. You feel good about your software supply chain posture. Then an incident review surfaces something nobody planned for: a compromised …
Software Delivery in the Age of Agents The way software gets built has fundamentally shifted. AI coding agents are no longer just autocomplete on steroids; they’re resolving packages, configuring environments, selecting tools, and in some cases running the entire development lifecycle, with or without a human in the loop. But here’s the problem: the tools …
Since Anthropic announced Project Glasswing and the capabilities of Claude Mythos Preview, and OpenAI announced GPT-Cyber – my calendar has looked the same every day: Back-to-back calls with CISOs, AppSec leads, and security architects. And every call starts with the same question: “What do we need to do to prepare?” It’s the right question. But …
Let’s talk about agent skills. As the AI agent ecosystem matures, we’re seeing a major shift in how users equip agents to run automated workflows. While robust protocols such as MCP exist to handle complex system integrations and authentication, skills have emerged as the go-to, low-friction way to shape an agent’s day-to-day behavior. Skills are …
AI is creating an overwhelming surge of digital artifacts and software components. The key to success is learning how to ride, secure, govern, and manage that wave – rather than being overwhelmed by it. This weekend, I asked my team to watch Chasing Mavericks. Jay Moriarity (not J-Frog, but stay with me) was one of …
In security, we never assume perfection. We assume zero-trust, and we design controls to limit the blast radius. That mindset is missing from many OpenClaw deployments today. It is almost impossible not to hear about the new personal AI assistant, OpenClaw (formerly known as ClawdBot and MoltBot). Since its release in November 2025, it has …
NVIDIA 
Cursor 
GitHub 
Docker 
Maven 
Financial Services 
Public Sector 
Technology 
Healthcare 
Gaming 
Automotive 
Enterprise 
