IAM Checklist - 863x300

Secure AI Workflows: The Identity and Access Management (IAM) Checklist

AI agents and LLMs are already building, analyzing, and deploying code across your software development lifecycle. As software supply chains become increasingly AI-driven, proactive security and access controls are your only path to success. To effectively govern authentication and permissions without sacrificing development speed, you must update your access management strategies. By securing the AI …

npm12 - Thumbnail 203X148 (1)

npm v12’s Biggest Security Change: From Implicit to Explicit Trust

For years, installing an npm package has meant trusting that every package in the dependency tree will behave as expected. Whether code originated from the npm registry, a Git repository, a remote URL, or an installation script buried deep within a transitive dependency, npm would typically execute or retrieve it automatically during the installation process. …

JFrog Powers Kiro - 1200X628

Introducing the JFrog Power for Kiro

A new CVE drops into a package you depend on. With the JFrog power for Kiro installed, your next move is a single prompt in your IDE, not a tab switch to the JFrog UI and thirty minutes of hand-rolled REST calls. This is what governed agentic development looks like in practice. If your team …

The Governance Gap: What IDC’s 2026 Data Reveals About AI and the Software Supply Chain

In a landscape where executive teams demand immediate AI integration, engineering and security leaders find themselves navigating a complex operational balancing act. To explore how organizations can accelerate delivery pipelines without introducing fatal security risks, JFrog recently hosted a virtual panel discussion titled “Agentic Software Delivery in 2026: How to Bridge the Gap Between AI …

continuous detection, shadow ai, mcp server, coding agents, jfrog xray, ai supply chain, asset classification, devsecops

Trusted AI Adoption (Part 2): Detection

It’s Monday morning. Your coding agents ran all weekend. Your security dashboard shows the exact same numbers it did Friday afternoon. Same models, the same approved Model Context Protocol (MCP) servers, the same AI assets you are familiar with. Reassuring. Then, suddenly, you get a notification: a production deploy failed an audit. The build references …

The Agent Has Entered the Supply Chain

Software Delivery in the Age of Agents The way software gets built has fundamentally shifted. AI coding agents are no longer just autocomplete on steroids; they’re resolving packages, configuring environments, selecting tools, and in some cases running the entire development lifecycle, with or without a human in the loop. But here’s the problem: the tools …

JFrog AI Agent Control - Thumbnail

Keep your Agents Under Control with agent-belt

You’re shipping a product with an AI-facing interface, or embedding AI-facing interfaces across your existing product line – skills your customers trigger, MCP servers their agent reaches for. Indie author or enterprise, your code runs in someone else’s agent runtime, against a model that updates every other day and a CLI that updates every other …

Preparing for the CVE Blitz - Blog_Thumbnail (1)

Three Architectural Principles for Mythos & GPT-Cyber Readiness

Since Anthropic announced Project Glasswing and the capabilities of Claude Mythos Preview, and OpenAI announced  GPT-Cyber – my calendar has looked the same every day: Back-to-back calls with CISOs, AppSec leads, and security architects. And every call starts with the same question: “What do we need to do to prepare?” It’s the right question. But …