Blog Home

Unlock the Power of Agents with JFrog’s Skills and MCP Tools
April 21, 2026

Agents are writing code, suggesting dependencies, and reviewing PRs, without any knowledge about your trusted package sources, security posture, or governance policies. When agents operate without supply chain context, they introduce risk, create rework, and weaken the guardrails DevSecOps teams rely on to ship with confidence. JFrog is changing that. Today, we’re launching an official …

Read More
Announcing MCP Registry GA

From Agentic Risk to Agentic Confidence: The JFrog MCP Registry is GA
March 18, 2026

In an AI-native world where Model Context Protocol (MCP) is the universal standard for AI connectivity, the security and governance stakes have never been higher. AI’s ability to take autonomous action through MCPs means that a single breach of an MCP server can grant attackers control over mission-critical enterprise systems, putting enterprises in an immediate …

Read More
MCP Trojan Horse Blog_Thumbnail

The MCP Trojan Horse: AI’s Hidden Security Risk
February 26, 2026

The race to adopt AI agents has created a massive, unmonitored blind spot in the enterprise software supply chain. At the heart of this revolution is the Model Context Protocol (MCP) – an open connectivity standard designed to move AI models (LLMs) out of their passive “chat box” and give them direct active access to …

Read More

Beyond Models: JFrog AI Catalog Evolves to Detect Shadow AI and Govern MCPs
November 13, 2025

When we first introduced the JFrog AI Catalog, it was our mission to provide the industry with a single system of record for governing the complex landscape of internal, open-source, and external commercial AI models. This foundational step was critical for enterprises to move from uncontrolled innovation to delivering AI with trust and confidence. However, …

Read More
JFrog Prompt Hijacking - Blog_Thumbnail

CVE-2025-6515 Prompt Hijacking Attack – How Session Hijacking Affects MCP Ecosystems
October 21, 2025

JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp – the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique “Prompt Hijacking“. Your browser does not …

Read More

Popular Tags