JFrog Establishes a Trust Layer for Agentic AI: Extending the Software Supply Chain to Skills, Models, and MCPs

As AI agents become active participants in your software supply chain, who’s governing what they do — and what they consume?

A new IDC Link report, JFrog Establishes a Trust Layer for Agentic AI: Extending the Software Supply Chain to Skills, Models, and MCPs, examines how the boundaries of software governance are shifting in the agentic AI era — and what enterprises need to do about it.

IDC analyst Jim Mercer explores how JFrog is extending its proven artifact management approach to a new class of assets: AI agent skills, ML models, and MCP servers. Just as Artifactory became the system of record for binaries, JFrog is positioning its platform as the control plane for agentic AI — ensuring every component is scanned, cryptographically signed, and policy-governed before it’s ever executed.

In this report, you’ll learn:

• Why security and governance must now follow the actions AI agents take, not just the models themselves
• How treating skills and MCP servers as governed artifacts closes a critical blind spot in the AI supply chain
• What JFrog’s integration with NVIDIA’s AI-Q Blueprint means for enterprise agentic AI architectures
• How IDE-embedded governance shifts trust enforcement to the point of creation — not downstream in the pipeline

The era of autonomous agents demands a new kind of supply chain trust. Read the IDC report to understand what that looks like in practice.