Your agents are only as trustworthy as what they consume, build, and ship. JFrog governs every AI model, agent skill, MCP server, AI-generated code, and assembled artifact in a single source of truth.
Secure your entire agentic software supply chain so you can ship trusted software at your new speed.
Two significant software supply chain cybersecurity attacks, seven days apart, with one hundred and eighty million weekly downloads between them. The chaos from development teams to the boardroom is real. And the pace is only going to get faster. Much, much faster… On March 24, the LiteLLM Python package, the proxy through which millions of …
Proving compliance is a necessity, but in a world of tightening regulations, the path to compliance is currently paved with spreadsheets, screenshots, and manual attestations. We call this the “Audit Tax”, the millions of dollars and thousands of people hours spent not just integrating security, but on proving you are handling security. With the advent …
For years, the conversation around digital transformation in Southeast Asia focused on “getting to the cloud.” Today, that conversation has shifted. Our region is no longer just adopting the cloud; we are leapfrogging traditional development cycles by integrating AI and cloud-native architectures at a staggering pace. However, this acceleration has created a byproduct that many …
The LiteLLM supply chain compromise of March 24, 2026, is not an isolated incident. It is the latest and perhaps most dangerous chapter in an evolving attacker playbook that JFrog Security Research has been tracking for years. The target has shifted from developers to the AI agents that developers now rely on to build software. …
Security policies exist to protect your software supply chain. So why do they keep breaking your builds? This is the unspoken frustration inside most DevOps and security teams today. Supply chain attacks drove 30% of external breaches in 2025 . So your security team did the right thing. They added policies to flag packages that …
The software supply chain is no longer just about shipping code, it is about managing intelligence and risk. As DevOps, DevSecOps, DevGovOps and AI/ML practices converge into a single AI-driven and increasingly agentic delivery pipeline, the demands on development and security teams have reached a new level. The platform that once managed packages and artifacts …
In an AI-native world where Model Context Protocol (MCP) is the universal standard for AI connectivity, the security and governance stakes have never been higher. AI’s ability to take autonomous action through MCPs means that a single breach of an MCP server can grant attackers control over mission-critical enterprise systems, putting enterprises in an immediate …
In 2026, software development speed is an AI-solved problem. Yet, as AI-generated code volumes surge, organizations face a new kind of risk visibility gap. Developers are increasingly copying third-party snippets into their codebases—from both AI prompts and open-source software components—creating large security and compliance blind spots that lead to significant risks. While proven software composition …
Let’s talk about agent skills. As the AI agent ecosystem matures, we’re seeing a major shift in how users equip agents to run automated workflows. While robust protocols such as MCP exist to handle complex system integrations and authentication, skills have emerged as the go-to, low-friction way to shape an agent’s day-to-day behavior. Skills are …
Sponsored by JFrog ~ Development teams are shipping faster than ever. Generative AI coding assistants, early agentic workflows, and increasingly modular architectures have compressed the distance between concept and deployment. AI-enabled innovation has become an executive mandate, and teams are expected to deliver at speed without sacrificing security or compliance. At the same time, modern …
NVIDIA 
Cursor 
GitHub 
Docker 
Maven 
Financial Services 
Public Sector 
Technology 
Healthcare 
Gaming 
Automotive 
Enterprise 
