JFrog

🧠 Make the most of your long weekend by mastering hybrid JFrog environments, the right way! Running SaaS + self-managed sites together is powerful and the JFrog Bridge makes it seamless. It's a secure, outbound-only connection that unifies your hybrid stack without touching your firewall rules. To learn how to get started enroll in our 10-minute course: bit.ly/4nMOVBR Once it's set up, you'll have just one connected network across every environment. No manual user syncing. No hand-carrying release bundles. Get started today. ✅

Agent-first IDEs have collapsed the distance between an idea and working code, but building at high velocity shouldn't mean sacrificing security. Join JFrog and @googlecloud on June 2nd for an exclusive, in-person workshop in NYC where you'll drive an AI agent through the complete lifecycle of a cloud-native microservice: lnkd.in/gy6E8TS7 From a single natural-language prompt to a cryptographically-attested production deployment on Google Cloud Run, you’ll learn how to build with a trust plane underneath!

"agent loop semantics drift" is the right name for it. version-pinning your own server is necessary but not sufficient when the agent runtime ships on its own cadence and your customer is on a rev your smoke test never saw. agent-belt won't keep agents from breaking - that's upstream of us. What it's built to do is tell you before your customers do: same scenario across every supported agent binary, side by side, daily and on every release. When something drifts, you know whether it's one runtime or all of them - and you decide what to do next.

@jfrog the silent mcp breakage problem is real. wrote my own server and the only thing that catches it is a smoke test that runs the agent against a known fixture each release. version-pinning the server isnt enough when the agent loop semantics drift.

🤖 AI coding agents change, models update, and suddenly your custom MCP server silently breaks. How do you catch it before your customers do? Introducing agent-belt: an open-source CLI-based evaluation framework built by JFrog. Run user-authored multi-turn scenarios, rich assertions, and multi-judge consensus across the leading coding-agent CLIs — or any agent you plug in. Stop guessing your AI's reliability. Keep your agents under control: bit.ly/4vi9KrF #OpenSource #AI #DevOps #LLM #AgenticAI

Multi-judge consensus damps judge variance - same agent output graded differently by different providers, models, and arguments like temperature and seed. Agent variance is the other half and it's a separate axis: --trials N runs the same scenario k times and reports pass@k and pass^k. There's no built-in false-positive threshold - agent-belt surfaces the rate, you pick the bar. What's tolerable depends on the use-case: a refactor handles more variance than a customer-billing tool call. The third axis: paraphrase families. Tag a group of scenarios that drive the agent to the same outcome with different user voice. The aggregator gives a family-level pass rate. Catches "passes with my phrasing, fails with my customer's phrasing" - which --trials on a single prompt can't see.

@jfrog how does agent-belt handle non-deterministic agent outputs? same scenario different results across runs — multi-judge consensus helps but curious about the false positive threshold

Mumbai, you brought the energy! 🐸 #EveryOpsDay 2026 was every bit the room we'd hoped for: Technology leaders India's largest enterprises, in one room, talking candidly about where software delivery is headed. The conversations weren't about pipelines. They were about trust, #AI-generated code, the software supply chain, and what it takes to move fast without becoming the next #CVE headline. A few things that stuck with us: → The way enterprises ship #software in 2026 doesn't look like it did in 2024. → #DevSecOps and AI aren't two conversations anymore. They're one. → The hardest problems sit at the seams: security, speed, compliance, scale. The teams winning are the ones engineering them away. To every leader, partner, and speaker who showed up, Thank You! This is what #EveryOps looks like in practice. #SoftwareSupplyChain #JFroglife

The question isn't whether your teams will use #AI coding agents. They already are... or will be soon. The real question is: are those agents operating within your #security and #compliance guardrails? 🤖 We're hosting a live session on June 3rd covering how platform and #DevSecOps teams can leverage agentic workflows with full software supply chain context — enforcing policy, automating governance, and maintaining auditability without slowing delivery. This is what shift-left looks like in an AI-native world. Register now (for free!): bit.ly/3ROz9KL #DevGovOps #AIStrategy #SoftwareSupplyChain

#AI is accelerating how software is built in India, and how fast it can be attacked. Our 2026 Software Supply Chain Security State of the Union reveals critical gaps in India's defenses: 🚨 65% of Indian organisations lack malicious package detection 📦 71% have no container security in place ⏱️ DevSecOps teams now spend 51% of their time validating AI-generated code The AI Governance gap is real - In other words, the confidence reported at the leadership level isn't matching the coverage on the ground, and the 2026 data shows exactly where Indian enterprises are most exposed as npm attacks surge 451% globally. Read the full report to find out where your defenses stand: bit.ly/3PRNzJB #DevGovOps #DevSecOps #SoftwareSupplyChain #Cybersecurity #AppSec #AI #India #EveryOps

The AI surge is real. Keeping up means building trust intentionally at scale. ⚡️ #swampUP Europe 2026 brings together engineering, security, and #AI leaders in Barcelona (20–22 October) to learn how. Early bird pricing ends June 20th. Secure your spot today: swampup.jfrog.com/europe/ #DevGovOps #DevSecOps #DevOps #TrustedIntelligence

97% of organizations say they have AI governance under control, but the data shows otherwise. Teams reporting the highest governance maturity are also the ones pulling models from public registries with hundreds of malicious instances already detected. Jens Eckels and Paul Davis are unpacking exactly how this happens and what it takes to close the gap as they dissect the JFrog 2026 Software Supply Chain Security State of the Union report. Join us virtually on June 17th at 8am PT - register today: bit.ly/3PA1qUO #DevGovOps #DevSecOps #AISecurity #SoftwareSupplyChain #AIGovernance

Security teams are falling into the dangerous #AIgovernancegap where confidence is overplayed, and enforcement is underpowered. In our 2026 Software Supply Chain Security State of the Union, we found as expected that the attack surface has expanded to include AI models, IDE extensions, and #MCP servers, leaving traditional defenses demonstrably unequipped. Is your governance running continuously where it matters? Ready to deep dive into the AI governance gaps and how to close them? We unpack this and more of the report's findings in our latest blog: jfrog.com/blog/the-ai-go… #devgovops #devsecops #devops #CyberSecurity #SoftwareSecurity

#AI has changed how software is built, and how fast it can be attacked. In our 2026 Software Supply Chain Security State of the Union, we found: 📈 Malicious npm packages surged 451% 🤖 Injection vulnerabilities spiked 3,110% ⏱️ 48% of organizations need 1+ week to generate proof for a compliance audit The AI Governance gap is real - In other words the gap between reported security confidence and actual coverage is wider than most teams realize and the 2026 data shows exactly where. Read the full report to find out where your defenses stand: jfrog.com/software-suppl… #DevGovOps #DevSecOps #SoftwareSupplyChain #Cybersecurity #AppSec

Ready to turn your vibe coding into production-ready AI agents? Join us for a focused, hands-on workshop hosted by JFrog and Google Cloud where you'll learn the crucial steps of AI agent governance. If you're building with AI agents or thinking about how to govern them in production, this workshop is for you! Spots are limited, reserve here: leap.jfrog.com/2026-06-Vibe-C…

#AI is driving an unprecedented surge in software delivery, but traditional #governance can’t keep up with machine speed. In production-critical environments, that gap is a major liability. ⚠️ It’s time to bridge the gap between AI ambition and delivery confidence. On May 26th, join IDC’s George Mironescu and JFrog’s Yuval Fernbach and Asaf Barkan to learn how to build trustworthy, autonomous pipelines with embedded policy and verification. Register today → bit.ly/4cYiNHW

You don't have a security problem. You have a trust problem. From the first #AI prompt to production deployment, every artifact, dependency, and package in your software supply chain needs to be verified, secured, and governed. At @Infosecurity Europe, we're showing how JFrog covers it all: ✅ Open Source Curation 🛡️ Software Composition Analysis 🤖 Agentic Remediation 🔍 Runtime Security 📋 Governance & AI Security 📍 Booth C-40, ExCeL London | 2-4 June See it live by booking your demo slot: bit.ly/42P8xeU #DevSecOps #SoftwareSecurity #InfoSecEurope

📣 Big news for the agentic software ecosystem: JFrog has teamed up with @opencode to bring enterprise governance directly into autonomous developer workflows. Why does this matter? Because an #AIagent is only as secure as what it builds and ships. What you get with the JFrog + OpenCode plugin: 🤝 Seamless Governance: Enforce security policies by default, ensuring agents pull from approved repositories. 📦 Trusted Publishing: Share and publish artifacts safely back to JFrog Artifactory. 🧠 Skills Distribution: Publish and distribute internal OpenCode skills exactly like your standard packages. 🔗 Ready to secure your agentic software supply chain? Read the full announcement: bit.ly/4uX2MYL #OpenSource #DevSecOps

🚨 Important to note: These packages are live 👇🏼

The @JFrogSecurity Research just analyzed the latest Shai-Hulud: Here We Go Again wave hitting #npm, today, May 19, 2026. 323 legitimate @antv packages. Compromised through stolen publishing credentials. Not fake packages, but real ones were hijacked. This wave evolves the playbook: new delivery path, Bun-based payload, AI-tool persistence hooks, and a GitHub commit-search C2 daemon that survives token rotation. Full breakdown: bit.ly/4dvMjUi #DevSecOps #SoftwareSupplyChain #OpenSourceSecurity

Your #AI agents are writing and shipping code, but do they know your security policies? Your license rules? Your provenance requirements? 🧐 Probably not… yet! Join us on June 3rd to see how JFrog's Platform Skills, MCP tools, and plugins turn AI agents into real #DevSecOps contributors. Register today → bit.ly/3ROz9KL #DevGovOps #DevOps #AIAgents #SecurityAutomation

👀 Who's responsible when an AI agent pulls a malicious package into prod? JFrog Field CISO Paul Davis answers this question and will give concrete strategies on how to enforce runtime trust, govern #AI model usage, and map your posture to EU AI Act and #DORA requirements. Add it to your schedule today or book 1:1 time with the Frogs: bit.ly/4dvSTLC #AgenticAI #CISO