Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new CVE drops into a package you depend on. With the JFrog power for Kiro installed, your next move is a single prompt in your IDE, not a tab switch to the JFrog UI and thirty minutes of hand-rolled REST calls. This is what governed agentic development looks like in practice.

Last June, we hosted the first EveryOps Day in Sydney – born from the convergence of DevOps, DevSecOps, and AI/MLOps we were witnessing across every industry in APAC. A year later, with AI’s proliferation across software delivery and security, we took EveryOps Day to Mumbai on May 15, then embarked on the EveryOps Tour: a series of invitation-only executive events across Canberra, Sydney, and Melbourne.

Picture two realities for the same compliance control reaching production. Reality One: Your AppSec team writes a new rule. An engineer uses Claude Code or Cursor to generate the OPA (Open Policy Agent) Rego policy in minutes. They deploy it. It blocks a legitimate release on a missing context variable, and the on-call engineer routes around the gate to ship the code. The AI gave them fast code — but not code they could trust.

In a landscape where executive teams demand immediate AI integration, engineering and security leaders find themselves navigating a complex operational balancing act. To explore how organizations can accelerate delivery pipelines without introducing fatal security risks, JFrog recently hosted a virtual panel discussion titled “Agentic Software Delivery in 2026.

AI coding agents are changing the pace of software development. With tools like Claude Code, developers can move from idea to implementation faster than ever, generating code, exploring unfamiliar repositories, refactoring services, and turning plain-language intent into working software. That speed is powerful. But speed without governance = risk. It also creates a new challenge: how can you govern what an AI agent builds, suggests, and pulls in from the internet?

NVIDIA NIM (NVIDIA Inference Microservices) packages production-ready AI models into optimized containers for enterprise deployment. Your developers need them. Your coding agents pull them. And until now, they pulled them directly from NVIDIA’s NGC registry, bypassing the supply chain controls you’ve spent years building. JFrog AI Catalog now brings NVIDIA NIM models under the same governance as every other artifact in your organization, with no separate registry and no governance gap.

JFrog is one of the first Software Supply Chain Management and Security Platforms to provide MCP functionality, which we have now opened up to anyone interested in trying Claude and Cursor in their own development environment. Doing a free trial is one of the best ways to see how JFrog integrates with your developers, operations and security.

It’s Monday morning. Your coding agents ran all weekend. Your security dashboard shows the exact same numbers it did Friday afternoon. Same models, the same approved Model Context Protocol (MCP) servers, the same AI assets you are familiar with. Reassuring. Then, suddenly, you get a notification: a production deploy failed an audit. The build references a model nobody on your team registered.