Jon Swartz highlights key takeaways from JFrog’s swampUP 2025, discussing the adoption of AI agents, security and governance in the software supply chain, and partnerships with platforms like GitHub Copilot.

JFrog CEO: AI Agents Require Practices Beyond Security, Traceability

Author: Jon Swartz

At the 2025 swampUP conference in Napa, JFrog CEO Shlomi Ben Haim detailed how the increasing presence of AI agents in software development demands new practices that go beyond traditional security and traceability. Addressing developers and IT professionals, Ben Haim stressed the importance of having a single system of record for effective platform building—citing JFrog as “the system of record for your software supply chain.”

  • AI Driving Change: With “AI FOMO” pushing CIOs to boost budgets, organizations are embedding AI (including agents) deeply into their software supply chain management.
  • JFry Platform Launch: JFrog introduced JFry, a new DevOps platform leveraging Anthropic’s Model Context Protocol (MCP), designed to simplify AI agent integration. JFry connects to tools like Cursor, GitHub Copilot, and Claude Code, supporting central management through semantic metadata and optimizing deployment workflows.
  • Automated Security: New AI agents in JFry automatically remediate software vulnerabilities during code development by using real-time policy analytics.
  • Governance and Compliance: The AppTrust platform was unveiled as a unified place for GRC (governance, risk, compliance) teams. The “Evidence Ecosystem” expands this by integrating with GitHub, ServiceNow, SonarQube and other ecosystem partners.
  • Model Governance: JFrog launched a Secure Model Registry to enforce governance and cost controls on AI models.

Partner Perspectives

  • Sonar CEO Tariq Shaukat: Emphasized the ongoing need for trust and code verification, regardless of AI integration speed.
  • ServiceNow Executives: Discussed scaling AI development while balancing security and productivity.
  • Industry Focus: Presenters consistently prioritized governance, security, and traceability as critical factors for successful AI adoption in software organizations.

Microsoft Technology Context

  • GitHub Copilot: Highlighted as an example of development tools being integrated into JFry. This cross-platform collaboration reflects broader trends in AI-powered developer workflows and DevSecOps.

Main Takeaways

  • Platform Adaptation: Software platforms must blend AI-specific agentic practices with existing security and traceability standards.
  • Automation and Verification: Automated vulnerability remediation and code analytical tools (like GitHub Copilot integrations) are central to modern DevSecOps.
  • Governance is Crucial: As AI expands, governance tools and registries become essential for risk and cost management.

Read more about the conference and the full suite of announcements on DevOps.com.

This post appeared first on “DevOps Blog”. Read the entire article here