NAPA, Calif. — A new persona in software development, artificial intelligence (AI) agents rather than human developers, has made it imperative that foundational platforms incorporate agentic practices alongside security, traceability, and visibility to succeed in the AI era.
“Every foundational platform requires a single system of record,” Ben Haim told the crowd. “If you don’t have that, you don’t have an anchor to build a platform around,” JFrog CEO Shlomi Ben Haim said in the opening keynote at swampUP 2025, the company’s annual conference here.
Speaking to developers and IT professionals, Ben Haim highlighted what he called “AI FOMO,” noting that 40% of CIOs are increasing their budgets because of board-level pressure around AI adoption. When he asked attendees to raise their hands if they already had AI embedded in their software supply chains, nearly everyone responded affirmatively. “If you don’t, you can leave the room,” he said to laughter.
Ben Haim called JFrog “the system of record for your software supply chain” amid daily attacks on software infrastructure.
To that end, JFrog unleashed a slew of announcements Tuesday. It launched JFrog Fly, a DevOps platform that simplifies AI agent integration for application developers working at scale. Built on Anthropic’s Model Context Protocol (MCP), Fly connects with popular development tools including Cursor, GitHub Copilot, and Claude Code, allowing DevOps teams to centrally manage software components through semantic metadata while optimizing release deployments and integrating with package managers and GitHub repositories.
The company has introduced AI agents that automatically remediate software vulnerabilities by applying real-time policy analytics during code development. Alongside this, JFrog launched its AppTrust platform, which serves as a unified hub for governance, risk management, and compliance (GRC) teams. Supporting this ecosystem, JFrog has established the Evidence Ecosystem through AppTrust partnerships with GitHub, ServiceNow, SonarQube, Akuity, Akto, Coguard, Dagger, Nightvision, Shipyard, and Troj.ai.
Additionally, JFrog has overhauled its AI model catalog with a new Secure Model Registry that enables governance policy enforcement and cost tracking across multiple models.
Ben Haim was joined onstage by several executives whose companies partner with JFrog.
Sonar CEO Tariq Shaukat predicted that while much will change with AI adoption, core principles will remain constant. “It’s never been about how fast developers type on a keyboard,” Shaukat said, advocating a “trust, but verify” approach to AI-generated code. “We’re helping with that verification step as software is being written,” he said.
ServiceNow General Vice President Rahul Tripathi, drawing from his experience running large DevOps teams, emphasized the tension between speed and security. “Nobody wants to receive a notification that our software was breached,” he said. “It’s about getting IT Ops moving at the speed of DevOps.”
“Trust, but verify, or ‘Vibe then verify.’ We’re helping with that verification step as software is being written,” Shaukat added.
Justin Boitano, vice president of enterprise AI at ServiceNow, said his company’s approach to scaling AI development, revealing that CEO Jensen Huang had challenged the team to double chip production, which could only be achieved by “infusing AI across our lifecycles.” Boitano noted that performance-optimized models can achieve double or triple token efficiency improvements.
When Ben Haim asked whether AI would replace human developers, Boitano downplayed the concern. “I think that’s over-hyped,” he said. “We see it as improving productivity across the board.”
The discussion underscored the industry’s focus on balancing AI adoption with governance and security concerns as organizations navigate the rapidly evolving technological landscape.
