Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How JFrog and NanoClaw are Bringing Software Supply Chain Security to the Age of Autonomous AI

There’s a category of security risk that most organizations aren’t ready for. It doesn’t live in your code repository, your CI pipeline, or your developer laptops. It lives in your runtime, in the autonomous AI agents already running in your environment, extending their own capabilities, and making decisions that no human explicitly approved. This is the challenge JFrog set out to address with our integration with NanoCo AI and their open-source agent framework, NanoClaw.

Top Software Supply Chain Security Best Practices for Enterprises

If an attacker compromised a dependency buried three levels deep in your build pipeline tonight, how long would it take you to find out? Open source libraries, third-party frameworks, transitive dependencies, build tooling, and now AI-generated code that developers may not have reviewed line by line: each of these components flows into your application, whether your team explicitly chose it or not. Each component is a potential entry point.

JFrog Named a Leader in the Inaugural Gartner Magic Quadrant for Software Supply Chain Security

It’s official. Gartner just published the very first Gartner Magic Quadrant for Software Supply Chain Security, and JFrog has been recognized as a Leader, placing highest for Ability to Execute among all the vendors included. For an inaugural report in a category this important, that placement means a great deal to us, and we don’t take it lightly.

Protecting Applications Through Secure Development Practices

Modern software rarely gets built from scratch. Instead, it's put together using a complex mix of proprietary code, open-source libraries, third-party APIs, and various development tools. This network of dependencies and components makes up the software supply chain. While this approach speeds up development, it also brings significant security risks that attackers can exploit, making it more crucial than ever to protect this chain.

The Month the AI Supply Chain Broke: Six Cybersecurity Incidents That Shook May 2026

May 2026 will be remembered as the month the AI developer toolchain itself became the primary attack surface. A single threat actor — TeamPCP — ran a nine-day campaign that started as a worm in open-source packages, escalated through a poisoned code-editor extension, and ended inside GitHub’s own infrastructure.

Supply Chain Whiplash: Why Your Orders Keep Slipping

Quick answer: Today’s supply chain disruptions stem from surging demand for components, especially server CPUs feeding the AI build-out, rather than the pandemic-era shutdowns of 2020 and 2021. Companies can protect themselves by diversifying suppliers, locking in pricing terms early, holding strategic inventory, and investing in real-time visibility tools. Think of your supply chain like the plumbing in an old building. When everything flows, you never think about it.

Boosting Data Center Security Through Hardware Integrity

When people talk about data center security, they often focus on firewalls, encryption, and intrusion detection systems. These software defenses are crucial, but they rely on a basic level of trust in the physical hardware. If that foundation is weak, the whole system is at risk. Real system security starts from the ground up, with the integrity of the processors, memory, and other core components of your infrastructure.

The new supply chain blast radius

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

The Governance Gap: What IDC's 2026 Data Reveals About AI and the Software Supply Chain

In a landscape where executive teams demand immediate AI integration, engineering and security leaders find themselves navigating a complex operational balancing act. To explore how organizations can accelerate delivery pipelines without introducing fatal security risks, JFrog recently hosted a virtual panel discussion titled “Agentic Software Delivery in 2026.

What Is 'Business Identity Theft'? Corporate Security and Vendor Risk Management

Business identity theft occurs when criminals hijack a company's commercial credentials-such as its tax ID or registration details-to open fraudulent lines of credit, intercept vendor payments, or execute supply chain attacks. You do not just lose money. You lose your operational integrity.