eCommerceNews UK - Technology news for digital commerce decision-makers
United Kingdom
Isometric secure software pipeline ai agents shielded supply chain
#
DevOps
#
Digital Transformation
#
Application Security

JFrog unveils MCP registry to secure AI coding agents

Thu, 19th Mar 2026
Author image
By Catherine Knowles, News Editor

JFrog has launched a Model Context Protocol (MCP) registry for enterprises adopting AI coding tools and agents. It is positioning the product as a central place to store and manage MCP servers from multiple vendors, and to control how developers and automated agents connect to them.

The JFrog MCP Registry is available as part of JFrog AI Catalog, a section of its platform for managing AI-related assets. The registry extends the company's existing artefact tracking and governance into an emerging layer of AI infrastructure used by developer tools and agent workflows.

MCP has become a common way for AI tools to connect models and agents to external systems, including internal services, third-party APIs, data sources, and developer environments. A registry mirrors established software supply chain patterns, where teams use repositories and catalogues to standardise what can be fetched and run in development and production.

Why MCP matters

As AI usage shifts from chat-style assistants to autonomous agents that run longer and take actions in tools, MCP servers sit between a model and the systems it can access. Many organisations use multiple AI tools at once, each with its own way of connecting to an MCP server. At scale, that can create an inventory and oversight problem for security and engineering teams.

JFrog said the risk profile will look familiar to teams managing code dependencies. MCP servers can be configured with broad privileges and may expose credentials or data if poorly controlled. It cited threats including prompt hijacking vulnerabilities, over-privileged access, and credential exposure when MCP servers are not centrally governed.

Analysts have also begun to discuss governance patterns around MCP. JFrog pointed to Gartner research recommending a centralised registry for MCP servers, layered controls, and clear ownership and governance policies. The guidance reflects expectations that agent workflows will become part of everyday development and operations, rather than a limited experiment within a single team.

Registry approach

JFrog is positioning the MCP Registry as a system of record for MCP servers and related AI assets. It covers MCP servers, agent skills, models, and what it calls agentic binary assets, with the aim of applying the same handling and controls used for binaries and packages to artefacts used by AI tools.

In practical terms, the product is designed to provide a curated source of MCP servers for developers and agents. It also focuses on monitoring and controlling connections between AI tools and MCP servers, including the ability to block unsafe tools. JFrog said the registry works with both local and remote MCP servers.

JFrog also emphasised preventative controls, saying the registry is designed to block the download and execution of malicious or non-compliant MCP servers. The approach aligns with a broader shift in software supply chain security towards pre-execution checks and policy enforcement, rather than incident response after an artefact has entered a build or runtime workflow.

Developer workflows

JFrog said developers can access a registry of pre-approved MCP servers from within their integrated development environments, citing tools such as Claude Code, Cursor, and VS Code. The aim is to place governance in the path of adoption, as many AI tools now surface integrations directly inside developer workflows rather than through central IT channels.

Policy enforcement is another key element. JFrog said each MCP server can be treated as a governed artefact with central discovery, configuration, and project-level permissions management. It also said this governance sits alongside other AI models and software artefacts in a unified AI Catalog, reducing the need to manage separate systems for model access, dependency control, and agent integration components.

JFrog also highlighted support for multi-vendor environments. It said the registry lets companies manage agent ecosystems from private marketplaces and across vendors, and switch coding agents without rebuilding the system of record. That reflects a market where enterprises often test multiple assistants and agent frameworks in parallel, and where procurement and security teams are wary of governance tooling that locks them into a single ecosystem.

Shift in software

JFrog framed the launch as part of a broader change in how software is built and deployed, with agents becoming active participants in the software supply chain rather than passive assistants that only suggest code. The shift raises questions about how organisations extend existing controls-such as dependency approval, provenance checks, and access policies-into automated workflows that can initiate actions on a developer's machine or in shared infrastructure.

For security teams, one concern is the boundary between an agent's reasoning and its execution. MCP servers can act as trusted intermediaries, but they can also become an execution surface if an attacker can influence what gets fetched or run. For regulated sectors and large enterprises, the challenge includes technical control as well as auditability, ownership, and consistent rules across projects and business units.

Yuval Fernbach, CTO, JFrog MLOps, said adoption of MCP servers is expanding across enterprises and creating visibility and control issues.

"Today, developers across the enterprise are rapidly adopting MCP servers from multiple AI tools and vendors, creating a growing challenge for organizations that lack the visibility and control to monitor these connections," said Fernbach.

He added: "We're witnessing a fundamental shift in how software is built and deployed, with AI agents becoming active participants in the software supply chain. This innovation cannot come at the expense of security, visibility, control, or compliance. By establishing a system of record for MCP server usage, and treating them like any other binary asset, organizations can confidently innovate at scale while maintaining the trust and control required across the AI driven software supply chain."

JFrog said the MCP Registry is available immediately as part of JFrog AI Catalog.

Related stories
Sparky Space launches AI platform to bridge learning gap
payabl. launches Visa Click to Pay for European merchants
UK CFOs say manual spend management lags modernisation
Blackhawk launches digital wallet for unified stored value
Apple launches business platform as Maps ads near rollout

Top stories

OpenAI expands Codex with desktop & workflow tools
Canva launches AI 2.0 to turn prompts into editable designs
Testlio launches AI chatbot testing service amid scrutiny
Mastercard & Lobster.cash team up for AI agent payments
Rithum launches SupplyExplorer to speed supplier discovery