JFrog and NVIDIA target governance gap in enterprise AI agents

JFrog is introducing a new registry layer designed to govern how AI agents are built, deployed and scaled across enterprise environments, reflecting a growing focus on trust and control in agent-based systems. The JFrog Agent Skills Registry, developed with early integration support from NVIDIA, positions governance as a prerequisite for production-scale AI deployment rather than a secondary concern.

The platform is designed to function as a system of record for models, agent skills and related binary assets, enabling enterprises to track and manage the components that underpin autonomous AI workflows. As agent-based architectures become more embedded in software pipelines, the absence of a structured governance layer is emerging as a key constraint on adoption.

A system of record for agentic software supply chains

JFrog’s approach centres on extending its existing software supply chain platform to include AI-native components such as agent skills and MCPs. By integrating with NVIDIA’s Agent Toolkit, including the OpenShell runtime, the registry aims to standardise how these elements are stored, verified and deployed.

“AI agents are fundamentally reshaping how software is created and operated, but without a dedicated trust layer to enforce governance and secure workflows, they introduce significant enterprise risk,” said Gal Marder, JFrog’s Chief Strategy Officer. “Just as a malicious software package can compromise an application, an unvetted skill can guide an agent to perform harmful actions. To safely deploy autonomous agents at scale, organizations must move beyond blind trust. Working closely with the NVIDIA Enterprise AI Factory team, we are establishing a reliable system of record to store, scan, and govern all agentic binary assets across the software supply chain.”

JFrog Artifactory is positioned as the underlying registry for these assets, supporting both AI models and agent skills within NVIDIA’s AI-Q Blueprint. This integration creates a unified endpoint for managing and distributing AI capabilities across different agent environments.

Infrastructure gaps emerge as agents scale

The announcement reflects a broader shift in enterprise AI, where the rapid adoption of autonomous agents is exposing gaps in infrastructure, particularly around security and compliance. While agents are increasingly treated as standard components within the software supply chain, the supporting systems required to govern their behaviour remain underdeveloped.

JFrog frames this gap as both a technical and operational risk, citing recent breaches and manipulations as evidence of the need for stricter controls. Without a standardised infrastructure layer, enterprises face challenges in enforcing policies, managing provenance and ensuring that agent actions remain within defined boundaries.

The registry is designed to address this by providing a single source of truth that scans, verifies and blocks malicious or vulnerable components before they are deployed. It also enables organisations to scale long-running agents without increasing exposure to compliance risks.

Integration with NVIDIA signals enterprise focus

The collaboration with NVIDIA extends beyond tooling integration to workflow validation, with both companies working to establish how agent skills can be ingested, managed and distributed at scale. NVIDIA’s cuOpt is cited as the first example of a packaged skill within this system, demonstrating how domain-specific capabilities can be standardised and governed.

“Security and governance are key to deploying AI agents in the enterprise,” said Pat Lee, vice president, Enterprise Partnerships, NVIDIA. “JFrog’s Agent Skills Registry for NVIDIA OpenShell supports security and control for deploying long-running agents to help scale enterprise productivity with powerful new AI tools.”

The integration also introduces a promotion model that enforces increasing levels of security validation, from team-level experimentation to enterprise-wide deployment. This reflects a shift towards treating agent capabilities as governed assets, rather than ad hoc integrations within development workflows.

Governance becomes central to agent adoption

The JFrog Platform positions governance as a continuous process, embedding policy enforcement, approval workflows and runtime isolation into the lifecycle of AI agents. Features such as automated scanning, verification and sandboxed execution aim to ensure that agents operate within controlled environments without introducing systemic risk.

By consolidating these capabilities into a central control plane, JFrog is effectively aligning AI agent management with existing DevSecOps practices. This suggests a broader convergence between software supply chain security and AI governance, as enterprises move from experimentation to operational deployment.