SUNNYVALE, Calif., March 17 — NVIDIA GTC – JFrog Ltd. (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, the system of record for software artifacts, binaries, and AI assets, today announced its new JFrog Agent Skills Registry. Validated through early integration with NVIDIA, the platform provides governance and a verifiable trust layer required for agentic workforces to operate securely at enterprise speed and scale.
The new JFrog Agent Skills Registry will support NVIDIA Agent Toolkit, including NVIDIA OpenShell, an open-source runtime for building and deploying safe, autonomous, long-running AI agents. JFrog Agent Skills Registry is built to provide the governance and verifiable trust layer required for agentic workforces to operate securely at enterprise speed and scale. Additionally, JFrog Artifactory will serve as a registry for AI models and agent skills with NVIDIA AI-Q Blueprint, as part of NVIDIA Agent Toolkit.
“AI agents are fundamentally reshaping how software is created and operated, but without a dedicated trust layer to enforce governance and secure workflows, they introduce significant enterprise risk,” said Gal Marder, JFrog’s Chief Strategy Officer. “Just as a malicious software package can compromise an application, an unvetted skill can guide an agent to perform harmful actions. To safely deploy autonomous agents at scale, organizations must move beyond blind trust. Working closely with the NVIDIA Enterprise AI Factory team, we are establishing a reliable system of record to store, scan, and govern all agentic binary assets across the software supply chain.”
The rapid evolution of AI has made autonomous agents, which rely on skills, a standard part of the software supply chain. However, an infrastructure layer beneath them is needed to enforce policies, security, and privacy controls required to make them safe for use. Without a standardized infrastructure, organizations face unprecedented security and compliance risks, as demonstrated by recent OpenClaw manipulations and breaches.
JFrog’s universal solution supports all agents, including NVIDIA OpenShell, which delivers a trust layer to:
- Enhance security and governance of all MCPs, agent skills, models, and software packages using a single source of truth to scan and block those with malicious intent or vulnerabilities.
- Enable secure adoption and scale of autonomous, long-running agents without increasing risk or compromising compliance.
- Power agentic workflows and developer innovation across the enterprise, safely and continuously, without disruption.
“Security and governance are key to deploying AI agents in the enterprise,” said Pat Lee, vice president, Enterprise Partnerships, NVIDIA. “JFrog’s Agent Skills Registry for NVIDIA OpenShell supports security and control for deploying long-running agents to help scale enterprise productivity with powerful new AI tools.”
By establishing the JFrog Platform as an integrated, secure registry for NVIDIA AI-Q Blueprint and NVIDIA OpenShell runtime, enterprises will be able to safely operate agents using verified skills, MCP servers, models, and software packages. The NVIDIA and JFrog teams worked closely to validate a workflow for the ingestion and management of Artifactory as a skills registry, including support for NVIDIA-developed skills, using NVIDIA cuOpt as the first example of a packaged skill. This integration gives NVIDIA a single, governed endpoint for distributing verified AI skills across all agent platforms, with a promotion model that enforces increasing security gates from team to enterprise-wide use.
JFrog’s new offering includes:
- Certified NVIDIA AI-Q Blueprint: The JFrog Platform is validated for the NVIDIA AI-Q Blueprint for lifecycle management and governance of agent skills.
- Native NVIDIA OpenShell Integration: JFrog Artifactory natively integrates with NVIDIA OpenShell runtime, designed to provide secure, private, and scanned resources.
- Centralized Agent System of Record: The JFrog AI Catalog and Agent Skills Registry act as the central control plane for NVIDIA OpenShell, providing a single source of truth to track, audit, and manage the provenance of agents, NVIDIA NIM, and MCP servers.
- Secure Agents and Behaviors: JFrog AI Catalog automatically scans, verifies, and signs all AI skills upon upload to detect vulnerabilities, malicious payloads, and compliance risks before NVIDIA OpenShell – or other agents – ever adopt them.
- Policy-Driven Governance and Control: The JFrog Platform allows organizations to set strict approval workflows, ensuring developers and AI agents can only access permitted, verified skills for specific projects and business units. The NVIDIA OpenShell runtime then sandboxes each agent in an isolated, virtual environment, enabling safe execution of code without risk of broader network infection.
