Last night at Beyond Tokens in San Francisco, #AI developers came together to dig into what it really takes to run agents in production and stayed for the World Cup. ⚽ Highlights from the evening: 🚀 Asaf Ezra walked through how JFrog Fly keeps product intent attached to releases so the next agent or teammate never loses context. 🔐 @Gavriel_Cohen opened up the @NanoClaw_AI agent factory live and showed the sandboxing, credential vault, and identity-layer architecture that let autonomous agents merge code in a 30K-star repo. ⚡ Shay Dahan and Yahav Ohana from the JFrog Boost team shared the hard-won tooling they built to keep agents on task for long-duration work without burning the token budget. Thank you to everyone who came, asked sharp questions, and made it one of those nights! #BeyondTokens #AIAgents #DevMeetup #AIEngineering

Attended @jfrog tokens savings event, sent a pic to my openclaw and it gave me a full write up on how to save tokens by researching the presenters. Then asked it to audit and implement the suggestions. ps: the presenter did the best token sadgy singalong mindful-charm-76ca.here.now/

Writing #PolicyAsCode rules was never easy. And these days you don't need to be an expert. AI tools can write Rego/OPA rules in seconds. But fast code is not the same as trusted code. Deploy an untested policy into a live pipeline and it can block a legitimate build before anyone notices. Our latest blog breaks down how the new PaC Playground in JFrog #AppTrust lets security teams validate #Rego policies against real artifact evidence from their System of Record, before a single release gate goes live. Read the blog and watch the demo: bit.ly/4eDgESA

The World Cup just kicked off. 48 teams. 3 nations. One beautiful game. ⚽🐸 And one serious upgrade to your #SoftwareSupplyChain. Stop playing defense. JFrog Pro gives your team the world-class lineup it deserves with universal artifact management, security scanning, CI/CD integrations, and more. Starting at $50/month. No offsides. No yellow cards. Just clean builds. Are you ready to go Pro? 👉🏽 jfrog.co/3RXz9sd #DevGovOps #DevSecOps #WorldCup #FWC26

#InfosecurityEurope2026Insights 🔥 “We spotted 1k malicious skills in the open-source ecosystem” — Ofri Ouzan, Security Researcher, @jfrog More @Infosecurity Europe 2026 insights 🎥 em360tech.com/video-resource… #EnterpriseTechnology #EM360Tech

🚨 We’ve uncovered "Solana FakeFix" - a campaign of 20 malicious npm and PyPI packages targeting Solana developers with fake fixes and trojanized libraries. Don't let your secrets get stolen, learn more in our latest blog: research.jfrog.com/post/sola…

The AI surge isn't slowing down and neither should you! Early bird pricing for #swampUP Europe ends June 20th. ⏰ Join us in Barcelona from 20–22 October to master trusted intelligence with the engineers, #security teams, and tech leaders building what's next. Save up to 60% before it's gone: bit.ly/4mEpVuk #DevGovOps #DevSecOps #DevOps #TrustedIntelligence

Two perspectives. One governance problem. Next week, Guy Eshet (Senior Manager of Product, JFrog ML) and Kasia Ciesielska-Faber (Field CTO, Principal Industry Architect at @googlecloud) are joining forces to tackle one of the hardest problems in enterprise AI right now. 👉🏽 How do you let developers move fast with #AI agents without losing control of what those agents are actually pulling into your systems? If your team is building on #AgenticAI, or thinking about what governed AI deployment looks like in regulated environments, this one's worth an hour of your time on June 30th. Register here: bit.ly/4ulmcWl

#swampUP 2026 is where engineering, #security, and tech leaders come to master the AI surge. Meet us in New York to get hands-on training, hear from industry-leading speakers, and network with the practitioners and decision-makers shaping the future of software delivery. You'll walk away understanding how to move from reactive #security to proactive trust, establish your system of record, and shift from manual #governance to automated intelligence. Register today: swampup.jfrog.com/

⚠️ Overhyped vulnerability of the week: CVE severity inflation strikes with CVE-2025-13462. The issue is a TAR parser discrepancy in Python's `tarfile` module, where a specially crafted archive may be interpreted differently than other TAR implementations. While NVD scored this CVE as Critical (CVSS 9.8), the publicly disclosed impact includes: ❌ No RCE ❌ No arbitrary file write ❌ No "guaranteed" impact of any kind Furthermore, the CVE received a LOW severity rating in Python's original advisory. The only realistic security impact is in systems that mix using Python's TAR parser with other TAR parsers, and make security decisions based on this parsing. This may lead to a validation vs. execution mismatch. We believe that the advisory's low-severity rating is much more fitting in this case.

Your #AI coding agent is making security decisions. But is it doing it blindly? Most agents are. They pull dependencies, trigger builds, and call external tools – all with zero software supply chain context. That's how #maliciouspackages and ungoverned #AI assets reach production. Together with @Anthropic - we're aiming to fix that. The JFrog Platform plugin for Claude Code brings real-time #governance, #security scanning, and full auditability directly into your AI development workflow. Your agents now know what's safe, what's compliant, and leave a traceable record of every decision. AI moves fast. Your software governance strategy needs to keep up. Learn more: bit.ly/4olY9Fy 🔗 Get started: bit.ly/3SwQt7n #DevSecOps #DevGovOps #AI #SoftwareSupplyChain #ClaudeCode

📣 Last call: Beyond Tokens is tomorrow, June 11th in San Francisco! If you're building with AI agents then this is the room you want to be in. Connect with other #AI engineers solving similar problems as you while hearing talks about what actually works (and what doesn’t) from experts including @Gavriel_Cohen from @NanoClaw_AI! And yes, we're watching the World Cup after. ⚽ Seats are almost gone. Grab yours: bit.ly/4dONf6q #DevMeetup #AIAgents

#AI is changing how #software is built. It's also changing how it's attacked. Join Yashaswi Mudumbai, Senior Director Solution Engineering at JFrog, as he unpacks what it takes to #secure the #softwaresupplychain in a world where AI is both your greatest ally and your biggest blind spot. 🗓 11 June 2026 | 12:00 PM onwards Mark your calendar and meet the frogs at our booth: bit.ly/4en4RYp

AI is easy to experiment with, but hard to operationalize. 🏗️ The Trusted Intelligence Award recognizes the pioneers who moved past the 'hype' to build a secure, governed lifecycle for AI models and agents. From mastering the nuances of AI to covering the governance gap and enabling agentic development, we want to see how you’ve moved #AI from "experimental" to "production-ready." Apply today: jfrog.co/sscawards26. #AIgovernance #Frogstars #SSCEAwards

👀 We're 2 days out from Beyond Tokens, an #AI Developer Meetup and some news just dropped... The first 100 people through the doors at Beyond Tokens get a collegiate-style JFrog sweater! 🧥 But even if you're not in the group of 100, make sure to meet us there to learn how to: 🤖 Enable faster agents 📋 Provide cleaner context 💸 Spend less tokens 🛡️ Secure infrastructure for agents to run on 🦾 Set up an AI-native delivery that actually keeps up with how you build. The creators of JFrog Boost, JFrog Fly, and @NanoClaw_AI will be there to share how they did it! 📅 June 11 | 5:30 PM PT 📍The Pearl, San Francisco Register now: events.jfrog.com/jfrog-beyon…

#AI agents are shipping code, but #DORA regulators want a human accountable for every change. 👀 That gap is no longer technical debt. It's a regulatory liability. 🥵 Join JFrog's Global Field CISO Nir Peleg and AppTrust PM Sophie Starchenko on June 25th for a live demo on closing the agentic governance gap before DORA finds it first. Register now: bit.ly/4xfmelB

At our upcoming #AI Developer Meetup, “Beyond Tokens”, on June 11th we’re featuring three talks from the builders behind the tools that can: 🔐 Secure agent infra — @Gavriel_Cohen will speak about the three-layer architecture behind @NanoClaw_AI's secure agent factory. ⚡ Enable faster agents — JFrog Boost team on killing token waste 🚀 Promote smarter releases — JFrog Fly on context that travels with code Then: We watch the World Cup 2026 ⚽ Seats are limited, so make sure to register: bit.ly/4dONf6q

Join JFrog’s own SVP Global Communications Jens Eckels and Field CISO Paul Davis on June 17th to dissect the JFrog 2026 Software Supply Chain Security State of the Union live! They’ll talk through why #AI governance controls aren't reaching the agentic development layer, and what to actually do about it. Save your spot today: bit.ly/3PA1qUO #DevGovOps #DevSecOps #AISecurity #AIGovernance #SoftwareSupplyChain

🚨 Our @JFrogSecurity Research team identified a new wave of #PyPI packages containing a variant of the Shai-Hulud worm, now with prompt injection to bypass AI scanning: dreamgen@1.8.1 mem8@6.0.1 orchestr8-platform@3.3.2 ray-mcp-server@0.2.1 Our blog has been updated with the technical details: bit.ly/4dVGSj1