JFrog Ltd (Nasdaq: FROG), the Liquid Software company and creators of the award-winning JFrog Software Supply Chain Platform, today unveiled a new Model Context Protocol (MCP) Server. This architecture enables Large Language Models (LLMs) and AI agents to securely interact with tools and data sources within the JFrog Platform directly from MCP clients, including popular agentic coding development environments and IDEs, boosting developer productivity and streamlining workflows.

“The developer tool stack and product architecture has fundamentally changed in the AI era. With the launch of the JFrog MCP Server, we’re expanding the open integration capabilities of the JFrog Platform to seamlessly connect with LLMs and agentic tools,” said Yoav Landman, Co-Founder and CTO, JFrog. “This allows developers to natively integrate their MCP-enabled AI tools and coding agents with our Platform, enabling self-service AI across the entire development lifecycle, which helps increase productivity and build smarter, more secure applications faster.”

Securely Powering the JFrog Software Supply Chain Platform with Agentic AI

The Model Context Protocol (MCP) is an open, industry-standard integration framework designed to connect AI systems with external tools, data, and services. With JFrog’s MCP Server, developers can now use natural language commands like “Create a new local repository” or “Do we have this package in our organisation?” to interact with the JFrog Platform directly from their IDE or AI assistant. Teams gain immediate awareness of open source vulnerabilities and software package usage without context switching, saving developers time. AI automation also helps simplify complex queries that previously required advanced developer knowledge, helping all teams work smarter and faster. 

While remote MCP servers can help facilitate rapid code iteration and improve software reliability, they are not without risk. The JFrog Security Research Team recently discovered vulnerabilities, such as CVE-2025-6514 that could hijack MCP clients and execute remote code, potentially leading to severe consequences. This is another reason why JFrog’s MCP Server is designed with security in mind and relies exclusively on trusted connection methods, such as HTTPS. 

JFrog’s MCP Server securely provides:

• Essential Tools for Gaining Software Package Insights: Users can leverage a base toolset to create and manage projects, repositories, view build status, and query detailed package and vulnerability information.
• Centralised, Cloud-Native MCP Server with Automatic Updates: Available to JFrog SaaS customers and multi-tenant environments,  JFrog’s MCP server is implemented as a remote, secure server available in all JFrog cloud environments, providing automatic version updates and improvements with less maintenance.
• Secure OAuth 2.1 Authentication: Enforcing modern token-based authorisation with scoped access per tenant and tool, making sure all operations are authenticated and performed under the identity of the end user.
• Production-Grade Monitoring: Comprehensive logging and event tracking for actionable insights into tool usage.

JFrog’s new MCP Server for the JFrog Platform is now available for developers to test and provide feedback during a preview period. For more information and to get started, check out this blog or visit the AWS marketplace. Interested parties can also check out this step-by-step guide on how to get your JFrog MCP client up and running quickly.