Securely Integrate AI Sources – JFrog Announces MCP Registry
JFrog introduces an MCP Registry that checks local and external AI sources for security. The AI Catalog also features a search for shadow AI.
(Image: Family Stock/Shutterstock.com)
At the SwampUp Europe customer conference in Berlin (November 12-14, 2025), JFrog showcased an MCP Registry that allows development teams to securely integrate AI sources into their developer and build environments via the Model Context Protocol (MCP).
The registry, expected to be available in the first quarter of next year, will enable central management, addition, or blocking of local and external MCP sources within the JFrog platform. Admins can set policies for how developers are allowed to integrate and use sources. This extends to individual functions of a server: in the example shown by JFrog at the conference, an admin could, for instance, prohibit developers from creating or deleting repositories on GitHub's MCP server.
The program of the CLC, from November 18 to 20, 2025 in Mannheim, covers all topics related to Platform Engineering and Developer Experience. Tickets and further information on the CLC website.
The registry not only blocks known malicious sources, but admins can also define meta-conditions, such as a source must be open source or have reached a certain maturity level. Developers are therefore only allowed to use a server if it has been available for fourteen days, for example. The latter ensures that versions that have been hacked and uploaded at short notice are blocked.
JFrog also checks all dependencies of servers in containers or packages like npm. Furthermore, the registry serves as an MCP gateway that controls the exchange between developers' IDEs and the external source. The policies can have company-wide validity or be assigned to individual projects.
Videos by heise
MCP poses a security risk for companies because responses from connected servers can trigger local actions via AI agents, including those with deletion, espionage, and other malicious potential.
Finding and Regulating Shadow AI
MCP Registry functions similarly to JFrog's AI Catalog introduced in September for AI models. This tool also received a new announcement at SwampUp: it now specifically searches for AI models and components in the repository as well as in dependent packages and libraries. These models are then subject to the same policies that administrators have set in the AI Catalog. The AI Catalog also serves as a proxy and offers monitoring of AI usage.
(who)
