JFrog Ltd., the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today announced its new JFrog Agent Skills Registry at NVIDIA GTC. Validated through early integration with NVIDIA, the platform is designed to provide governance and a verifiable trust layer required for agentic workforces to operate securely at enterprise speed and scale.
JFrog has announced the new JFrog Agent Skills Registry, validated through early integration with NVIDIA.
The registry is built to provide governance, security, and a verifiable trust layer for AI agents operating at enterprise scale.
It will support NVIDIA Agent Toolkit, including NVIDIA OpenShell, an open-source runtime for building and deploying safe, autonomous AI agents.
JFrog Artifactory will serve as a registry for AI models and agent skills with the NVIDIA AI-Q Blueprint, as part of the NVIDIA Agent Toolkit.
The solution enables organizations to scan, verify, and govern all agentic binary assets to prevent malicious or unvetted skills from causing harm.
The integration provides a centralized system of record to track, audit, and manage the provenance of agents, NVIDIA NIM, and MCP servers.
The rapid evolution of AI has made autonomous agents, which rely on skills, a standard part of the software supply chain. However, an infrastructure layer beneath them is needed to enforce policies, security, and privacy controls required to make them safe for use. Without a standardized infrastructure, organizations face unprecedented security and compliance risks, as demonstrated by recent OpenClaw manipulations and breaches.
"AI agents are fundamentally reshaping how software is created and operated, but without a dedicated trust layer to enforce governance and secure workflows, they introduce significant enterprise risk," said Gal Marder, JFrog's Chief Strategy Officer. "Just as a malicious software package can compromise an application, an unvetted skill can guide an agent to perform harmful actions. To safely deploy autonomous agents at scale, organizations must move beyond blind trust. Working closely with the NVIDIA Enterprise AI Factory team, we are establishing a reliable system of record to store, scan, and govern all agentic binary assets across the software supply chain."
The new JFrog Agent Skills Registry will support NVIDIA Agent Toolkit, including NVIDIA OpenShell, an open-source runtime for building and deploying safe, autonomous, long-running AI agents. Additionally, JFrog Artifactory will serve as a registry for AI models and agent skills with the NVIDIA AI-Q Blueprint, as part of NVIDIA Agent Toolkit.
"Security and governance are key to deploying AI agents in the enterprise," said Pat Lee, vice president, Enterprise Partnerships, NVIDIA. "JFrog's Agent Skills Registry for NVIDIA OpenShell supports security and control for deploying long-running agents to help scale enterprise productivity with powerful new AI tools."
By establishing the JFrog Platform as an integrated, secure registry for NVIDIA AI-Q Blueprint and NVIDIA OpenShell runtime, enterprises will be able to safely operate agents using verified skills, MCP servers, models, and software packages. The NVIDIA and JFrog teams worked closely to validate a workflow for the ingestion and management of Artifactory as a skills registry, including support for NVIDIA-developed skills, using NVIDIA cuOpt as the first example of a packaged skill. This integration gives NVIDIA a single, governed endpoint for distributing verified AI skills across all agent platforms, with a promotion model that enforces increasing security gates from team to enterprise-wide use.
JFrog's new offering includes several key capabilities designed to secure the agentic software supply chain. The JFrog Platform is validated for the NVIDIA AI-Q Blueprint for lifecycle management and governance of agent skills. It also natively integrates with the NVIDIA OpenShell runtime, designed to provide secure, private, and scanned resources. The JFrog AI Catalog and Agent Skills Registry act as the central control plane for NVIDIA OpenShell, providing a single source of truth to track, audit, and manage the provenance of agents, NVIDIA NIM, and MCP servers.
Furthermore, the JFrog AI Catalog automatically scans, verifies, and signs all AI skills upon upload to detect vulnerabilities, malicious payloads, and compliance risks before NVIDIA OpenShell – or other agents – ever adopt them. The JFrog Platform also allows organizations to set strict approval workflows, ensuring developers and AI agents can only access permitted, verified skills for specific projects and business units. The NVIDIA OpenShell runtime then sandboxes each agent in an isolated, virtual environment, enabling safe execution of code without risk of broader network infection.
Through this deep partnership, JFrog and NVIDIA are establishing the foundational infrastructure required to safely deploy and scale agentic AI across the enterprise.
About JFrog
JFrog Ltd., the creators of the unified DevOps, DevSecOps, DevGovOps, and MLOps platform, is on a mission to create a world of trusted software delivery without friction from development to production. Driven by a "Liquid Software" vision, the JFrog Platform is a software supply chain system of record that is designed to power organizations as they build, manage, govern, and distribute secure software with speed and scale. Holistic security features help identify, protect, and remediate against threats and vulnerabilities.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.