JFrog just embedded supply chain governance into Claude Code's decision loop. Your agents can no longer pull unvetted packages.

Injection vulnerabilities in software packages grew 3,110% in 2025.

Your AI coding agent is the reason.

JFrog shipped a Claude Code plugin on June 10 that solves this at the source.

Instead of scanning after the agent recommends a package, JFrog checks it at the moment of recommendation.

Four capabilities:

1. Package safety checks via JFrog Curation run real-time validation against npm, Maven, PyPI, and Go before the dependency ever enters your codebase.

2. MCP server governance through Agent Guard manages which Model Context Protocol servers are discoverable by your agent. Unmanaged MCP servers are the expanding blind spot — prompt hijacking, over-privileged access, credential exposure.

3. Artifactory integration lets Claude Code query repositories, builds, permissions, and release bundles via natural language.

4. Platform administration keeps Artifactory manageable from inside the development workflow.

The structural shift: governance now travels with the agent, not after it.

Traditional security workflows operated later in the pipeline — PR reviews, CI/CD scans, artifact promotion. That compression window between AI suggestion and build artifact is where governance gaps form.

Every remediation cycle burns developer time and token budget.

Install the plugin. Run `jf config add`. Enable Agent Guard if your subscription includes AI Catalog.

Audit your MCP server inventory today. If your agents are connecting to unmanaged servers, you are one prompt injection away from a supply chain compromise.

SOURCE: https://jfrog.com/blog/introducing-the-jfrog-plugin-for-claude-code/
VERIFIED: JFrog blog (June 10, 2026), Stack Archive (June 10, 2026), JFrog 2026 Supply Chain Security Report
SIGNAL: This is the first concrete example of supply-chain governance embedded directly into an AI coding agent's decision loop. Expect every security vendor to ship equivalent plugins within 60 days.

---