What did Anthropic and JFrog announce for Claude Code?

They announced the JFrog Platform plugin for Claude Code, adding software supply chain governance and security capabilities to Anthropic’s AI coding agent tool.

Why is JFrog integrating with Claude Code?

JFrog says AI agents increasingly make decisions about dependencies, builds, and deployments, so enterprises need real-time control, visibility, and governance over those decisions.

What can developers do with JFrog Platform Skills in Claude Code?

JFrog Platform Skills are designed to let developers and AI agents execute JFrog platform operations using natural language.

How many artifacts does JFrog say its platform manages?

JFrog says its platform manages more than 18 billion artifacts, an increase of 136% from the previous year.

18B Artifacts Push Anthropic and JFrog Into AI Security

Q: What security problems is the JFrog plugin for Claude Code designed to address?

The plugin is aimed at reducing risks from malicious packages, vulnerabilities, and ungoverned AI assets entering production when AI agents operate without supply chain context.

Anthropic and JFrog announced the JFrog Platform plugin for Claude Code on Wednesday, June 10, bringing software supply chain governance directly into Anthropic’s AI coding agent tool, according to PYMNTS. The plugin is available immediately to all Claude Code users.

18 billion artifacts put the Claude Code deal in sharper focus

The headline is simple: Claude Code users can now connect Anthropic’s AI coding agent environment to the JFrog Software Supply Chain Platform. The deeper point is about control. JFrog wants to act as a trusted system of record for software artifacts, binaries, and AI assets as AI agents start touching more of the build process.

JFrog said the plugin is designed to bring “enterprise-grade software supply chain governance” to Claude Code. That means developers and their agents can scan, curate, and secure artifacts and dependencies inside the development workflow, rather than waiting for later security checks.

The companies framed the integration around a shift in how AI coding tools behave. Agents are no longer just suggesting snippets. They can make choices about dependencies, builds, and deployments. That changes the risk profile.

“AI-enabled innovation cannot come at the expense of security or compliance. Enterprises need a universal system of record with real-time control and visibility into the decisions these agents make, that's what this integration enables,” said Yoav Landman, JFrog’s co-founder and chief technology officer.

The JFrog announcement also cites Anthropic’s own warning on agent security:

“As agents grow more capable, attack surfaces are constantly shifting. The types of failures we’ve seen are likely to be repeated across industries and labs. We need collective investment in agent-specific security posture, from shared benchmarks and disclosure norms to common identity standards and cross-vendor red-teaming.”

That quote explains why this partnership matters beyond one plugin. Anthropic is acknowledging that capable agents create moving security targets. JFrog is selling the control layer.

Claude Code gets policy checks where developers actually work

The JFrog Platform plugin for Claude Code adds what JFrog calls domain-specific JFrog Platform Skills. These are designed to let developers and AI agents execute platform operations using natural language.

The company says the plugin works with the recently announced JFrog MCP Registry and JFrog Agent Skills Registry. The stated goal is to make sure agents, developers, and AI users pull only verified, secure, and governed MCP servers and agent skills.

That matters because the risk is not limited to bad code generation. The source material points to malicious packages, vulnerabilities, and ungoverned AI assets entering production when agents operate without supply chain context.

Area JFrog is targeting	Capability described in the announcement
Governance	Policy enforcement, package security, license compliance, and provenance validation inside the development workflow
Agent skills	Controls intended to keep agents pulling verified, secure, and governed MCP servers and agent skills
DevOps tasks	Repository management, project provisioning, and routine operations through JFrog Platform Skills
Auditability	Traceability from source commits to build artifacts for incident response and compliance proof

JFrog says this setup can reduce manual handoffs by enforcing policies as code is written. It also says security teams can get end-to-end traceability from source commits to build artifacts.

Analysis: that’s the real enterprise pitch. Speed alone won’t win over security teams if agents are pulling packages and triggering operations without a record of why. The plugin tries to make Claude Code usable in environments where audit trails, license compliance, and dependency controls are not optional.

Anthropic’s timing is also notable. PYMNTS reported that Anthropic this week debuted two Mythos-class models after developing safeguards to prevent misuse. For related context on that safety posture, see XOOMAR’s coverage of Claude Fable 5 Sells Mythos-Class AI on a Short Leash and Claude Fable 5 Unlocks Mythos, With AI Safety Cuffs.

JFrog pushes beyond one AI agent into multi-agent governance

JFrog is not presenting this as a one-off Claude Code extension. The company says its platform provides three layers of agent connectivity across AI coding environments: JFrog Platform Skills, JFrog MCP Tools, and agent-native plugin support.

Claude Code is the first named plugin in this announcement, alongside support references for Cursor and VS Code Copilot. JFrog says the broader plan is to bring the full JFrog Platform into each agent’s native environment with simple authentication and deployment.

That framing matters. Enterprises rarely standardize every developer on one coding interface forever. JFrog is pitching governance that follows the developer and the artifact trail, rather than staying locked inside one AI coding tool.

The source material does not include pricing, customer adoption numbers, revenue expectations, or implementation requirements for the plugin. It also does not say how many Claude Code users will adopt it or how quickly security teams can operationalize the controls.

Analysis: the open question is execution. A plugin can promise real-time governance, but enterprise value depends on whether policies are easy to configure, whether developers keep using the workflow, and whether security teams trust the resulting audit trail.

Enterprise AI coding now faces a control test

The near-term test is whether integrations like JFrog’s become standard for AI coding agents used inside large companies. The announcement points to a practical checklist buyers will care about: where policies are enforced, what agents are allowed to pull, how provenance is verified, and how fast teams can answer audit or incident questions.

For Anthropic, the deal gives Claude Code a stronger enterprise governance story. For JFrog, it extends its software supply chain role into AI-native development workflows at the moment agents are starting to touch more of the delivery pipeline.

The next signal to watch is not just whether developers install the plugin. It’s whether organizations treat governed AI coding agents as a requirement before giving agents deeper access to dependencies, builds, and deployments. If that becomes the enterprise bar, the vendors that can prove control inside the workflow will have the clearer path.

Impact Analysis

The integration brings software supply chain checks directly into Claude Code workflows.
JFrog’s artifact volume growth highlights the scale of governance challenges as AI coding agents expand.
Enterprises may gain more visibility and control over AI-assisted dependency, build, and deployment decisions.