Developer productivity is exploding thanks to AI coding assistants, but this explosion is creating a security crisis that manual approaches simply cannot handle. In this exclusive interview from KubeCon, JFrog’s Global SVP reveals how organizations can maintain security without sacrificing the 10-12x productivity gains that AI enables.
Rafael Santiago joins us on Techzine TV to discuss the mounting challenge of securing the tsunami of binaries being generated by AI-assisted development. As developers embrace “vibe coding” and AI tools, they’re unknowingly introducing new attack vectors that traditional security approaches are ill-equipped to handle. In this video, you’ll discover why bad actors have shifted their focus from source code to binaries, and how JFrog’s unique approach blocks threats before they ever enter your codebase, not after. Santiago reveals the three-layer security strategy that makes this possible and explains why other vendors’ approaches are “too conservative” and disrupt developer workflows.
What you’ll learn in this interview
Santiago explains the critical security gap that’s emerged with AI coding assistants. When developers download MCP servers to work alongside tools like Cursor, Claude, or OpenAI, these servers make unmonitored calls to libraries and generate code with hidden risks. Learn how JFrog’s new MCP Registry addresses this shadow IT problem. You’ll discover how JFrog maintains developer productivity while enforcing security, a challenge that often causes developers to circumvent restrictive security measures. Santiago shares why JFrog’s approach feels like “electricity” to developers: invisible until you need it, and always guiding you toward safe alternatives.
The conversation also covers JFrog’s recent announcement at Nvidia’s GTC event, revealing how the company is providing governance for Nvidia’s Nemo Claw environment while remaining platform-agnostic across AI coding environments.
Key topics explored
- Why the 10-12x increase in developer productivity from AI creates an unprecedented security challenge
- How JFrog’s curation capability blocks malicious libraries at the firewall level before they enter your code
- The difference between JFrog’s approach and competitors who scan after code has already been fetched
- Why machine learning models and binaries are easier targets for malicious actors than source code
- How contextual security analysis reduces false positives by understanding how libraries are actually used
- The emerging threat landscape around MCP servers and AI coding assistants
- How organizations can customize security policies without stopping developer workflows
- JFrog’s integration with Nvidia Nemo Claw and what it means for AI governance
- Why European legislation like DORA is making solutions like JFrog mandatory, not optional
- How JFrog covers the complete lifecycle from development through production runtime
Whether you’re responsible for DevOps, security, or development, this interview provides crucial insights into how your organization can embrace AI-assisted development without exposing yourself to the new generation of supply chain attacks targeting binaries.
Watch the full interview to understand why JFrog believes automation and intelligent filtering are the only viable path forward in an era where manual security oversight is no longer feasible.