al-ice.ai

JFrog — Universal MCP Registry for AI supply-chain security

Security by al-ice.ai Editorial

AI relevance: MCP servers, agent skills, and ML models are becoming the new attack surface for software supply-chain threats — JFrog's registry applies package-security rigor (signing, scanning, compliance gates) to these AI-native artifacts.

  • JFrog announced a Universal MCP Registry on March 18, 2026 — a system of record for MCP servers, agent skills, models, and agentic binary assets.
  • The registry treats MCP servers with the same security standards as software packages: vulnerability scanning, compliance enforcement, and provenance tracking.
  • Native security-by-design: proactively blocks download and execution of malicious or non-compliant MCP servers before they reach developer machines or agent runtimes.
  • The launch comes amid evidence of growing MCP risk: BlueRock Security found 36.7% of 7,000+ MCP servers contain vulnerabilities, and studies show a 23–41% increase in attack success rates when MCP integrations are involved.
  • The registry is designed to eliminate "blind spots across the AI software supply chain" — addressing the gap where agents and developers pull MCP servers naively from unvetted sources.
  • The announcement coincides with growing enterprise adoption of MCP as a standard for connecting AI agents to tools and data sources.

Why it matters

  • MCP servers have become the npm of the agent ecosystem — but without npm's 15 years of supply-chain hardening. Today, most MCP servers are installed from GitHub or npm with minimal vetting.
  • A malicious MCP server can exfiltrate data, steal credentials, or act as a C2 channel for an agent — all through legitimate-looking tool integrations.
  • Having a centralized registry with scanning and signing is the right structural response, though adoption will determine whether it becomes a real defense or just another feed to ignore.

What to do

  • Inventory your MCP servers: Audit which MCP servers are in use across your organization — both officially deployed and installed by individual developers.
  • Adopt registry-based installs: If your tooling supports it, route MCP server installations through a vetted registry rather than direct GitHub/npm pulls.
  • Scan before deploy: Run MCP servers through SAST/SCA scanning in CI, treating them as you would any other binary artifact.
  • Least-privilege tool access: Configure agent runtimes so MCP servers only have the minimum permissions required for their function.

Sources