Sudhir Narla, GM, India, and VP of Customer Success, APAC, JFrog, on Agentic AI, software supply chains, and trust.
As organizations move quickly to adopt AI, the focus is shifting from experimentation to making AI work at scale. AI is helping developers to be more productive and driving automation and innovation, but it also brings new challenges in governance, security, compliance, and trust. With AI-generated code, open-source dependencies, and supply chain risks, tech leaders now have to balance acceleration with keeping control, accountability, and resilience.
GM, India, and VP of Customer Success, APAC
JFrog
As things change, software supply chain security has become a top priority for CIOs and engineering leaders who want to build trustworthy, AI-ready organizations. JFrog, based in Sunnyvale, California, is operating in this space. It helps organizations manage, secure, and automate software delivery from development to deployment.
In a recent interaction with CIO&Leader, Sudhir Narla, GM, India, and VP of Customer Success, APAC, at JFrog, discussed the rise of Agentic AI, how software development is changing, the increasing importance of software supply chain security, and why trust, rather than speed, will decide which organizations succeed as AI-native enterprises.
CIO&Leader: Enterprises are aggressively adopting AI, but many AI initiatives struggle to move from pilots to production. What are the key factors that separate successful AI deployments from failed ones?
Sudhir Narla: Many people think that the success of AI deployment is just about using the latest models or moving faster. In fact, real success with AI depends on trust, good governance, and strong operational discipline.
Today, organizations are leveraging AI-generated code, adding open-source dependencies, and building agentic workflows faster than ever. But moving quickly without proper governance can be risky. CIOs need to set clear rules for AI use, manage models, oversee software supply chains, and implement robust security controls.
The organizations that will do well are those that see AI as more than just a way to boost productivity—they treat it as a matter of business trust. These companies know where their code comes from, how their models are trained, what dependencies they use, and how they find and fix security issues. In the AI era, trust will set successful organizations apart.
CIO&Leader: At a time when enterprises are grappling with AI adoption, software supply chain security risks, and increasingly complex governance requirements, how are you addressing these challenges?
Sudhir Narla: What sets JFrog apart is that we offer a full platform, not just a single solution. For almost twenty years, software development followed the same steps: developers wrote code, tested it, and then deployed it. Now, with AI, especially agentic AI—this process is changing fast. AI can write code, pull in open-source dependencies, and speed up software delivery.
The main challenge for companies is not just moving quickly, but also having good governance, visibility, and trust. Organizations need to know who is responsible for their software components, whether their dependencies are safe, and how AI-generated outputs are being checked.
We offer a comprehensive platform that enables companies to manage their software supply chain securely. Our goal is to help customers trust the software they build and use by giving them tools for governance, security, traceability, and proof at every step. In the AI era, speed matters, but speed with trust counts most.
CIO&Leader: As organizations accelerate software delivery through AI-assisted development, how should CIOs balance innovation and security?
Sudhir Narla: In the past, people often saw security as something that slowed down innovation. But today, security needs to be built into the development process from the start, not just added at the end.
I often compare this to airport security. Traditional security processes resemble manual inspections, where each item must be checked individually, resulting in delays and operational bottlenecks. Modern security platforms function more like advanced screening systems: they automatically identify potential risks and surface only the issues that require human attention. Through automation, continuous monitoring, policy-driven governance, and DevSecOps practices, organizations can streamline security operations without compromising protection. The result is a stronger security posture that enables faster innovation while maintaining resilience, compliance, and operational efficiency.
“Modern software development relies heavily on open-source components. Every new dependency added to an application becomes part of the company’s software supply chain. Without good oversight and visibility, security problems can quickly spread across systems.”
Sudhir Narla, GM, India, and VP of Customer Success, APAC, JFrog
CIO&Leader: How concerned should CIOs be about the risks associated with AI-generated code and open-source dependencies?
Sudhir Narla: This is a serious concern. We see that AI coding tools are being used much faster than the security controls needed to manage them.
Many organizations are excited about how AI-generated code can boost productivity, but not many have set up ways to check, monitor, and secure this code. AI can write code quickly, but that does not mean it is always high quality, compliant, or secure.
Modern software development relies heavily on open-source components. Every new dependency added to an application becomes part of the company’s software supply chain. Without good oversight and visibility, security problems can quickly spread across systems.
For CIOs, the real challenge is not deciding whether to use AI, but figuring out how to establish trusted processes for its use.
CIO&Leader: We are witnessing a surge in software supply chain attacks globally. How should enterprise leaders respond?
Sudhir Narla: Software supply chain security is now one of the top cybersecurity priorities for modern companies.
In recent years, companies have seen an increase in attacks on software dependencies, repositories, and development environments. These attacks often bypass traditional security by entering through trusted parts of the development process.
Enterprise leaders need to focus on three key areas: End-to-end visibility across software artifacts and dependencies, Continuous vulnerability detection and remediation and comprehensive Software Bill of Materials (SBOM) management.
Knowing what is inside an application is now just as important as protecting it. Visibility and traceability have become strategic strengths, not just technical needs.
CIO&Leader: How do you see compliance and regulatory requirements evolving in India, particularly with DPDP and RBI mandates?
Sudhir Narla: India is entering a new phase in which cybersecurity, privacy, and software governance are now priorities at the board level.
The Digital Personal Data Protection (DPDP) Act is increasing accountability around data handling, while regulators such as the RBI are emphasizing software transparency and Software Bill of Materials requirements.
What is interesting is that compliance is no longer viewed simply as a legal requirement. Leading organizations now see it as a way to build trust. Customers, regulators, and partners want to see how software is built, secured, and managed. They want to manage risk and build stakeholder confidence going forward.
CIO&Leader: How will Agentic AI transform software engineering and the role of technology teams over the next few years?
Sudhir Narla: Agentic AI is one of the biggest changes the software industry has seen in decades.
In the past, people wrote, tested, and deployed code themselves. Now, we are moving to a model where AI agents can write code, suggest fixes, create patches, and automate much of the development process.
The main question is not whether AI will be part of software development—it already is. The real question is how companies will govern, monitor, and check the outputs AI creates.
Software engineering teams will change a lot. There may be fewer people writing code and a greater need for software architects, platform engineers, AI governance experts, security specialists, and quality reviewers. Human skills will focus more on design, oversight, and decision-making rather than on repetitive coding.
CIO&Leader: Looking ahead, what will distinguish organizations that successfully build trusted AI-native enterprises from those that struggle?
Sudhir Narla: Mindset will be the key factor.
Organizations that view AI solely as a tool for speed and productivity may achieve short-term gains but expose themselves to long-term risks. In contrast, organizations that build AI with governance, transparency, accountability, and security at the core will create sustainable competitive advantage.
Trusted AI-native enterprises will establish clear guardrails, maintain visibility across their software supply chains, invest in responsible AI practices, and ensure that every AI-driven outcome can be explained, monitored, and governed.
The future belongs to organizations that prioritize trust as much as innovation. Speed may create opportunity, but trust creates lasting business value.