EveryOps Day Mumbai 2026: Key Takeaways from India’s Summit

JFrog welcomed business and technology leaders from across India’s top organizations to EveryOps Day Mumbai 2026. The summit was dedicated to the future of software delivery in the age of AI. From opening keynote to closing remarks, everybody agreed that in an agentic software world, security, governance, and speed must coexist by design.    

Here is a look at the insights that defined the day.

Opening the Conversation: Trusted AI and the New Software Supply Chain

Sunny Rao, Senior Vice President for APAC at JFrog, opened the summit by framing the challenge facing every organization in the room: software teams must move faster while managing security, compliance, and AI.

Gal Marder, Chief Strategy Officer at JFrog, then took the stage for the opening keynote, Trusted AI: The New Frontier of EveryOps. Marder argued that autonomous AI agents have moved from being tools that assist developers to becoming active participants in the software supply chain This shift, demands that software supply chain governance should be built for the speed and scale at which agents operate.  

Managing the AI Tsunami

Prasanna Raghavendra, Head of R&D – India at JFrog, followed with a session outlining how advanced governance frameworks are the foundation upon which sustainable, agent-driven development must be built.  

1. AI is multiplying software delivery

Commits, PRs, and new repositories are spiking at rates no traditional pipeline was designed to absorb, and the curve is still climbing.

2. Headless applications are creating an artifact ecosystem

Agent-native software like Salesforce Headless 360 generates domain knowledge and model outputs that can silently drift from their source with zero UI to surface the gap.   

3. The poisonous neighbor is the new noisy neighbor

In agentic pipelines, one corrupted environment doesn’t slow others down, it can contaminate them, making isolation a security decision, not just a performance one. JFrog’s answer is branch-level repository isolation: the moment a branch is created, it gets its own fully contained environment.   

4. Continuous governance with compliance-as-code, context definitions, and evidence-based validation

The fix is treating governance the same way engineering treated testing: automate it, codify it, and run it continuously.

5. Building for business continuity at scale. Targeting four 9s of availability  

JFrog’s move to a multi-cloud, multi-region architecture, targeting four 9s of uptime is a recognition that the software supply chain is now critical infrastructure, not just a function.    

6. JFrog’s approach: curation, evidence-based compliance, and multi-site federation across clouds and regions

Together, these three pillars address the four forces reshaping the industry: ecosystem agility, environment isolation, continuous governance, and business continuity.

7. The strategic question every enterprise must answer in the AI era

AI is disrupting every industry that builds software. Every enterprise needs its own answer to each one. The organizations that treat these as infrastructure decisions today will be the ones still standing when the tsunami fully arrives.  

Fireside Chat: Engineering with AI at Scale at Infosys

The next session featured Naresh Choudhary, Senior Vice President of Quality & Productivity and Sudhir Narla, VP of Customer Success & GM India at JFrog.  

Drawing on more than two decades of leading technology organizations, Naresh Choudhary offered an honest account of what it takes to embed agentic AI into software delivery pipelines.

1. AI agents are becoming active participants in the software delivery lifecycle

AI has moved from fixing bugs to handling multi-day engineering tasks and within 2-3 years, Naresh believes it will tackle architect-level work that today only humans can navigate.  

2. The operating model shift is bigger than the technology itself

Cloud, DevOps, and microservices were incremental changes. Agentic AI is collapsing entire roles and no one yet knows which ones survive, merge, or disappear entirely.

3. Governance must now operate at machine speed

Infosys spent years building open-source governance manually. Today, with agents autonomously pulling dependencies around the clock, the entire governance framework has to run at the speed of machines.

4. Fabric is how Infosys helps engineers at scale
Rather than asking developers to choose models, manage data access, or orchestrate processes themselves, Infosys abstracts all of it through a platform layer called Fabric, so engineers focus on solving problems while model selection and governance is taken care of.

10. Fix the brakes before you upgrade the engine
Before accelerating with AI, make sure your governance, trust frameworks, and guardrails are solid enough to stop you when something goes wrong.

Securing the AI Surge: Security & Governance Amidst the AI-Powered Version Explosion

Asaf Cohen, Director of Product at JFrog Security, and Guy Eshet, Senior Manager of Product at JFrog, delivered the session which challenged a common instinct, is the answer to AI-generated threats is more scanners, tools, and alerts.  

1. Traditional security models break the moment agents enter the pipeline

Agents do not search for packages; they just consume them. Any security model that relies on human judgement at the point of dependency selection is structurally incompatible with agentic workflows.

2. Shadow AI is the new shadow IT

Only 8% of APAC organizations have policies governing AI model usage, and fewer still have the means to enforce them, meaning unvetted models are already inside the pipeline.

3 AI-generated code inherits everything the model was trained on

Coding agents trained on public GitHub will reproduce GPL-licensed code, vulnerable patterns, and deprecated packages. Snippet detection at the point of generation is the only scalable defense.

4. Chasing every CVE is not a security strategy

With 60,000 CVEs expected this year alone, teams that try to fix everything will fix nothing. Contextual analysis that separates exploitable from non-exploitable is what keeps security teams functional.  

5. Agentic remediation closes the loop

Feeding CVE context directly into a coding agent to generate a pull request with a trusted fix is is the remediation model that can keep pace with the volume of vulnerabilities ahead. 

Panel Discussion: AI in the Security Stack: Weapon, Shield, or Wildcard?

The session brought together DevSecOps leaders from India’s most complex software environments. Moderated by Gal Marder, the discussion featured:

Nambivengadam Srinivasan, Director of Cybersecurity – DevSecOps, Ford Motor Company

Ashok Kumar Ratnagiri, BISO, EdgeVerve

Jayashree Acharyya, Director – Global DevSecOps CoE Lead, PepsiCo

The panelists explored how their organizations are operationalizing AI responsibly.

1. The difference between attacker and defender is simply who wields it better

Every panelist agreed: the organizations that refuse to adopt AI as a security tool will be outpaced by adversaries who are already using it to target them.   

2. Evidence must be a byproduct of delivery

PepsiCo embeds stage gates directly into CI/CD templates so compliance evidence is generated automatically at runtime, making regulatory responses a retrieval rather than reconstruction.  

3. Discovery and identity management are the two controls no organization can skip

If you cannot discover every AI model and agent and assign a verifiable identity to each one, no other security control can be reliably enforced around them.

10. AI automation cannot replace human accountability

Sophisticated brakes, governed pipelines, and agentic remediation all matter, but when something goes wrong, a human must still be responsible and in the loop.

GitHub x JFrog: From Code to Trusted Release – Stories from the field

Karthik Rameshkumar, Director of Field Services – APAC at GitHub, and Yashaswi Mudumbai, Sr. Director of Solution Engineering at JFrog, took the stage for a joint session exploring how teams move from code to trusted release in an AI-driven world.  

1. Solving velocity created a new class of trust problems

GitHub’s own journey is the proof — Copilot and Actions accelerated development, but in doing so exposed a trust deficit that the industry is still scrambling to close.

2. GitHub as system for code and JFrog as system for dependencies creates end-to-end solution

When both are unified, CTOs can trace exactly what changed between releases, what dependencies shipped, and what evidence was attached, turning a forensic nightmare into a routine query.  

3. Fragmentation is a problem that compounds over time

Every new tool added to solve a specific problem creates context switching, cognitive sprawl, and organizational latency, eventually developers spend more time navigating the pipeline than building the product.

4. The teams doing this right share one thing: culture, not just tooling

The best tools in the world cannot compensate for the absence of the right people, processes, and shared accountability. It is the combination of all three that turns trusted release from an aspiration into a daily reality.

Closing Panel: The Autonomous Enterprise

The day’s final panel asked the most ambitious question of all: what does software delivery look like when the agents are in charge?  

Moderated by Sunny Rao, the closing discussion brought together panelists to forecast how agentic workflows will redefine productivity, security, quality, and trust over the next three to five years. Panelists included

Janaki Raman, Analyst, Advisor and Architect, Janakiram & Associates

Nitish Tyagi, Sr. Principal Analyst, Gartner

Kapil Talreja, Head of Enterprise Architecture and AI Platforms, Axis Bank   

1. Autonomous software delivery depends on strong foundations

Organizations need mature DevOps practices, platform engineering, governance, and security controls before agents can operate.

2. Accountability will remain a human responsibility

Even if AI agents own the delivery pipeline, leaders, architects, and teams will still be responsible for the systems and guardrails they create.  

3. Enterprises should focus on preparation rather than hype

Standardized processes, Infrastructure as Code, internal developer platforms, and AI workflows are practical steps organizations can take today to prepare for an autonomous future.  

Closing Thoughts

Sunny Rao closed the summit by returning to the theme: the world’s leading organizations are not choosing between speed and security. They are building the systems, practices, and cultures that make both possible. EveryOps Day Mumbai 2026 was a testament to how much progress India’s technology community has already made on that journey.