Software supply chain management firm Sonatype Inc. today announced the launch of Sonatype Guide, a new developer tool that makes artificial intelligence-assisted software development faster, safer and more efficient.
The service is designed to serve as an intelligent backbone that steers AI coding assistants toward secure, high-quality open-source components and autonomously maintains dependencies over time.
The problem that Sonatype Guide is seeking to assist with is that AI models are trained on public data that may be months or years out of date. So AI coding assistants, intended to help developers move faster, frequently recommend vulnerable, low-quality or even imagined packages.
According to a forthcoming study from Sonatype, leading generative AI large language models that power coding assistants hallucinate packages up to 27% of the time, meaning they attempt to update or develop modern software with nonexistent or malicious open-source components. That creates rework for development teams, slows delivery, burns LLM tokens and introduces unnecessary security risk.
In pre-launch testing, enterprises using Sonatype Guide achieved more than a 300% improvement in security outcomes while reducing total security remediation. The service also improved dependency-upgrade costs by more than five compared to the leading competitive strategy, measured in both direct spend and developer hours.
“Every organization wants to harness the productivity of AI, but they can’t afford to compromise security or long-term maintainability,” said Chief Executive Bhagwat Swaroop. “Guide brings discipline and intelligence to AI-assisted development. It empowers teams to move faster and safer by steering AI toward secure, reliable components and automating the tedious dependency work that slows teams down. This is a significant step forward for the industry and for our customers.”
Sonatype Guide works with popular AI coding assistants, including GitHub Copilot, Google Antigravity, Claude Code, Windsurf, IntelliJ with Junie, Kiro from Amazon Web Services Inc. and Cursor, to allow organizations to keep their existing workflows while upgrading the quality and security of the dependencies pulled in.
Core features of Sonatype Guide include a Model Context Protocol Server for AI coding assistants, which intercepts package recommendations in real time to instantly guide developers to secure, reliable versions before code reaches the repo.
The MCP server is complemented with enhanced open-source software search for instant decisions. It also has an enterprise-grade application programming interface that delivers complete, unrestricted and backward-compatible access to reliable data.
Guide is built on Sonatype Intelligence, a source of real-time data on open-source quality, security and project health that can identify vulnerabilities, deprecations and malicious packages long before they spread. By embedding this intelligence directly into AI workflows, the company says, Guide ensures developers make safe, informed decisions from the start.
Image: SiliconANGLE/Ideogram
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Networkwhere technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videospowering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
