AI-powered development tools accelerate the production of software. But they also introduce a familiar challenge: how do you ensure that what's generated is secure, compliant, and trustworthy?
The answer lies in context. AI-generated code is only as reliable as the data and intelligence behind it. Without the right context from AI code security tools, development speed can quickly turn into risk.
Vulnerable dependencies, license issues, and low-quality components can enter the software supply chain faster than ever — and when teams are forced to debug and remediate those issues later, the productivity benefits of AI quickly erode. Our research underscores this growing challenge as organizations scale AI-assisted development.
That's exactly what changes when you combine Kiro, AWS's agentic AI integrated development environment (IDE), with Sonatype Guide. Using the Model Context Protocol (MCP), this integration connects Kiro to real-time open source intelligence, so developers can move fast with AI while grounding every decision in trusted data.
Tools like Kiro are incredibly powerful. They help developers move faster by generating code, automating repetitive tasks, and accelerating everything from prototyping to production.
But like any AI coding assistant, Kiro is only as good as the information it can access.
Without the right context, AI can:
Suggest vulnerable or outdated dependencies.
Introduce license compliance risks.
Recommend components with known security issues.
The result is a growing gap between speed and safety. AI accelerates development, but without embedded intelligence and guardrails, it can just as easily scale risk — leaving teams to catch issues later in the SDLC when they're more costly to fix.
Sonatype Guide fills this gap by acting as a real-time source of trusted open source intelligence, embedded directly into the development workflow.
Kiro Powers (such as Sonatype Guide) are purpose-built integrations that extend Kiro's capabilities by connecting it to external systems and specialized sources of knowledge. Using MCP, Kiro can securely communicate with tools like Sonatype Guide — bringing authoritative, real-time open source intelligence directly into every AI-driven interaction.
With Guide integrated, Kiro gains access to:
Deep vulnerability intelligence.
License and compliance insights.
Package quality and health signals.
Curated recommendations for safer alternatives.
These insights are delivered inline, at the moment decisions are made, not after the fact.
Instead of relying solely on generic training data or static knowledge, Kiro can now query Sonatype's continuously updated understanding of the open source ecosystem in real time via MCP. The result is AI-generated code that isn't just faster to produce, but grounded in real-world security, policy, and quality considerations.
In a typical Kiro workflow, AI may suggest or introduce dependencies as it scaffolds, updates, or enhances an application. With Sonatype Guide connected through MCP, those components can be evaluated in real time before they become hidden risks.
Instead of accepting AI-generated dependency choices at face value, developers can see trusted intelligence directly in their workflow, including:
Known vulnerabilities and security risks.
License and policy considerations.
Package quality, maintenance, and overall health.
Safer alternatives when a component introduces risk.
This helps teams move from reactive remediation to proactive decision-making, identifying risk earlier while staying focused in Kiro.
To see how this workflow comes together, watch the demo below.
The combination of Kiro and Guide is not just about convenience. It's about fundamentally improving how teams build software.
By embedding Guide directly into the AI workflow, security decisions happen at the moment code is generated, not later in the pipeline.
AI can accelerate development, but it can also amplify risk. With Guide in the loop, every suggestion is backed by:
Known vulnerability data.
Policy-aware recommendations.
Proven component intelligence.
Developers don’t need to switch tools or wait for downstream scans. The insights they need are delivered inline, in real time.
By combining Kiro with Sonatype Guide, organizations can ensure that every developer — regardless of experience level — makes consistent, policy-aligned decisions.
AI is more than a productivity tool. It's a decision-making partner. To be effective, it needs to be grounded in real-world intelligence.
By integrating Kiro and Sonatype Guide through MCP, AI-generated code is informed by continuously updated security, compliance, and quality insights at the moment it's created.
This approach:
Augments AI with trusted data sources.
Applies governance at the point of creation.
Aligns development speed with security and compliance.
The result is a development workflow where teams don't have to choose between moving fast and building securely. They can do both by default. See this in action by watching our full demo.