Login Contact Us Book a Demo

Sonatype Introduces Guide, the Intelligent Solution for Secure Agentic Development

Share:

New solution connects generative and agentic AI coding assistants to real-time open source intelligence to optimize development speed, reduce security risk, and automate dependency maintenance.

Fulton, Md. – December 9, 2025 Sonatype®, the leader in AI-driven DevSecOps, today unveiled Sonatype Guide, a new developer tool that makes AI-assisted software development faster, safer, and more efficient. As organizations rapidly adopt AI coding assistants, Guide serves as the intelligent backbone that steers those tools toward secure, high-quality open source components and autonomously maintains dependencies over time.

AI Coding Assistants Need Guardrails

AI coding assistants are helping developers move faster, but because AI models are trained on public data that may be months or years out of date, they frequently recommend vulnerable, low-quality, or even imagined packages. Detailed in a forthcoming study, Sonatype research found that the leading generative AI LLMs powering today’s coding assistants hallucinate packages up to 27% of the time, which means they attempt to update or develop modern software with nonexistent or malicious open source components. This creates rework for development teams, slows delivery, burns LLM tokens, and introduces unnecessary security risk. 

Across the same component sample, Sonatype produced zero hallucinated versions, delivering unmatched accuracy in upgrade guidance. Enterprises using Sonatype Guide have achieved more than a 300% improvement in security outcomes while reducing total security remediation and dependency-upgrade costs by over 5x compared to the leading competitive strategy — measured in both direct spend and developer hours.

“Every organization wants to harness the productivity of AI, but they can’t afford to compromise security or long-term maintainability,” said Bhagwat Swaroop, Chief Executive Officer at Sonatype. “Guide is developer-centric, AI-native, and born in the cloud. It brings discipline and intelligence to AI-assisted development. It empowers teams to move faster and safer by steering AI toward secure, reliable components and automating the tedious dependency work that slows teams down. This is a significant step forward for the industry and for our customers.”

Protecting Developers in the AI Era

Sonatype Guide integrates directly with popular AI coding assistants — including GitHub Copilot, Google Antigravity, Claude Code, Windsurf, IntelliJ with Junie, Kiro from AWS, and Cursor — so organizations can keep their existing workflows while upgrading the quality and security of the dependencies pulled in. Guide is powered by Sonatype’s market-leading open source intelligence, already trusted by more than 15 million developers around the world. Core features of Guide include: 

  • MCP Server for AI Coding Assistants: As a high-speed middleware layer between AI coding assistants and Sonatype intelligence, the MCP server intercepts package recommendations in real time — instantly guiding developers to secure, reliable versions before code reaches the repo. It turbocharges development and delivers the ultimate shift-left by optimizing component choices in real-time.
  • Enhanced Open Source Software (OSS) Search for Instant Decisions: A modern search experience that instantly surfaces the lowest-effort, highest-impact fixes and upgrade choices — giving developers fast insight into component health, security risks, and recommended alternatives.
  • Enterprise Grade API: Access to the Nexus One Platform API — including the Sonatype OSSI Index API format — delivers complete, unrestricted, and backward-compatible access to the reliable data your systems and integrations already depend on.

“Developers love the speed AI coding assistants unlock, but they’re also the ones stuck untangling bad package recommendations or chasing down dependency issues later,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. “Guide gives developers the help they actually want — real-time intelligence that steers AI toward secure, well-maintained components and cuts out hours of research and rework. It means fewer interruptions, cleaner code from the start, and more time spent building the things that matter.”

Guide is built on Sonatype Intelligence — the industry’s most trusted source of real-time data on open source quality, security, and project health. Drawing on decades of expert curation and analysis, it identifies vulnerabilities, deprecations, and malicious packages long before they spread. By embedding this intelligence directly into AI workflows, Guide ensures developers make safe, informed decisions from the start.

For more information about Sonatype Guide, visit https://www.sonatype.com/products/sonatype-guide. Get started free today at  https://guide.sonatype.com/register

About Sonatype 

Sonatype is the leader in AI-driven DevSecOps. As the maintainers of Maven Central and creators of Nexus Repository, Sonatype has spent two decades pioneering how the world manages and secures open source software — making Sonatype the trusted authority for modern software supply chains. With unmatched open source visibility and a unified product suite built for modern software development, Sonatype gives enterprises the intelligence and automated governance they need to harness the full potential of open source and AI. Sonatype handles the complexity behind the scenes: guiding component and model selection, blocking harmful malicious code, automating dependency and vulnerability management, and ensuring faster, more reliable builds — so developers spend more time on innovation and less time on remediation and rework. Trusted by more than 15 million developers, Sonatype helps power secure, modern software development at nearly 2,000 global organizations including 70% of the Fortune 100. To learn more about Sonatype, please visit www.sonatype.com.