Exploring AI and the future of the software supply chain

AI assistants will shape the future of the software supply chain, and today, we’re sharing a glimpse of a powerful idea in motion: Cloudsmith MCP, a proof of concept server that connects large language models (LLMs) like ChatGPT and Claude directly to your software supply chain using the emerging Model Context Protocol (MCP) standard.

Imagine managing policies, surfacing security insights, or orchestrating package workflows with a simple natural language prompt. No dashboards, no scripting, just a simple question or instruction that delivers the right end result. If this sounds interesting, you should register for early access.

This isn’t a launched product (yet), but it’s a clear signal of where we think Cloudsmith is headed: toward smarter, more conversational workflows that make it easier to control your software supply chain.

Why we believe MCP matters

MCP is a standard way to make information available to LLMs. Similar to an API, MCP provides a documented, standardized way for a client to integrate services from external sources.

MCP enables AI assistants to query and interact with software supply chain data, so it creates a foundation for smarter workflows and more accessible control over artifact management.

In essence, adding MCP capabilities to Cloudsmith offers up an entirely new interface to your software supply chain, with AI agents and LLMs working together to achieve your goals. We're exited to see MCP becoming a flexible new point of integration between our customers' third-party services and Cloudsmith.

What we've built

Our MCP prototype leverages Cloudsmith’s API-first architecture to provide programmatic access to developers through their AI assistant. Through standardized MCP requests, you can ask questions about your software supply chain or take safe, controlled actions - like managing policies or promoting packages - directly within Cloudsmith. This opens up conversational workflows with the Cloudsmith platform.

For example, you might ask your AI assistant to identify what package is trending up in usage month over month or see all of the versions of a particular package in use across your workspace. In the future, your AI assistant will be able to review your organization’s compliance and security requirements and recommend or create a set of policies in Cloudsmith’s Enterprise Policy Manager based on that input.

What we’ve learned

Building this prototype was a good reminder of a few fundamentals. First, an API-first foundation makes it easier to experiment, so it’s good that Cloudsmith is built truly API-first. Second, the data running through platforms like Cloudsmith can offer valuable insights when it’s made accessible to clients in lots of different ways. We’re giving developers and AI assistants simpler ways to ask questions, take actions, and get things done.

There’s still plenty to figure out, but MCP is already making artifact management and software supply chain management more intuitive and straightforward, especially at enterprise scale.

Help us shape the release version

Cloudsmith MCP is currently a proof of concept and will be available in early access for select customers and partners. If you're exploring the intersection of DevOps, AI, and supply chain security, we’d love to work with you. Register for early access on the announcement page.