William Blair has reiterated an Outperform recommendation on JFrog after Anthropic introduced Claude Code Security, a tool aimed at scanning source code for vulnerabilities. The research firm said it finds limited overlap between Anthropic’s new offering and JFrog’s security suite, which is oriented around artifact and binary security rather than source-code scanning.
JFrog’s product set cited by William Blair includes Xray for binary scanning, Curation for blocking malicious packages, AppTrust for governance at the binary level, and Run-Time Security. The firm highlighted JFrog’s strong margin profile and recent top-line performance, noting gross profit margins of 77% and 24% revenue growth to $532 million over the last twelve months. At the time of reporting, the stock trades around $36 and the company carries a market capitalization of $4.29 billion, while InvestingPro analysis points to the company being undervalued at current prices.
William Blair emphasized the importance of JFrog’s capabilities in environments where agent-generated source code and other non-traditional sources of code enter the software supply chain. The research note pointed out that most components embedded in shipped software stem from open-source dependencies, third-party packages, internal libraries, and build systems rather than from code authored directly by development teams. That dynamic, the firm argued, increases the relevance of tools that provide binary-level visibility and governance.
Framing security for compiled and packaged code as a control-plane challenge, William Blair described JFrog as serving a system-of-record role for built binaries and software packages. The firm cast JFrog as a gatekeeper that helps determine what is permitted to enter and propagate within an organization, an ability it said operates independently of whether code is produced by human developers or by coding agents. This gatekeeping function is, according to the research note, a foundation for a single source of truth for software releases.
The firm also drew attention to recent analyst moves around JFrog. TD Cowen raised its price target to $80 from $75, pointing to cloud growth that outpaced expectations, with an observed 42% expansion versus an anticipated 32%. Cantor Fitzgerald and TD Cowen maintained favorable stances on the stock, with Cantor Fitzgerald keeping an Overweight rating and TD Cowen reiterating a Buy rating with an $80 target. Truist Securities reiterated a Buy rating and left a $70 price target in place, citing a strong fiscal 2025 finish driven by cloud revenue and enterprise sales.
At the same time, Stifel reduced its price target to $52 from $64, explicitly citing concerns related to AI security following the announcement of Claude Code Security. TD Cowen analysts noted that market reaction to Anthropic’s product may be overstated, arguing that code-scanning represents a relatively small portion of the broader set of JFrog capabilities. William Blair’s note also referenced that nine analysts have recently revised earnings estimates upward, and the consensus view reported in coverage anticipates the company turning profitable this year.
Together, these assessments paint a picture of mixed sentiment among the sell-side. Several firms have moved to increase targets or reiterate constructive ratings on the back of cloud momentum and enterprise demand, while at least one notable firm has trimmed its target citing AI security dynamics. William Blair’s central contention is that JFrog’s artifact- and binary-centric controls place it in a different competitive bucket than tools focused solely on source-code scanning.
Further reading and access - The coverage referenced a comprehensive Pro Research Report for deeper financial and growth analysis for JFrog and over 1,400 other U.S. equities. The report was cited as the source of more detailed projections on the company’s financial health and growth prospects.
Note - Where the available analysis was limited or divergent across firms, the reporting reflects those differences rather than synthesizing a single implied outcome. The coverage presents the positions and price-target changes as reported by the analysts and the firm commentary discussed above.