NEWS > December 2025

Sonatype Introduces Guide, the Intelligent Solution for Secure Agentic Development

 

 

 

 

 

 

Sonatype Introduces Guide, the Intelligent Solution for Secure Agentic Development

December 9, 2025 - Sonatype®, the leader in AI-driven DevSecOps, today unveiled Sonatype Guide, a new developer tool that makes AI-assisted software development faster, safer, and more efficient. As organizations rapidly adopt AI coding assistants, Guide serves as the intelligent backbone that steers those tools toward secure, high-quality open source components and autonomously maintains dependencies over time.

AI Coding Assistants Need Guardrails

AI coding assistants are helping developers move faster, but because AI models are trained on public data that may be months or years out of date, they frequently recommend vulnerable, low-quality, or even imagined packages. Detailed in a forthcoming study, Sonatype research found that the leading generative AI LLMs powering today’s coding assistants hallucinate packages up to 27% of the time, which means they attempt to update or develop modern software with nonexistent or malicious open source components. This creates rework for development teams, slows delivery, burns LLM tokens, and introduces unnecessary security risk. 

Across the same component sample, Sonatype produced zero hallucinated versions, delivering unmatched accuracy in upgrade guidance. Enterprises using Sonatype Guide have achieved more than a 300% improvement in security outcomes while reducing total security remediation and dependency-upgrade costs by over 5x compared to the leading competitive strategy — measured in both direct spend and developer hours.

“Every organization wants to harness the productivity of AI, but they can’t afford to compromise security or long-term maintainability,” said Bhagwat Swaroop, Chief Executive Officer at Sonatype. “Guide is developer-centric, AI-native, and born in the cloud. It brings discipline and intelligence to AI-assisted development. It empowers teams to move faster and safer by steering AI toward secure, reliable components and automating the tedious dependency work that slows teams down. This is a significant step forward for the industry and for our customers.”

Protecting Developers in the AI Era

Sonatype Guide integrates directly with popular AI coding assistants — including GitHub Copilot, Google Antigravity, Claude Code, Windsurf, IntelliJ with Junie, Kiro from AWS, and Cursor — so organizations can keep their existing workflows while upgrading the quality and security of the dependencies pulled in. Guide is powered by Sonatype’s market-leading open source intelligence, already trusted by more than 15 million developers around the world. Core features of Guide include: 

  • MCP Server for AI Coding Assistants: As a high-speed middleware layer between AI coding assistants and Sonatype intelligence, the MCP server intercepts package recommendations in real time — instantly guiding developers to secure, reliable versions before code reaches the repo. It turbocharges development and delivers the ultimate shift-left by optimizing component choices in real-time.

  • Enhanced Open Source Software (OSS) Search for Instant Decisions: A modern search experience that instantly surfaces the lowest-effort, highest-impact fixes and upgrade choices — giving developers fast insight into component health, security risks, and recommended alternatives.

  • Enterprise Grade API: Access to the Nexus One Platform API — including the Sonatype OSSI Index API format — delivers complete, unrestricted, and backward-compatible access to the reliable data your systems and integrations already depend on.

“Developers love the speed AI coding assistants unlock, but they’re also the ones stuck untangling bad package recommendations or chasing down dependency issues later,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. “Guide gives developers the help they actually want — real-time intelligence that steers AI toward secure, well-maintained components and cuts out hours of research and rework. It means fewer interruptions, cleaner code from the start, and more time spent building the things that matter.”

Guide is built on Sonatype Intelligence — the industry’s most trusted source of real-time data on open source quality, security, and project health. Drawing on decades of expert curation and analysis, it identifies vulnerabilities, deprecations, and malicious packages long before they spread. By embedding this intelligence directly into AI workflows, Guide ensures developers make safe, informed decisions from the start.

For more information about Sonatype Guide, visit https://www.sonatype.com/products/sonatype-guide. Get started free today at  https://guide.sonatype.com/register

Sonatype Guide and all Sonatype solutions are available in UK through Simple IT Distribution LTD, Sonatype Partner in the UK.

 

About Simple IT Distribution LTD

Simple IT Distribution LTD is backed by 10 years of experience in Value Added IT Distribution. What sets us apart from the crowd is our customer-centric approach, the quality services (consulting, implementation, training, support), and the people behind them, which are experienced and certified proffessionals. We provide sales and technical advice and deliver the solutions that best meed our customers' diverse technology needs. Our partners are hand-picked from the top vendors, and we back up their solutions with certified professionals, to give you nothing but the best.

For more information, please visit www.simpleit-distribution.co.uk .