Sonatype Launches Guide for Faster, More Secure AI Coding

Sonatype, a provider of AI-driven DevSecOps, has unveiled Sonatype Guide — a new developer tool that makes AI-assisted software development faster, safer, and more efficient. 

The new solution aims to address the security and efficiency issues that arise when developers rely on AI coding assistants trained on outdated public data.

Fostering clean and secure AI coding

According to Sonatype, Sonatype Guide helps developers reap the productivity and speed benefits of AI coding assistants while closing the gaps introduced by models trained on aging public datasets.

“AI coding assistants are helping developers move faster, but because AI models are trained on public data that may be months or years out of date, they frequently recommend vulnerable, low-quality, or even imagined packages,” the company said in an official press release.

Sonatype Guide integrations include GitHub Copilot, Claude Code and many more

Guide integrates with popular AI coding assistants, including GitHub Copilot, Google Antigravity, Claude Code, Windsurf, and Cursor, and is powered by Sonatype’s open source intelligence. 

Key capabilities include:

• MCP Server for AI Coding Assistants: As a high-speed middleware layer between AI coding assistants and Sonatype intelligence, the MCP server intercepts package recommendations in real time — instantly guiding developers to secure, reliable versions before code reaches the repo.
• Enhanced Open Source Software (OSS) Search for Instant Decisions: A modern search experience that instantly surfaces the lowest-effort, highest-impact fixes and upgrade choices.
• Enterprise Grade API:  Access to the Nexus One Platform API, including the Sonatype OSSI Index API format, which delivers complete, unrestricted, and backward-compatible access to reliable data.

“Developers love the speed AI coding assistants unlock, but they’re also the ones stuck untangling bad package recommendations or chasing down dependency issues later,” said Mitchell Johnson, chief product development officer at Sonatype. 

“Guide gives developers the help they actually want — real-time intelligence that steers AI toward secure, well-maintained components and cuts out hours of research and rework. It means fewer interruptions, cleaner code from the start, and more time spent building the things that matter.” Johnson added.

Sonatype research backs AI coding concerns over hallucinations

Alongside the product launch, Sonatype shared early findings from an upcoming study on generative AI coding assistants.

According to Sonatype research, leading LLMs used in today’s coding assistants hallucinate software packages up to 27 percent of the time. In practice, this means many models attempt to build or update applications using nonexistent or potentially malicious open-source components.

Sonatype warns that these hallucinations can create rework for development teams, burn LLM tokens, and introduce unnecessary security risks. 

Why Sonatype believes it has the answer to hallucinations

On the flipside, enterprises using Sonatype Guide achieved more than a 300 percent improvement in security outcomes while reducing total security remediation and dependency-upgrade costs by over 5x compared to the leading competitive strategy.

These results came from the same component sample, in which Sonatype produced zero hallucinated versions, delivering fully accurate upgrade guidance.

“Every organization wants to harness the productivity of AI, but they can’t afford to compromise security or long-term maintainability,” said Bhagwat Swaroop, chief executive officer at Sonatype. 

“Guide brings discipline and intelligence to AI-assisted development. It empowers teams to move faster and safer by steering AI toward secure, reliable components and automating the tedious dependency work that slows teams down. This is a significant step forward for the industry and for our customers,” he continued.