#None #Burlington #software security #Black Duck #AI Models

Black Duck SCA Introduces Enhanced AI Model Risk Scanning

In a groundbreaking move for software security, Black Duck®, a recognized leader in application security solutions, has announced the launch of its AI Model Risk Insights feature as part of the recent Black Duck® SCA 2025.10.0 release. This vital capability enables organizations to effectively identify and scrutinize the AI models embedded within their software development workflows.

As businesses increasingly harness the power of artificial intelligence, they often grapple with the complexities associated with managing these sophisticated models. The newly launched AI Model Risk Insights offers organizations comprehensive visibility into their usage, encompassing not just models but also the associated versions and datasets. This becomes especially crucial when dealing with models that may be obscure or subject to modifications, as it empowers companies to enforce their AI governance policies with confidence.

Key Features of AI Model Risk Insights

Black Duck SCA has integrated several advanced features within the AI Model Risk Insights to address the growing security challenges:

1. AI Model Identification and CodePrint Scanning: This innovative function detects AI models sourced from repositories like Hugging Face, even when such information is not indicated in build manifests or is purposely concealed. Utilizing a proprietary, signature-based scanning method, this feature accurately identifies the type and version of each model.

2. License Compliance and Metadata Display: To ensure adherence to licensing requirements, this feature identifies model licenses and presents a dedicated user interface displaying essential metadata related to each model. This includes model cards and insights into the training data utilized.

3. Seamless Integration and Scalability: Organizations can effortlessly incorporate the CodePrint scanning and BOM Engine capabilities into their existing Black Duck workflows. This feature guarantees a streamlined setup, allowing customers to prepare for future AI security demands with minimal disruption.

4. Regulatory Compliance and Governance: As various regions begin to enforce legislation around AI, including the EU AI Act and the U.S. Executive Order on AI, Black Duck's new feature aids organizations in achieving compliance. It simplifies the audit process by generating reports on AI components, thus reducing legal risks.

Jason Schmitt, CEO of Black Duck, emphasized the significance of this release, stating, "With the introduction of AI model scanning, Black Duck SCA is setting a new standard for software composition analysis. This innovation directly addresses the emerging security challenges of AI adoption, empowering companies to confidently integrate AI models securely while maintaining compliance and regulatory adherence."

AI Model Risk Insights is now available as a licensed feature and underscores Black Duck's dedication to advancing its Software Composition Analysis capabilities, perfectly aligned with the dynamic needs of contemporary software development teams.

For more insights into Black Duck SCA and its cutting-edge AI model scanning capabilities, visit Black Duck's website. This rollout not only strengthens an organization’s security posture but also helps in navigating the complexities of AI governance and compliance effectively.

Conclusion

In an era where AI is a cornerstone of innovation, Black Duck SCA stands out by offering a solution that addresses the critical need for transparency, identification, and compliance in AI model usage. This development marks a significant step toward safeguarding the future of software development, ensuring that organizations can confidently embrace AI technologies while mitigating associated risks.