Industry News
Industry News

Black Duck expands SCA with AI Model Risk Insights to deliver visibility into AI model usage

Black Duck revealed that Black Duck SCA can now identify and analyze AI models, starting with the 2025.10.0 release. This capability addresses the need for enterprises to gain visibility into the usage, licensing and data origins of open source AI models integrated into their software development processes.

As companies increasingly leverage AI models to drive innovation, they face challenges in managing these complex components. Black Duck’s AI Model Risk Insights capability provides comprehensive visibility into AI model usage across applications, including versions and datasets, even if they are hidden or modified. This ensures that companies have a complete understanding of their AI model landscape, enabling them to enforce their AI policies with confidence.

Key features and benefits

  • AI model identification and codeprint scanning detects models from repositories like Hugging Face, even if they are not declared in build manifests or are intentionally obfuscated. This feature utilizes proprietary, signature-based scanning to accurately identify model type and version.
  • License compliance and metadata display identifies model licenses to help ensure compliance with project requirements. This feature introduces a dedicated UI screen displaying model-specific metadata, including model cards and training data insights.
  • Seamless integration and scalability leverages Code Print scanning and BOM Engine for minimal setup in existing Black Duck workflows. This positions customers for future AI security requirements without workflow disruption.
  • Regulatory compliance and governance helps meet emerging standards like the EU AI Act, the U.S. Executive Order on AI, and industry-specific guidelines. This provides audit-ready reports on AI components, simplifying compliance audits and reducing legal exposure.

“With the introduction of AI model scanning, Black Duck SCA is setting a new standard for software composition analysis,” said Jason Schmitt, CEO at Black Duck. “This innovation directly addresses the emerging security challenges of AI adoption, empowering companies to confidently integrate AI models securely while maintaining compliance and regulatory adherence. The capabilities now available through AI Model Risk Insights also represent a significant leap forward in Black Duck’s mission to help companies build and deliver secure and compliant software.”

More about

Featured news

Resources

Don't miss