AI
AI
AI
Sonatype adds new tools to secure open-source AI and ML models in software supply chains
Software supply chain management firm Sonatype Inc. today announced new capabilities to help organizations securely integrate, manage and govern open-source artificial intelligence and machine learning models through the software development lifecycle, as well as data training and deployment processes.
The new capabilities seek to address the challenges arising from the growing use of open-source AI and machine learning models within customer software supply chains. Sonatype argues that the same challenges that apply to traditional open-source software consumption, including dependency management and open-source malware, also apply to AI, machine learning and large language models.
To manage open-source AI and machine learning usage in software supply chains, Sonatype now provides proactive defense against malicious AI models. The platform blocks harmful models from entering repositories before they can cause damage, helping teams maintain a secure development environment.
Sonatype also offers centralized access to AI and machine learning models through Hugging Face proxy repositories to allow development teams to efficiently store and manage models as part of their modern DevOps workflows.
On the policy management front, Sonatype now enables organizations to detect AI and machine learning components and scan Hugging Face models while setting usage policies. Doing so gives developers the flexibility to select safe, compliant models with full visibility into how they are used.
Additionally, Sonatype now delivers enterprise-grade observability and compliance for AI and machine learning models to strengthen security strategies and help organizations stay aligned with global regulations as AI adoption grows.
“It has never been easier for organizations to integrate open-source AI models into software,” said Brian Fox, co-founder and chief technology officer at Sonatype. “But with open source, AI consumption comes the same risk facing users of traditional open source.”
Fox, along with Tyler Warden, senior vice president of product at Sonatype, spoke with theCUBE, SiliconANGLE Media’s livestream studio, in March 2024, when they discussed the company’s approach to the software lifecycle and bill of materials.
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
