SECURITY
SECURITY
SECURITY
Black Duck introduces AI model scanning to tackle hidden and obfuscated AI components
Application security solutions provider Black Duck Software Inc. today announced the that it has added artificial intelligence model risk scanning to its Software Composition Analysis platform.
The capability to identify and analyze AI models, introduced in the company’s 2025.10.0 release, has been designed to address the growing need for enterprises to gain visibility into the usage, licensing and data origins of open-source AI models integrated into their software development processes.
Black Duck argues that as companies increasingly leverage AI models to drive innovation, they face significant challenges in managing the complex components. The new AI Model Risk Insights capability provides visibility into model usage across applications, including versions and datasets, even if they’re hidden or modified, to ensure that companies have a complete understanding of their AI model landscape.
Key features include AI model identification and CodePrint scanning that detects models from repositories like Hugging Face, even if they are not declared in build manifests or are intentionally obfuscated. CodePrint scanning is a technology developed by Black Duck that creates a unique “fingerprint” or signature of code and digital assets, similar to how a hash identifies a file, to detect known components, including open-source libraries.
License compliance and metadata display identifies model licenses to help ensure compliance with project requirements and includes a dedicated user interface screen that displays model-specific metadata, including model cards and training data insights.
The new scanning feature also supports integration and scalability that leverages CodePrint scanning and a Bill of Materials Engine for minimal setup in existing Black Duck workflows. In addition, it has regulatory compliance and governance covered with support for emerging standards like the European Union AI Act, the U.S. Executive Order on AI, and industry-specific guidelines.
“This innovation directly addresses the emerging security challenges of AI adoption, empowering companies to confidently integrate AI models securely while maintaining compliance and regulatory adherence,” said Chief Executive Jason Schmitt. “The capabilities now available through AI Model Risk Insights also represent a significant leap forward in Black Duck’s mission to help companies build and deliver secure and compliant software.”
AI Model Risk Insights is available as a new licensed feature within the Black Duck SCA platform.
Image: Black Duck
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
