Black Duck has expanded its software composition analysis (SCA) capabilities to include AI model scanning, helping organisations gain visibility into the growing use of open-source AI models embedded in enterprise software.
With the release of version 2025.10.0, the company’s new AI Model Risk Insights capability allows teams to identify and analyse AI models used within applications, including details about their versions, datasets, and licensing. As businesses increasingly turn to AI to accelerate innovation, the feature aims to address mounting challenges around transparency, compliance, and risk management.
The new tool detects models sourced from repositories such as Hugging Face, even if they are hidden or not declared in build manifests. It displays metadata, such as model cards and training data, helping teams assess potential risks associated with licensing or data provenance. The feature also supports emerging governance requirements under frameworks such as the EU AI Act and the U.S. Executive Order on AI, providing audit-ready reports to simplify compliance.
“With the introduction of AI model scanning, Black Duck SCA is setting a new standard for software composition analysis,” said Jason Schmitt, CEO at Black Duck. “This innovation directly addresses the emerging security challenges of AI adoption, empowering companies to confidently integrate AI models securely while maintaining compliance and regulatory adherence. The capabilities now available through AI Model Risk Insights also represent a significant leap forward in Black Duck’s mission to help companies build and deliver secure and compliant software.”
The AI Model Risk Insights capability integrates seamlessly into existing Black Duck workflows through CodePrint scanning and the BOM Engine, ensuring minimal setup for users. Available as a licensed feature, it marks another step in Black Duck’s mission to help development teams manage risk across the evolving software supply chain.
The post Black Duck SCA Adds AI Model Scanning to Strengthen Software Supply Chain Security appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
