The rapid, decentralized adoption of AI tools by developers has created a significant security challenge known as "Shadow AI," leaving security teams with little visibility or control over the new risks being introduced. To address this, Cycode, the leader in AI-native application security, has announced its AI and machine learning (ML) Inventory and AI Bill of Materials (AIBOM) solutions. These new capabilities are designed to provide organizations with the critical visibility needed to discover, govern, and secure the use of AI and ML components across the entire software development lifecycle (SDLC).
Cycode launches AI & ML Inventory and AI Bill of Materials (AIBOM) to combat "Shadow AI."
The solutions discover all AI tools, models, and infrastructure used across the SDLC.
Security teams can enforce policies, like allow-listing approved AI models.
The AIBOM automates compliance reporting for regulatory and customer inquiries.
This completes Cycode's platform for securing both AI-generated and human-written code.
The goal is to eliminate the blind spot created by developers' rapid AI adoption.
The core problem Cycode's new solutions tackle is the invisible and ungoverned ecosystem of AI tools that developers are using. The AI & ML Inventory acts as a single source of truth, automatically discovering when developers use AI coding assistants, connect to Model Context Protocol (MCP) servers, or integrate new AI models. Powered by Cycode's Risk Intelligence Graph (RIG), it traces every AI asset back to its source code repository, providing security teams with the deep context they have been lacking.
Beyond discovery, the platform enables proactive governance. Security teams can define and enforce custom policies, such as creating an allow-list of approved AI technologies. The system will automatically flag any tool that violates these policies, providing developers with clear guardrails for responsible innovation. Furthermore, the platform facilitates the creation of a dynamic AI Bill of Materials (AIBOM), an up-to-date manifest of all AI components that dramatically simplifies governance, compliance, and risk reporting for leadership and auditors.
The new AI & ML Inventory and AIBOM are integral components of Cycode's broader AI-Native Application Security Platform. This launch completes a comprehensive solution that secures the entire AI development process. The platform's capabilities now encompass securing AI-generated code by augmenting coding assistants with context, governing AI tool usage with the new inventory, and leveraging AI-for-security to help teams prioritize and remediate high-risk vulnerabilities faster.
"The AI coding revolution has created a massive blind spot for security teams. We were already battling an overwhelming tide of alerts, and now we face an invisible ecosystem of AI tools that is creating the next wave of risk," said Lior Levy, CEO and Co-founder of Cycode. "It's no longer sufficient to just find vulnerabilities in AI-generated code. Organizations must have complete visibility and governance over the entire AI toolchain. This launch is a critical next step in our mission to secure AI development from prompt to production."
Cycode's AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter.
Powered by proprietary scanners, third-party integrations, and the Risk Intelligence Graph (RIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.