_(2).jpg)
JFrog Ltd., the Liquid Software company, has announced a significant expansion of its AI governance capabilities with the introduction of Shadow AI Detection. This new feature, unveiled at JFrog swampUP Europe, is designed to give enterprises critical visibility and control over the unmanaged use of AI models and APIs, addressing a major security and compliance blind spot known as "Shadow AI" within the software supply chain.
JFrog introduces Shadow AI Detection to manage risks from ungoverned AI use.
It automatically discovers internal AI models and external API gateways.
The tool helps enforce security policies and track usage of services like OpenAI.
It addresses compliance with regulations like the EU AI Act and US Frontier AI Act.
Shadow AI creates risks for data leaks, compliance violations, and supply chain attacks.
The capability is part of JFrog AI Catalog, with GA planned for 2025.
The rapid, often unmanaged integration of AI into development pipelines has created a substantial governance challenge. Developers frequently integrate AI models and services from providers like Anthropic, OpenAI, and Google without organizational oversight. This "Shadow AI" creates dangerous blind spots, leaving enterprises vulnerable to compliance violations, data leaks, and sophisticated supply chain attacks due to a lack of transparency and control.
JFrog's new capability is designed to automatically detect and create a comprehensive inventory of all internal AI models and external API gateways used across an organization. This discovery provides the foundational visibility needed for centralized governance. Once these assets are visible, security and development teams can enforce security and compliance policies across all AI assets, establish defined, auditable paths for accessing third-party AI services, and track and monitor usage of external models and APIs.
The need for such a tool is driven by an increasing number of global regulations focusing on AI security and transparency. JFrog's Shadow AI Detection is intended to help enterprises uphold compliance with frameworks like the EU AI Act, the US Transparency in Frontier AI Act, and the EU Cyber Resilience Act. These regulations collectively mandate responsible AI development, rigorous risk management, and full visibility into software components to ensure provenance and accountability across the AI supply chain. Yuval Fernbach, VP and CTO of JFrog ML, stated, “Recognizing and mitigating the risks of shadow AI is becoming a critical priority for CIOs and CISOs who must strike a balance between innovating while maintaining security. The addition of Shadow AI Detection capabilities is intended to strengthen JFrog’s leadership in securing the AI supply chain 360-degrees, helping companies utilize AI safely and responsibly.”
By bringing Shadow AI into the light, JFrog provides a critical layer of governance that enables organizations to innovate with AI confidently. This move reinforces the necessity of applying proven software supply chain security principles to the rapidly evolving domain of artificial intelligence, ensuring that security and compliance keep pace with development velocity.
About JFrog
JFrog Ltd., the creators of the unified DevOps, DevSecOps and MLOps platform, is on a mission to create a world of software delivered without friction from developer to production. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely that is available, traceable, and tamper-proof. Integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both SaaS services across major cloud service providers and self-hosted. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.