Black Duck, a leading provider of application security solutions, has announced that its Software Composition Analysis (SCA) tool can now identify and analyze open source AI models. This new capability, starting with the 2025.10.0 release, addresses the critical need for enterprises to manage the security, licensing, and compliance risks associated with AI models integrated into their software.
Quick Intel
Black Duck SCA now identifies and analyzes open source AI models like those from Hugging Face.
It uses proprietary CodePrint scanning to detect models even if they are hidden or obfuscated.
The feature provides visibility into model licenses, versions, and training data origins.
It helps ensure compliance with regulations like the EU AI Act and U.S. Executive Order on AI.
A dedicated UI screen displays model-specific metadata, including model cards.
The capability is designed to integrate seamlessly into existing Black Duck workflows.
Gaining Critical Visibility into AI Model Usage
As companies rapidly adopt AI, they often lack visibility into the models being used within their applications. Black Duck's new AI Model Risk Insights capability solves this by providing comprehensive visibility into AI model usage, including versions and datasets. It can detect models from repositories like Hugging Face even if they are not declared in build manifests or have been intentionally obfuscated, ensuring a complete understanding of the AI model landscape.
Ensuring License Compliance and Regulatory Adherence
A significant part of the new feature is focused on governance and compliance. It identifies model licenses to help ensure projects adhere to their requirements. Furthermore, it is designed to help companies meet emerging regulatory standards like the EU AI Act and the U.S. Executive Order on AI by providing audit-ready reports on AI components, thereby simplifying compliance and reducing legal exposure.
A Seamless and Forward-Looking Integration
The AI model scanning is built to leverage Black Duck's existing CodePrint scanning and BOM (Bill of Materials) Engine, requiring minimal setup and causing no disruption to established workflows. This positions customers to meet future AI security requirements effortlessly. As Jason Schmitt, CEO at Black Duck, stated, "This innovation directly addresses the emerging security challenges of AI adoption, empowering companies to confidently integrate AI models securely while maintaining compliance and regulatory adherence."
The introduction of AI model scanning marks a pivotal expansion of software composition analysis into the new frontier of AI. By providing the tools to manage the unique risks of open source AI models, Black Duck is enabling organizations to innovate with confidence, ensuring their use of AI is both secure and compliant from the very beginning.
About Black Duck
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.