Sonatype launches AI tool to secure open source tech use

Today

Sonatype has announced the release of AI Software Composition Analysis (AI SCA) capabilities designed to ensure the responsible use of open source AI technologies within the enterprise sector.

The new AI SCA solution aims to enhance the security, management, and optimisation of AI and machine learning (ML) models across both development and deployment stages. According to Sonatype, the demand for open source AI/ML solutions is increasing, with the company identifying over 300,000 models across customer software supply chains in the past year.

Sonatype's AI SCA capabilities focus on addressing security, compliance, and governance challenges associated with the adoption of AI technologies, challenges that mirror those previously encountered with open source software. The company provides a suite of services, including proactive AI threat detection, which prevents malicious AI models from entering development spaces.

This solution also offers centralised AI model governance through Nexus Repository's Hugging Face proxy support, allowing development teams to manage AI/ML models within existing DevOps workflows efficiently. Additionally, it includes automated AI policy management, enabling the enforcement of security and compliance policies across AI model usage.

Mitchell Johnson, Sonatype's Chief Product Development Officer, highlighted the significance of this development: "No one knows open source like Sonatype, and AI is the next frontier. Just as we revolutionised open source security, we are now doing the same for AI. We are the first company to address the entire AI/ML supply chain - giving enterprises and developers the confidence to deliver AI-powered solutions without compromising security, compliance, or velocity. By integrating seamlessly into existing DevOps workflows, we ensure developers can innovate freely while staying secure."

The solution also bets on unmatched AI observability and compliance. Sonatype promises full visibility into AI/ML model utilisation, which aims to enhance AI/ML security and defence strategies and streamline both first- and third-party software evaluations, allowing enterprises to expand their AI capabilities safely.

Brian Fox, Co-founder and Chief Technology Officer at Sonatype, remarked on the industry's direction: "It has never been easier for organisations to integrate open source AI models into software, but with open source AI consumption comes the same risk facing users of traditional open source. It is imperative that we, as an industry, secure their use now in order to prevent unmanageable security workloads in the future. We are proud to offer developers and security teams an end-to-end platform that provides the visibility and governance capabilities needed to use AI models safely, setting organisations up for easy and efficient long-term security."

Sonatype has been recognised for its contributions to software supply chain security. As noted in 'The Forrester Wave: Software Composition Analysis (SCA) Software, Q4 2024 report', these new AI capabilities have propelled Sonatype forward in both the software supply chain and generative AI (genAI) SCA categories, earning the company top marks in AI component analysis.

Sonatype's AI SCA offering is designed to support enterprises in securely integrating AI models into development workflows, ensuring that the adoption of AI technologies does not compromise security standards. Sonatype continues to expand its platform to meet the evolving needs of organisations leveraging AI-driven solutions.

Share on: