Black Duck®, a leader in application security, announced a big upgrade to its Software Composition Analysis platform. This update adds AI Model Risk Insights. It helps organizations find and analyze open-source AI models in their applications. This feature in the 2025.10.0 release helps businesses meet the growing need for transparency, governance, and compliance in AI-driven software development.
While AI is being adopted faster across industries, a lot of organizations find it hard to track the models embedded in the code, especially those sourced from public repositories or variants of any previous framework. AI Model Risk Insights is a new feature that gives comprehensive visibility into how AI models are used-from versioning and licensing to data origins-to help companies enforce their AI governance policies and ensure compliance with emerging global standards.
“With the introduction of AI model scanning, Black Duck SCA is setting a new standard for software composition analysis,” said Jason Schmitt, CEO at Black Duck. “This innovation directly addresses the emerging security challenges of AI adoption, enabling companies to confidently integrate AI models securely while maintaining compliance and regulatory adherence.”
Also Read: Cerebras Systems Unveils ‘Cerebras for Nations’ to Power Global Sovereign AI Initiatives
Important changes released with this version include:
AI Model Identification and CodePrint Scanning, which detects models from sources like Hugging Face—even if hidden or modified.
License Compliance and Metadata Display: This provides model-specific details such as licenses, model cards, and training datasets.
It integrates easily and scales well with existing Black Duck workflows.
Regulatory Compliance: Supports regulations like the EU AI Act and the U.S. Executive Order on AI.
AI Model Risk Insights is an add-on that enhances Black Duck‘s SCA solutions. It adapts to the evolving software and AI landscape. This helps businesses build, deploy, and maintain secure, compliant, and trustworthy AI applications.