DEVOPSdigest

Mend.io announced the launch of Mend AI, a new tool designed to identify, track, and secure AI models and AI-generated code.

Developers can now quickly and easily access pre-trained AI models through platforms like Hugging Face, and AI-generated functions and programs through large language models (LLMs). However, security has not kept pace, and organizations are still assessing how to include AI components in their software in a way that is secure, safe, and compliant with emerging legal and regulatory concerns.

"As with open-source components, the first thing organizations must know is what is present in their code bases," said Rami Sass, co-founder and CEO, Mend.io. "Mend AI can identify and provide information—including license, version, and any security notices—for all 350,000 AI models indexed on Hugging Face, the world's most popular open source AI library and community."

Mend AI also provides increased transparency into applications with advanced bill of materials support for AI models. The AI-BOM provides a holistic view of the direct, transitive, and artificial intelligence components and dependencies used in an application. Moreover, Mend AI enhances Mend SCA, the gold-standard software composition analysis tool, to cover the AI-based portion of the modern software supply chain.

Using these insights, security and compliance teams can keep track of AI usage in their code base, ensure the latest and most secure versions of AI models are being used, and make informed policy and governance decisions for their organizations. As AI technology and vulnerability tracking frameworks emerge and mature, the company will continue to evolve Mend AI, along with its other products, to meet emerging application security challenges.