The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, and Synadia announced that the NATS project will continue to thrive in the cloud native open source ecosystem of the CNCF with Synadia’s continued support and involvement.
JFrog is partnering with Hugging Face, host of a repository of public machine learning (ML) models — the Hugging Face Hub — designed to achieve more robust security scans and analysis forevery ML model in their library.
The new integration is designed to provide higher levels of trust for scanning results by prominently displaying a “JFrog Certified” checkmark, so developers, data scientists, and ML Engineers know which models are safer to use.
“As ML models become integral to critical business applications, ensuring these models are secure is crucial for preventing breaches, data leaks, and decision-making errors,” said Asaf Karas, CTO of JFrog Security. “We’ve been working with Hugging Face since 2023 to help securely bring ML Models to production. We also found intentionally malicious models in Hugging Face in early 2024, which prompted us to dedicate more of our security experts to help scan and assess the well-being of all Hugging Face models to ensure they are safe for use in AI application development.”
JFrog Xray and JFrog Advanced Security – key components of the JFrog Software Supply Chain Platform – are designed to scan AI/ML model artifacts for threats at every stage of their lifecycle. These threats include model serialization attacks, known CVEs, backdoors, and more. Now Hugging Face will utilize JFrog Advanced Security scans in its Hugging Face Hub, allowing each model contained within the platform to be scanned in advance of being downloaded for use. The results of each scan will be prominently displayed for all users to see.
This new advanced security integration between Hugging Face and JFrog differs from existing ML model scanners due to JFrog’s malicious code decompilation and deep data flow analysis. While existing solutions simply check for automatically-executed code embedded in a model, JFrog’s model scanner uses an enhanced approach to extract and analyze the embedded code which eliminates more than 96% of false positives produced by other scanners on current Hugging Face models.
In addition, JFrog’s enhanced analysis highlighted 25 models as zero-day malicious in nature. These are machine learning models hosted in Hugging Face which were not identified as malicious by any other scanner available for Hugging Face based on our evaluation.
“For a long time, AI was a researcher’s field, and the security practices were quite basic, but as the popularity and widespread use of AI grows, so do the number of potentially bad actors who may want to target the AI community in general and our platform more specifically,” said Julien Chaumond, CTO, Hugging Face. “As the leading collaboration platform for AI models, we’re delighted to deepen our partnership with JFrog to implement high-quality scanning capabilities for our AI/ML models and deliver greater peace of mind for developers looking to create the next generation of AI-powered applications.”
Industry News
RapDev announced the launch of Arlo, an AI Agent for ServiceNow designed to transform how enterprises manage operational workflows, risk, and service delivery.
Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.
Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.
Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.
Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.
Check Point® Software Technologies Ltd.(link is external) launched its inaugural AI Security Report(link is external) at RSA Conference 2025.
Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.
Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.
vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.
Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.
Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.
Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.
SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.