Backslash Security introduced its Fix Simulation and AI-powered Attack Path Remediation capabilities.
Mend.io announced the launch of Mend AI, a new tool designed to identify, track, and secure AI models and AI-generated code.
Developers can now quickly and easily access pre-trained AI models through platforms like Hugging Face, and AI-generated functions and programs through large language models (LLMs). However, security has not kept pace, and organizations are still assessing how to include AI components in their software in a way that is secure, safe, and compliant with emerging legal and regulatory concerns.
"As with open-source components, the first thing organizations must know is what is present in their code bases," said Rami Sass, co-founder and CEO, Mend.io. "Mend AI can identify and provide information—including license, version, and any security notices—for all 350,000 AI models indexed on Hugging Face, the world's most popular open source AI library and community."
Mend AI also provides increased transparency into applications with advanced bill of materials support for AI models. The AI-BOM provides a holistic view of the direct, transitive, and artificial intelligence components and dependencies used in an application. Moreover, Mend AI enhances Mend SCA, the gold-standard software composition analysis tool, to cover the AI-based portion of the modern software supply chain.
Using these insights, security and compliance teams can keep track of AI usage in their code base, ensure the latest and most secure versions of AI models are being used, and make informed policy and governance decisions for their organizations. As AI technology and vulnerability tracking frameworks emerge and mature, the company will continue to evolve Mend AI, along with its other products, to meet emerging application security challenges.
Industry News
Check Point® Software Technologies Ltd. announced the appointment of Nadav Zafrir as Check Point Chief Executive Officer.
Sonatype announced that Sonatype SBOM Manager, its Enterprise-Class Software Bill of Materials (SBOM) solution, and its artifact repository manager, Nexus Repository, are now available in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
Broadcom unveiled the latest updates to VMware Cloud Foundation (VCF), the company’s flagship private cloud platform.
CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists.
Zesty announced the launch of its Insights and Automation Platform.
Progress announced the availability of Progress® MarkLogic® FastTrack™, a UI toolkit for building data- and search-driven applications to visually explore complex connected data stored in Progress® MarkLogic® platform.
Snowflake will host the Llama 3.1 collection of multilingual open source large language models (LLMs) in Snowflake Cortex AI for enterprises to easily harness and build powerful AI applications at scale.
Secure Code Warrior announced the availability of SCW Trust Agent – a solution that assesses the specific security competencies of developers for every code commit.
GFT launched AI Impact, a new solution that leverages artificial intelligence to eliminate technical debt, increase developer efficiency and automate critical software development processes.
Code Metal announced a $13M seed, led by Shield Capital.
Atlassian Corporation has achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status and is now listed on the FedRAMP marketplace.
Check Point® Software Technologies Ltd. announced that it has received a Leader ranking in The Forrester Wave™: Mobile Threat Defense Solutions, Q3 2024 report.
Mission Cloud announced the launch of Mission Cloud Engagements - DevOps, a platform designed to transform how businesses manage and execute their AWS DevOps projects.
Accelario announces the release of its free TDM solution, including database virtualization and data anonymization.