Innovative new tool identifies, tracks, and secures AI models and AI-generated code
TEL AVIV, Israel and BOSTON, March 4, 2024 – Mend.io, a leader in application security, today announced the launch of Mend AI, a new tool designed to identify, track, and secure AI models and AI-generated code.
While AI holds enormous potential to spur rapid and innovative software development, using AI in a responsible and secure manner has become a top concern for governments and businesses alike. Developers can now quickly and easily access pre-trained AI models through platforms like Hugging Face, and AI-generated functions and programs through large language models (LLMs). However, security has not kept pace, and organizations are still figuring out how to include AI components in their software in a way that is secure, safe, and compliant with emerging legal and regulatory concerns.
“As with open source components, the first thing organizations need to know is what is present in their codebase,” says Rami Sass, co-founder and CEO, Mend.io. “Mend AI can identify and provide information – including license, version, and any security notices – for all 350,000 AI models indexed on Hugging Face, the world’s most popular open source AI library and community.”
With these insights, security and compliance teams can keep track of AI usage in their codebase, ensure the latest and most secure versions of AI models are being used, and make informed policy and governance decisions for their organizations.
We are continuing to develop new features in collaboration with our customers, including:
- Identification of AI-generated code snippets and their source
- An AI Bill of Materials (AI-BOM) that gives a holistic inventory of all AI components and models
- Gender bias detection to deflect potential legal issues and foster inclusion
Mend AI enhances Mend SCA, our gold-standard software composition analysis tool, to cover the AI-based portion of the modern software supply chain. As AI technology and vulnerability tracking frameworks emerge and mature, we will continue to evolve Mend AI, along with our other products, to meet the challenges of modern application security.
For more information, see Mend AI.
About Mend.io
Trusted by the world’s leading companies, including IBM, Google, and Capital One, Mend.io’s enterprise suite of application security tools is designed to help you build and manage a mature, proactive AppSec program.
Mend understands the different AppSec requirements of developers and security teams. Unlike other AppSec solutions that force everyone to use a single tool, Mend helps them work in harmony by giving each team different, but complementary, tools—enabling them to stop chasing vulnerabilities and start proactively managing application risk.