Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that support enterprises in harnessing the full potental of AI. Drawing on its expertise in open source governance, Sonatype now extends its platform to protect, manage, and optimise AI/ML models across development and deployment.
As open source AI/ML adoption soars, Sonatype has identified more than 300,000 models within customer software supply chains. However, these models face the same security, compliance, and governance challenges that once faced open-source software adoption.
To enable enterprises with confidently managing open source AI/ML usage in software supply chains, the company provides:
- Proactive AI threat detection: Sonatype blocks intentionally malicious AI models from entering enterprise development environments
- Centralised AI model governance: with Nexus Repository’s Hugging Face proxy support, development teams can efficiently store, manage, and govern AI/ML models within existing DevOps workflows
- Automated AI policy management: Sonatype enables organisations to enforce security and compliance policies across AI model usage
- Unmatched AI observability and compliance: Sonatype provides full visibility into AI/ML model consumption, strengthening AI/ML security and defense strategies and streamlining first- and third-party software evaluation so enterprises can scale AI safely
“No one knows open source like Sonatype, and AI is the next frontier. Just as we revolutionised open source security, we are now doing the same for AI,” said Mitchell Johnson, Chief Product Development Officer, Sonatype. “We are the first company to address the entire AI/ML supply chain — giving enterprises and developers the confidence to deliver AI-powered solutions without compromising security, compliance, or velocity. By integrating seamlessly into existing DevOps workflows, we ensure developers can innovate freely while staying secure.”
“It has never been easier for organisations to integrate open source AI models into software, but with open source AI consumption comes the same risk facing users of traditional open source. It is imperative that we, as an industry, secure their use now in order to prevent unmanageable security workloads in the future,” added Brian Fox, Co-founder and CTO, Sonatype. “We are proud to offer developers and security teams an end-to-end platform that provides the visibility and governance capabilities needed to use AI models safely, setting organisations up for easy and efficient long-term security.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.