JFrog Launches Shadow AI Detection to Combat Uncontrolled Enterprise AI Usage

JFrog debuts Shadow AI Detection to expose hidden AI models and API usage - SiliconANGLE

JFrog debuts Shadow AI Detection to expose hidden AI models and API usage Software supply chain management company JFrog Ltd. today announced an expansion of its artificial intelligence governance capabilities within its Software Supply Chain Platform with the introduction of Shadow AI Detection. The new Shadow AI Detection capability, introduced at the JFrog swampUP Europe conference, is designed to give enterprises the visibility and control needed to govern and secure the entire AI supply chain. Coverage includes guarding against uncontrolled use of shadow AI -- AI models and application programming interfaces that can introduce significant security and compliance risks. The offering seeks to assist with the issue whereby the rapid integration of AI across development pipelines has created a major governance challenge for organizations. For example, developers and data science teams frequently integrate AI models and services directly from providers such as Anthropic PBC, OpenAI Group PBC and Google LLC without organizational oversight. JFrog argues that this ungoverned activity creates dangerous blind spots that leave enterprises vulnerable to compliance violations, data leaks and supply chain attacks. The new Shadow AI Detection service helps organizations automatically detect and create an inventory of all internal AI models and external API gateways used across the organization to access data from either approved or ad hoc third-party sources. When the service detects shadow AI, the models and services can be governed centrally, allowing teams to enforce security and compliance policies across all AI assets. Shadow AI Detection also establishes defined paths for authorized users to access and employ third-party AI services to ensure controlled and fully auditable interactions and tracks and monitors usage of external AI models and APIs such as OpenAI or Gemini. "Organizations should follow proven software development practices by creating developer-friendly workflows with strong security and robust governance," said Yuval Fernbach, vice president and chief technology officer of JFrog ML. "The addition of Shadow AI Detection capabilities is intended to strengthen JFrog's leadership in securing the AI supply chain 360-degrees, helping companies utilize AI safely and responsibly."

JFrog Exposes Enterprise AI Blind Spots, Driving Centralized Software Supply Chain Governance

JFrog Ltd. announced an expansion of its AI governance capabilities within the JFrog Software Supply Chain Platform with the introduction of Shadow AI Detection. The new capability, introduced at JFrog swampUP Europe, is designed to equip enterprises with the visibility and control needed to govern and secure the entire AI supply chain, guarding against the uncontrolled use of AI models and APIs, known as Shadow AI, which can introduce significant security and compliance risks. The rapid integration of AI across development pipelines has created a major governance challenge for organizations. For example, developers and data science teams frequently integrate AI models and services directly from providers such as Anthropic, OpenAI, and Google without organizational oversight. This ungoverned activity, often referred to as Shadow AI, creates dangerous blind spots that leave enterprises vulnerable to compliance violations, data leaks, and supply chain attacks. JFrog?s new Shadow AI Detection helps automatically detect and create an inventory of all internal AI models and external API gateways used across the organization to access data from either approved or ad-hoc third-party sources. Once discovered, these newly visible models and services can be governed centrally, empowering teams to: Enforce security and compliance policies across all AI assets. Establish defined paths for authorized users to access and utilize third-party AI services, ensuring controlled and fully auditable interactions. Track and monitor usage of external AI models and APIs such as OpenAI or Gemini. The need for a full audit trail of AI activity is becoming an imperative due to emerging global regulations and security risks. JFrog?s new AI detection capabilities are intended to enable enterprises to uphold compliance and security in line with key frameworks such as the US Transparency in Frontier AI Act, EU Cyber Resilience Act, EU AI Act, Germany?s BSI Guidelines, the EU?s NIS2, and the Guidelines and Companion Guide for Securing AI Systems. Collectively, these regulations aim to deliver provenance, accountability, and establish resilience across the AI and software supply chain by: Ensuring responsible AI development Enforcing rigorous risk management and reporting standards. Mandating visibility into software components. Securing AI systems from design to deployment. JFrog Shadow AI Detection is available as part of JFrog AI Catalog, with a GA release planned in 2025.