Black Duck has introduced a new AI model scanning feature that uncovers hidden, modified and obfuscated open source AI components, giving enterprises clarity on provenance, licensing and regulatory compliance.
Black Duck Software Inc. has introduced AI Model Risk Insights, an AI model risk-scanning capability added to its Software Composition Analysis (SCA) platform as part of the 2025.10.0 release. The feature brings precise visibility into how open-source AI models are used across enterprise software, addressing growing concerns around opaque model origins, unclear licensing and hidden integrations.
At the centre of the update is the ability to detect and analyse open source AI models from repositories such as Hugging Face, even when they are not declared in manifests or have been modified, hidden or deliberately obfuscated. This focuses on a critical need for enterprises that increasingly rely on AI models but face complexity in managing model components, validating licenses and tracing underlying datasets.
The new capability includes AI model identification with version and dataset tracking, along with CodePrint scanning—Black Duck’s proprietary fingerprinting technology. CodePrint identifies code, digital assets, open-source libraries and AI models even when components are undocumented or altered. The platform also introduces licence compliance and metadata visibility through a dedicated interface showing model cards and training-data insights.
AI Model Risk Insights integrates seamlessly with existing SCA workflows, supported by the Bill of Materials Engine for minimal setup. It also aligns with regulatory frameworks including the EU AI Act, the U.S. Executive Order on AI and industry-specific governance standards.
“This innovation directly addresses the emerging security challenges of AI adoption, empowering companies to confidently integrate AI models securely while maintaining compliance and regulatory adherence,” said Chief Executive Jason Schmitt. “The capabilities now available through AI Model Risk Insights also represent a significant leap forward in Black Duck’s mission to help companies build and deliver secure and compliant software.”
AI Model Risk Insights is available as a licensed feature within the Black Duck SCA platform.
