Mike Vizard examines how JFrog’s new AI code detection and governance features empower DevSecOps teams to enhance software supply chain security and manage risks from AI-generated code.

JFrog Adds AI-Generated Code Detection to Secure Software Supply Chains

JFrog has released two major additions to its platform—AI-Generated Code Detection and Shadow AI Detection. These tools are designed to give DevSecOps teams greater visibility and control over the adoption of AI-driven coding tools within their development pipelines.

Key Features

  • AI-Generated Code Detection: Automatically detects code generated by AI tools in source files. Flags potentially risky code snippets to help developers evaluate dependencies and compliance with licensing requirements.
  • Shadow AI Detection: Inventories the use of AI models and associated APIs, allowing teams to apply governance policies, track model usage, and mitigate risks arising from unapproved or unknown AI activity.

Addressing DevSecOps Risks

Yuval Fernbach, JFrog’s VP and CTO of MLOps, highlights a central issue: large language models (LLMs) are trained on vast code bases that can include flawed examples. Legacy software composition analysis (SCA) tools often fail to detect AI-generated code or its associated risks, which creates blind spots in application security.

Compliance and Vulnerability Management

These capabilities allow organizations to:

  • Audit the provenance of code and packages
  • Track compliance with licensing and usage requirements
  • Gain visibility into API and model invocation patterns

A recent JFrog survey suggests the majority of organizations (71%) still allow developers to download packages directly from the Internet, without sufficient scanning or provenance checks. Less than half fully track code and binary origins, which undermines overall security.

Implications for the Future

The rise of AI coding tools may worsen security before it improves it, as attackers exploit vulnerabilities produced by automated code. The article warns that better governance and consistent application of DevSecOps practices are crucial to protect software supply chains against the evolving risks introduced by AI.

For more insights on AI in DevOps and software security, visit devops.com.

This post appeared first on “DevOps Blog”. Read the entire article here