Mend.io has introduced MendAI, an application security tool that identifies code generated by AI models and has expanded its software composition analysis tool to provide detailed AI model versioning and update information, DevOps reports.
The enhancement helps organizations manage licensing, compatibility, and compliance issues in the context of a software bill of materials. Mend.io has indexed over 35,000 publicly available large language models to aid in this process.
Jeffery Martin, vice president of product at Mend.io, highlighted the importance of these tools for data science teams that use machine learning operations workflows. These teams often lack cybersecurity expertise, making AI-generated code vulnerable to exploitation. Therefore, DevSecOps teams must be equipped to identify and manage potentially vulnerable AI-generated code.
The announcement comes as cybercriminals are increasingly targeting AI models with the aim of data exfiltration and poisoning of training data. At the same time, replacing compromised AI models can be challenging due to their complexity. As AI-generated code usage grows, DevSecOps teams must address the resulting AI security issues. This underscores the need for integrating MLOps and cybersecurity workflows to establish best practices for MLSecOps, despite the shortage of cybersecurity professionals with AI expertise.
