CP
cyberpings
AI & SecurityHIGH

AI Security - Black Duck Launches Signal to Mitigate Risks

ISIT Security Guru
Black DuckSignalAI-generated codeapplication securityContextAI
🎯

Basically, Black Duck created a new tool to help keep AI-written code safe from security problems.

Quick Summary

Black Duck has launched Signal, a new AI application security tool to address risks in AI-generated code. This tool is essential for developers as reliance on AI coding assistants increases. Signal promises to enhance security and governance in software development, ensuring safer code practices.

What Happened

Black Duck has unveiled Black Duck Signal™, a groundbreaking AI application security solution. This tool is specifically designed to tackle the security challenges that arise from AI-native software development. As AI coding assistants become commonplace, industry analysts predict that 90% of enterprise developers will rely on these tools by 2028. However, existing security tools struggle to keep pace with the rapid evolution of AI-generated code.

Jason Schmitt, CEO of Black Duck, emphasized the urgency of this issue, stating, "AI is no longer just accelerating development; it’s actively authoring software." Signal aims to bridge this gap by providing a robust framework for managing the complexities of AI-driven code.

A Different Architecture for a Different Problem

Unlike traditional application security testing (AST) tools, Signal employs an agentic AI architecture. This innovative approach utilizes a coordinated system of specialized AI security agents. These agents collaborate to analyze code, evaluate vulnerabilities, prioritize risks, and recommend or implement fixes with a reasoning process akin to human logic.

At the core of this system is ContextAI, Black Duck’s proprietary application security model. Trained on extensive, human-validated security data, it enables Signal to make informed decisions about risk and remediation. This capability is particularly vital for identifying complex vulnerabilities that conventional tools often overlook.

Proof in the Wild

To demonstrate Signal’s effectiveness, Black Duck cited a real-world example where their Cybersecurity Research Center used the tool to discover a previously unknown authentication bypass vulnerability in Gitea, a popular open-source Git platform. This incident highlights Signal's ability to identify significant logic flaws that traditional tools might miss entirely.

Signal integrates seamlessly into existing developer tools, such as AI coding assistants and IDEs, providing continuous analysis as code is written. This proactive approach helps surface issues before they reach a commit, significantly reducing the risk of vulnerabilities slipping through the cracks.

Governance at AI Scale

Beyond merely detecting vulnerabilities, Black Duck positions Signal as an enterprise governance tool. As AI coding assistants increasingly take on the role of software developers, organizations face heightened challenges surrounding security, compliance, and trust. Signal equips security and engineering leaders with the visibility and control necessary to manage AI-generated software effectively.

With its innovative architecture and proactive capabilities, Black Duck Signal is now generally available, marking a significant step forward in securing the future of AI-driven software development. This tool aims to empower organizations to harness the benefits of AI while mitigating the associated risks.

🔒 Pro insight: Signal's unique architecture could set a new standard for application security tools in the age of AI-driven development.

Original article from

IT Security Guru · Guru Writer

Read Full Article

Share

Related Pings

HIGHAI & Security

AI Security - Apiiro Introduces Threat Modeling Solution

Apiiro has launched AI Threat Modeling to identify risks before code exists. This innovative tool helps organizations manage security in AI-driven applications effectively.

Help Net Security·
HIGHAI & Security

AI Security - Straiker Enhances Protection for AI Agents

Straiker has launched new AI security tools to protect coding and productivity agents. Organizations using these agents face serious risks without proper oversight. Discover AI and Defend AI help security teams monitor and secure their AI environments effectively.

Help Net Security·
HIGHAI & Security

AI Security - Astrix Expands Agent Governance Platform

Astrix Security has expanded its AI agent security platform to cover all enterprise AI agents. This enhancement is crucial for managing both sanctioned and shadow agents effectively. With the rapid deployment of AI, enterprises face significant risks without proper governance. Astrix aims to fill this gap with real-time monitoring and policy enforcement.

Help Net Security·
HIGHAI & Security

AI Security - Rubrik SAGE Enhances Governance for Agents

Rubrik has launched SAGE, a new AI governance engine. It enables real-time control of AI agents, addressing governance bottlenecks. This innovation is crucial for secure enterprise AI deployment.

Help Net Security·
MEDIUMAI & Security

AI Security - Arctic Wolf Launches Aurora Superintelligence Platform

Arctic Wolf has launched the Aurora Superintelligence Platform to enhance AI's role in cybersecurity. This innovation aims to solve trust issues in AI applications. Organizations facing AI-driven threats can benefit significantly from this advanced platform.

Arctic Wolf Blog·
HIGHAI & Security

AI Security - Black Duck Signal Secures AI-Generated Code

Black Duck has launched Signal, a new AI application security solution. It secures AI-generated code, addressing unique risks in modern development. This innovation helps organizations maintain security while leveraging AI's speed.

Help Net Security·