JFrog Exposes Enterprise AI Blind Spots, Driving Centralized Software Supply Chain Governance

New Shadow AI Detection capability enables transparency and risk management, guarding against uncontrolled use of AI models and API calls

“Recognizing and mitigating the risks of shadow AI is becoming a critical priority for CIOs and CISOs who must strike a balance between innovating while maintaining security. Organizations should follow proven software development practices by creating developer-friendly workflows with strong security and robust governance,” said Yuval Fernbach, VP and CTO, JFrog ML. “The addition of Shadow AI Detection capabilities is intended to strengthen JFrog’s leadership in securing the AI supply chain 360-degrees, helping companies utilize AI safely and responsibly.”

Delivering Transparency for Better Governance of AI Models and APIs

The rapid integration of AI across development pipelines has created a major governance challenge for organizations. For example, developers and data science teams frequently integrate AI models and services directly from providers such as Anthropic, OpenAI, and Google without organizational oversight. This ungoverned activity, often referred to as Shadow AI, creates dangerous blind spots that leave enterprises vulnerable to compliance violations, data leaks, and supply chain attacks.

JFrog’s new Shadow AI Detection helps automatically detect and create an inventory of all internal AI models and external API gateways used across the organization to access data from either approved or ad-hoc third-party sources. Once discovered, these newly visible models and services can be governed centrally, empowering teams to:

• Enforce security and compliance policies across all AI assets.
• Establish defined paths for authorized users to access and utilize third-party AI services, ensuring controlled and fully auditable interactions.
• Track and monitor usage of external AI models and APIs such as OpenAI or Gemini.

Meeting the Global AI Compliance Imperative