JFrog has introduced a new feature, Shadow AI Detection, as part of its Software Supply Chain Platform, aimed at enhancing visibility and control over the “shadow AI” models and API calls that often infiltrate development pipelines without organizational oversight. This development comes in response to the increasing security, compliance, and risk issues associated with informal AI integrations adopted by various teams.
The Shadow AI Detection feature automatically scans and inventories both internal AI models and external API gateways used within an organization. This includes unsanctioned tools from providers such as OpenAI and Anthropic, as well as other third-party services. The capability allows enterprises to implement centralized governance over these tools, enabling them to enforce security and compliance policies, define authorized access paths, track usage, and maintain a comprehensive audit trail.
Yuval Fernbach, JFrog’s VP and CTO of ML, characterized the rollout as a necessary response to the growing blind spots in AI adoption. He stated that Shadow AI Detection “strengthens JFrog’s leadership in securing the AI supply chain 360 degrees, helping companies utilize AI safely and responsibly.” The timing of this launch is crucial, as businesses increasingly embed AI into their applications and workflows without centralized policy, elevating the risk of unmanaged or insecure AI usage.
The implications of unmanaged AI extend beyond security; they open avenues for regulatory infractions, data leaks, and vulnerabilities within the supply chain. JFrog emphasizes the need for governance mechanisms typically applied to software packages and dependencies to be extended to AI models and interactions. This new capability positions JFrog’s platform not just as a traditional artifact repository but as a comprehensive system of record for an organization’s software and AI supply chain.
Organizations adopting Shadow AI Detection will be better prepared to comply with emerging global AI regulations, including the upcoming EU AI Act and evolving transparency rules in the U.S. related to frontier AI. With the increasing emphasis on compliance under frameworks like NIS2 and other cyber-resilience guidelines, this feature aligns with the growing need for structured governance in AI applications.
JFrog is not the only player addressing AI governance. ModelOp Center offers an “AI control tower” designed for lifecycle management and governance across all AI within an organization, covering in-house models, third-party vendor models, and generative AI solutions. It facilitates the registration of new AI use cases, risk assessment, policy enforcement, audit trails, and continuous monitoring, differentiating itself from traditional MLOps or data platforms by focusing specifically on governance and compliance.
Another notable entrant in this space is Aurva, which provides real-time monitoring and observability for AI/ML systems, including agentic workloads and API-based AI model calls. Aurva markets its AIOStack as offering “deep, kernel-level visibility and control,” assisting organizations in detecting unauthorized data access, potential data leakages, and suspicious behavior by AI agents. Its approach to “shadow-AI visibility” parallels JFrog’s efforts, enabling firms to discover unmanaged or unsanctioned AI usage.
Shadow AI Detection is set to be integrated into the existing JFrog AI Catalog, with general availability anticipated in 2025. As the landscape of AI continues to evolve rapidly, this feature underscores the growing importance of governance and oversight in the integration of AI technologies across enterprises.
See also
WPP Media Predicts 8.8% Growth in Global Ad Revenue Amid AI Disruption and Tariffs
imper.ai Launches with $28M to Combat Deepfake Threats in Real-Time Monitoring
Hybrid AI Becomes Essential for 91% of Financial Services, Reveals Cloudera Survey
Moonpig Reports 6.7% Sales Growth, Leverages AI for Card Design and Personalization
Check Point Launches Quantum Firewall R82.10 with 20 New Features for AI Security
