Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its unparalleled expertise in open source governance, Sonatype now extends its trusted platform to protect, manage, and optimize AI/ML models across development and deployment. Sonatype is the first and only company providing an end-to-end AI SCA solution, ensuring that enterprises can adopt AI with the same level of safety and productivity as traditional open source.

Open source AI/ML adoption is soaring - over the last 12 months, Sonatype has identified more than 300,000 models within customer software supply chains. As organizations rush to integrate AI-powered software and agentic AI solutions, they face the same security, compliance, and governance challenges that once plagued open-source software adoption. To confidently manage open source AI/ML usage in software supply chains, Sonatype provides: 

• Proactive AI threat detection: Sonatype blocks intentionally malicious AI models from entering enterprise development environments.  

• Centralized AI model governance: With Nexus Repository's Hugging Face proxy support, development teams can efficiently store, manage, and govern AI/ML models within existing DevOps workflows. 

• Automated AI policy management: Sonatype enables organizations to enforce security and compliance policies across AI model usage.

• Unmatched AI observability and compliance: Sonatype provides full visibility into AI/ML model consumption, strengthening AI/ML security and defense strategies and streamlining first- and third-party software evaluation so enterprises can scale AI safely. 

"No one knows open source like Sonatype, and AI is the next frontier. Just as we revolutionized open source security, we are now doing the same for AI," said Mitchell Johnson, Chief Product Development Officer at Sonatype. "We are the first company to address the entire AI/ML supply chain - giving enterprises and developers the confidence to deliver AI-powered solutions without compromising security, compliance, or velocity. By integrating seamlessly into existing DevOps workflows, we ensure developers can innovate freely while staying secure."

In The Forrester Wave: Software Composition Analysis (SCA) Software, Q4 2024 report, the Forrester analyst noted Sonatype's forthcoming AI capabilities would "catapult Sonatype ahead on both software supply chain and generative AI (genAI) SCA" and awarded Sonatype the highest possible marks in several categories, including AI component analysis. 

"It has never been easier for organizations to integrate open source AI models into software, but with open source AI consumption comes the same risk facing users of traditional open source. It is imperative that we, as an industry, secure their use now in order to prevent unmanageable security workloads in the future," said Brian Fox, Co-founder and CTO at Sonatype. "We are proud to offer developers and security teams an end-to-end platform that provides the visibility and governance capabilities needed to use AI models safely, setting organizations up for easy and efficient long-term security."

AI is transforming software development, but enterprises cannot afford to take shortcuts when it comes to security and compliance. Sonatype makes it possible for organizations to integrate AI models into their development workflows confidently - just as they do with open source components today.