Black Duck has launched Signal, an agentic AI application security solution targeting the security risks introduced by AI-generated code. Unlike traditional rule-based AST tools, Signal uses a coordinated system of specialized AI security agents powered by ContextAI, a model trained on decades of human-validated security data. It can detect complex vulnerabilities like cross-file dataflow issues and business logic errors that conventional tools miss. Signal integrates with IDEs, AI coding assistants, and CI/CD pipelines via MCP and APIs, analyzing code continuously as it is written. Black Duck demonstrated its capabilities by using Signal to discover an authentication bypass vulnerability in Gitea before public disclosure. The product is now generally available and is positioned as an enterprise governance tool for AI-scale software development.
Sort: