Harness the power of open source AI

Sonatype helps organizations understand their AI usage and makes it easier for developers and data scientists to use AI in their applications. With industry-first AI software composition analysis (SCA) and end-to-end AI model management, organizations can gain greater visibility, policy enforcement, and storage of Hugging Face models.

AI/ML models offer several distinct advantages, including accelerated development, simplified integration of advanced language capabilities, and performance benefits thanks to the bulk of the processing being handled server-side. If managed improperly, the drawbacks are severe including data privacy and security challenges, the possibility of malicious attacks, and litigious action for any license breaches.

Sonatype offers full support for Hugging Face, the largest hub of ready-to-use datasets for machine learning and open AI models with fast, easy-to-use, and efficient data manipulation tools. Our support of Hugging Face models enables the same standard of risk mitigation controls as we provide to open source software components or packages.

While open source AI presents significant opportunities for natural language interaction, it poses potential licensing risks. In many cases, developers may fine-tune open AI models to suit specific applications, but the licensing terms of the foundational model must be carefully considered.

And for now, technology is outpacing legislation. The inevitable legal challenges are likely to help democratize the AI/ML landscape as companies will have to become more transparent about the training datasets, model architectures, and the checks and balances in place designed to safeguard intellectual property.

AI is a powerful tool for software development, and our customers count on our products to help them make critical decisions. This is why we are continually working on ways to integrate it into our portfolio, allowing you to identify, classify, and block threats to software supply chains.

Sonatype has pioneered the use of artificial intelligence and machine learning to accurately speed up vulnerability detection, reduce remediation time, and predict new types of attacks. We use AI/ML to transform software supply chain management in the following ways:

• Release Integrity, a first-of-its-kind AI-powered early warning system uses over 60 different signals to automatically identify and block malicious activity and software supply chain attacks.
• Sonatype Safety Rating, an aggregate rating score, generated by our ML/AI analysis, which evaluates a range of risk vectors including the likelihood of an open source project containing security vulnerabilities.
• License Classification, a ML/AI and human curation driven system to detect and classify open source software licenses into threat groups, such as banned, copyleft, and liberal.

Effective use of AI and ML starts with ensuring the outputs are providing the most precise and reliable data. Sonatype has a duty to use AI responsibly, which means it must be:

• Fair | AI systems are designed to treat all individuals and groups fairly without bias. Fairness is the primary requirement in high-risk decision-making applications.
• Transparent | Transparency means that the reason behind decision-making in AI systems are clear and understandable. Transparent AI systems are explainable.
• Secure | AI systems must respect privacy by providing individuals with agency over their data and the decisions made with it. AI systems must also respect the integrity of the data they use.