JFrog, the DevSecOps company, has announced the integration of AI and generative AI models with the existing secure software supply chain platform based on Artifactory and Xray.
Foundation models are the fundamental building blocks of generative AI. Similar to software libraries, these models are now available in both open source and commercial flavors. The open source foundation models are published at Hugging Face, which has fast become the GitHub equivalent of AI models.
Enterprise developers download the AI models from Hugging Face to integrate them with the locally deployed applications. This approach has the same risk of cloning a GitHub repo, building the software, and integrating it with local applications. The licensing associated with the foundation models available on Hugging Face varies from permissible to more restrictive.
JFrog’s new ML Model Management enables DevOps and Security teams to leverage their existing JFrog solution to meet their organization’s MLOps requirements, seamlessly integrating into the workflows of ML Engineers and Data Scientists. As a result, organizations can extend their secure software supply chain by applying their existing practices and policies to ML model development.
There are two JFrog products that work in tandem to secure ML models – Artifactory and Xray.
JFrog Artifactory is a unified repository to store and manage all the artifacts, binaries, packages, files, containers, and components that are used in your software supply chain.
JFrog Xray is a universal software composition analysis (SCA) solution that integrates directly with Artifactory. This makes it easy for developers and DevSecOps teams to find open source vulnerabilities and license compliance violations before they show up in production releases. Xray detects security flaws and license violations as early as the dependency declaration stage and prevents builds with security issues from being built. It provides automated and continuous governance along with auditing of software artifacts and their dependencies.
JFrog Artifactory’s integration with Hugging Face allows organizations to create a single system of record for ML models that brings ML/AI development in line with their existing software supply chain, which enables data scientists and developers to treat the models like any other software component. By proxying and caching machine learning models from Hugging Face on Artifactory using remote repositories, it provides fast, consistent, and reliable access to foundation models. Fine-tuned and customized models can be stored locally within Artifactory.
Furthermore, by utilizing JFrog Xray’s ML security capabilities, organizations can detect and block malicious models as well as those with non-compliant licenses.
With foundation models and LLMs becoming mainstream, enterprises need a unified and consistent mechanism to integrate these models with applications. JFrog extends the proven and familiar capabilities based on secure software supply chain to generative AI models. It’s one of the first DevSecOps platforms to support secure scanning and local caching of Hugging Face models.