Cycode today announced the launch of its AI and machine learning (ML) Inventory and AI Bill of Materials (AIBOM), innovative solutions that help organizations discover, govern, and secure their use of AI throughout the software development lifecycle (SDLC). As AI becomes essential to modern development, these capabilities give security teams the visibility and control needed to manage the rapid expansion of AI tools, models, and infrastructure..
The rush to adopt AI’s transformative capabilities has introduced a new set of security challenges known as “Shadow AI.” In their efforts to innovate quickly, developers are integrating new AI models, coding assistants, and infrastructure without formal oversight. This rapid and decentralized adoption has created an unseen ecosystem that leaves security teams struggling to monitor AI usage and protect AI-generated code. Without full visibility, organizations are unable to enforce consistent security policies, forcing them to choose between slowing innovation or accepting unmanaged risk.
Discover, Govern, and Secure AI Across the SDLC
Cycode’s AI & ML Inventory eliminates the “Shadow AI” blind spot by providing a single source of truth for all AI and machine learning components used throughout the SDLC. The solution is built on three key pillars:
- Discover Shadow AI and Map Your Entire AI Footprint: You can’t secure what you can’t see. This platform provides a comprehensive inventory of all AI and ML assets, automatically discovering when developers leverage AI coding assistants, connect a Model Context Protocol (MCP) server, or add AI models. Powered by Cycode’s Risk Intelligence Graph (RIG), every asset is traced back to its source in a code repository, providing the deep context security teams need.
- Govern AI Usage with Enforceable Policies: Visibility is the foundation, but control is the goal. This platform allows security teams to establish controls by defining custom policies to govern AI use. For example, a team can create an allow-list of approved AI technologies and models, and the system will flag any tool that diverges from that policy, providing developers with clear, secure guardrails for responsible innovation.
- Create an AI Bill of Materials (AIBOM): As regulatory and customer inquiries around AI usage grow, this platform facilitates the creation of a comprehensive AIBOM. This up-to-date manifest of all AI components dramatically simplifies governance, compliance, and risk reporting for leadership and auditors.
“The AI coding revolution has created a massive blind spot for security teams. We were already battling an overwhelming tide of alerts, and now we face an invisible ecosystem of AI tools that is creating the next wave of risk,” said Lior Levy, CEO and Co-founder of Cycode. “It’s no longer sufficient to just find vulnerabilities in AI-generated code. Organizations must have complete visibility and governance over the entire AI toolchain. This launch is a critical next step in our mission to secure AI development from prompt to production. We are not just securing the output; we’re empowering organizations with the hindsight and control to build a resilient, security-first culture from the inside out.”
A Comprehensive Platform for Securing AI Development
The new AI & ML Inventory and AIBOM are integral to Cycode’s AI-Native Application Security Platform, completing a comprehensive solution designed to secure both AI- and human-generated code. This launch builds on Cycode’s existing innovations to deliver the industry’s most comprehensive coverage for the entire AI-powered SDLC.
- Securing AI-Generated Code by augmenting AI coding assistants with code-to-cloud context using Cycode’s MCP Server.
- Governing AI Tool Usage with the AI & ML Inventory to discover AI components across the SDLC and flag the use of AI tools that violate defined policies.
- Leveraging AI-for-Security to Reduce MTTR by empowering teams to identify material changes with Change Impact Analysis, prioritize high-risk, exploitable vulnerabilities that matter with intelligent risk scoring and the AI Exploitability Agent, and fix them faster with AI Remediation.
This integrated solution empowers organizations to manage risk across their entire AI-powered SDLC, from the initial use of AI tools to the deployment and operation of AI-generated code.
