Cycode Tackles "Shadow AI" with Launch of AI Inventory and AIBOM

The new solutions provide critical visibility and governance over the unmanaged AI tools and models adopted by developers, securing AI development from prompt to production.

SAN FRANCISCO, Oct. 21, 2025 /PRNewswire/ -- Cycode, the leader in AI-native application security, today announced its AI and machine learning (ML) Inventory and AI Bill of Materials (AIBOM), powerful new solutions to help organizations discover, govern, and secure their use of AI across the entire software development lifecycle (SDLC). At a time when AI is not just an advantage but a necessity, these new capabilities provide the critical visibility that security teams need to manage the explosion of AI tools, models, and infrastructure being adopted by developers.

The race to leverage AI's transformative power has created a new landscape of risk: "Shadow AI". Eager to innovate, developers are pulling in new AI models, using various AI coding assistants, and connecting to a wide array of AI infrastructure. This rapid, decentralized adoption creates a sprawling, invisible ecosystem that leaves security teams unable to govern AI usage or secure AI-generated code effectively. A lack of visibility prevents organizations from defining and enforcing security controls, creating a difficult choice between slowing down innovation and accepting uncontrolled risk.

Discover, Govern, and Secure AI Across the SDLC

Cycode's AI & ML Inventory eliminates the "Shadow AI" blind spot by providing a single source of truth for all AI and machine learning components used throughout the SDLC. The solution is built on three key pillars:

• Discover Shadow AI and Map Your Entire AI Footprint: You can't secure what you can't see. This platform provides a comprehensive inventory of all AI and ML assets, automatically discovering when developers leverage AI coding assistants, connect a Model Context Protocol (MCP) server, or add AI models. Powered by Cycode's Risk Intelligence Graph (RIG), every asset is traced back to its source in a code repository, providing the deep context security teams need.
• Govern AI Usage with Enforceable Policies: Visibility is the foundation, but control is the goal. This platform allows security teams to establish controls by defining custom policies to govern AI use. For example, a team can create an allow-list of approved AI technologies and models, and the system will flag any tool that diverges from that policy, providing developers with clear, secure guardrails for responsible innovation.
• Create an AI Bill of Materials (AIBOM): As regulatory and customer inquiries around AI usage grow, this platform facilitates the creation of a comprehensive AIBOM. This up-to-date manifest of all AI components dramatically simplifies governance, compliance, and risk reporting for leadership and auditors.

A Comprehensive Platform for Securing AI Development

The new AI & ML Inventory and AIBOM are integral to Cycode's AI-Native Application Security Platform, completing a comprehensive solution designed to secure both AI- and human-generated code. This launch builds on Cycode's existing innovations to deliver the industry's most comprehensive coverage for the entire AI-powered SDLC.

• Securing AI-Generated Code by augmenting AI coding assistants with code-to-cloud context using Cycode's MCP Server.
• Governing AI Tool Usage with the AI & ML Inventory to discover AI components across the SDLC and flag the use of AI tools that violate defined policies.
• Leveraging AI-for-Security to Reduce MTTR by empowering teams to identify material changes with Change Impact Analysis, prioritize high-risk, exploitable vulnerabilities that matter with intelligent risk scoring and the AI Exploitability Agent, and fix them faster with AI Remediation.

This integrated solution empowers organizations to manage risk across their entire AI-powered SDLC, from the initial use of AI tools to the deployment and operation of AI-generated code.

"The AI coding revolution has created a massive blind spot for security teams. We were already battling an overwhelming tide of alerts, and now we face an invisible ecosystem of AI tools that is creating the next wave of risk," said Lior Levy, CEO and Co-founder of Cycode. "It's no longer sufficient to just find vulnerabilities in AI-generated code. Organizations must have complete visibility and governance over the entire AI toolchain. This launch is a critical next step in our mission to secure AI development from prompt to production. We are not just securing the output; we're empowering organizations with the hindsight and control to build a resilient, security-first culture from the inside out."

Availability

Cycode's MCP Server is available now, and the AI & ML inventory is in early access. To learn more and see the solution in action, get a demo today.

About Cycode

Cycode's AI-Native Application Security Platform unites security and development teams with actionable context from code to runtime to identify, prioritize, and fix the software risks that matter.

Powered by proprietary scanners, third-party integrations, and the Risk Intelligence Graph (RIG), Cycode delivers unified, correlated insight across the Software Factory. Its unique ability to sense, reason, and act with context in the AI-Era comes from its foundational convergence of AST, ASPM, and Software Supply Chain Security—purpose-built to secure both AI- and human-generated code.

SOURCE Cycode