Black Duck, which provides AI-assisted application security tools, has announced a set of updates to its Black Duck Polaris Platform. The updates are intended to help organisations respond to risks associated with the use of advanced AI models, such as Claude Mythos.
The new features focus on several areas often described as part of “Mythos readiness”: reducing Application Security Testing (AST) gaps associated with AI-assisted development, preparing for a higher volume of AI-generated vulnerabilities, and using AI to help reduce the Mean Time To Remediate (MTTR) security issues.
Addressing AST Gaps
To reduce potential gaps in application security coverage, the increased speed of software development requires ongoing monitoring and synchronisation with source code management systems. This approach is intended to help identify previously untracked or “shadow” AI projects and assess them for potential security risks.
Streamlining Triage and Remediation
With more code being generated through AI tools, updated policies in Polaris allow for automated enforcement of security controls. This is designed to help ensure vulnerabilities are consistently detected and addressed, while allowing security teams to focus more on complex issues that require deeper analysis.
Equipping Teams for AI-Related Vulnerabilities
As the use of open-source components increases, organisations may face a higher number of disclosed vulnerabilities. Black Duck Audits are positioned to address gaps in software supply chain visibility by tracking open-source software usage and supporting remediation efforts. Prioritisation of vulnerabilities considers factors such as exploitability and reachability in addition to CVSS scores.
Enhancing Developer and Security Workflows
Polaris integrates AI-assisted application security features into existing DevOps workflows. Tools such as AI-based false positive detection and the Code Sight IDE plugin are designed to help developers identify and resolve vulnerabilities within their standard development environment.
Overall, these updates are presented as enhancements aimed at supporting security teams in managing the growing volume and complexity of AI-related threats.
