Black Duck Launches Signal to Tackle the Security Risks of AI-Generated Code

The rise of AI coding assistants is reshaping software development, with analysts forecasting that nine‑in‑ten enterprise developers will rely on these tools by 2028. This rapid adoption accelerates code velocity but also introduces novel security challenges, as traditional application security testing (AST) tools struggle to keep up with AI‑generated code’s dynamic nature. Black Duck Signal addresses this gap by replacing static rule sets with a coordinated network of AI agents that evaluate code in real time, leveraging the ContextAI model trained on decades of validated security data.

Signal’s architecture distinguishes itself through its multi‑model approach. Each AI agent is optimized for a specific analysis phase—ranging from vulnerability identification to exploitability scoring—allowing the platform to uncover complex issues like cross‑file data‑flow problems and business‑logic flaws that conventional scanners miss. The system’s language‑agnostic design eliminates the need for frequent rule updates, ensuring continuous protection as developers adopt new frameworks or language features, especially when code is auto‑generated by AI.

From an operational standpoint, Signal integrates seamlessly into developers’ existing workflows via model context protocol (MCP) and APIs, embedding security checks directly into IDEs, AI assistants, and CI/CD pipelines. By surfacing actionable findings before code is committed, it reduces the high false‑positive rates that erode developer trust in security tools. This proactive governance capability equips security and engineering leaders with the visibility needed to enforce compliance and maintain rapid development velocity in an AI‑driven environment.