Endor Labs’ new tool helps enterprises track the AI models they use

Software supply chain security vendor Endor Labs has added another dimension to its products with Tuesday’s launch of AI Model Discovery, which will be part of its core open-source evaluation offering.

AI Model Discovery lets application security professionals discover the local open-source AI models being used in their application code, evaluate their risks, and then create and enforce policies around their usage. It also offers automated detection, warning developers about policy violations and blocking high-risk models from entering production.

“As companies try to develop their internal AI applications, they’re looking for ways to reduce costs, and using a pre-trained model is one of those ways, as well as hosting it on premises or in their own applications, which also makes it a lot easier to customize the model,” said Andrew Stiefel, senior product manager at Endor Labs. “But as we’ve heard from a lot of our customers, there’s a big gap right now, especially for application security teams, and it really just starts with fundamental visibility. They don’t know what AI models are being used in their organization, and they don’t really have any way to start evaluating those models for risk.”

AI Model Discovery, he said, provides the ability to find those models, and the ability to evaluate them. It scores models across 50 dimensions, summarizes the assessment, and its policy engine enables companies to then craft policy based on their organization’s risk tolerance.

Limited scope

There are, however, some limitations. It only detects and evaluates models from Hugging Face, and only when they are contained in programs written in Python. On the plus side, Python is the most common language used for these applications, and Hugging Face offers over a million models, so Stiefel said they were the logical places to start.

Michele Rosen, IDC’s research manager for open genAI, LLMs and the evolving open-source ecosystem, agreed. “Hugging Face is the go-to repository for open models, so Endor’s new tool is likely to discover the lion’s share of open models being used by developers, including base models as well as models tuned for a specific use case,” she said. However, she noted that there is a transformers library in JavaScript, so expanding to cover JavaScript should be on the roadmap. But for an initial offering, she said, Hugging Face and Python are the commonsense place to start.

Endor Labs’ Stiefel said Python is only the beginning. “Our model is introduce one language — in this case, we prioritize Python because of its dominance in the ecosystem — but then continue to extend it to other languages. Especially in the enterprise space, we tend to see a lot more Java, where in smaller shops, we tend to see adopting Rust and other newer languages more often. We support all those different customers.”

Jason Andersen, VP and principal analyst at Moor Insights & Strategies, is excited about this announcement, and pointed to AI management and governance as a big issue in 2025. “What Endor has here is very helpful since it can detect and enforce policies,” he said. “However, this is not a trivial task with over a million models out there. I think that Endor’s scoring system is a good way to go, as we are still early in the market. Different companies may have different appetites for risk or will work to identify and mitigate business-critical models that may not be high-scoring.”

Not yet a complete solution

However, noted Thomas Randall, director of AI market research at Info-Tech Research Group, the new tool is not yet a complete solution. “Potential users should be aware of the limitations of Endor Labs’ AI Model Discovery tool (as with all software composition analysis tools on the market),” he said. Since the tool is currently limited to Python, he recommends that companies use it as part of a broader software composition analysis program, which also includes  keeping records of the open-source models and datasets in use, including URLs, authors, and repositories, regularly auditing AI systems to mitigate risks from malicious or insecure components, and developing custom scripts to scan for common open source signatures, copyright notices, or comments in model files.

“Alongside these best practices, organizations should consider mandating a software bill of materials for all AI projects and provide training on open-source licensing, ethical use, and security considerations as part of their AI strategy and governance,” he added.

AI security does not exist in a vacuum, Katie Norton, IDC’s research manager for DevSecOps and software supply chain security, observed, “While traditional software development and AI model development have distinct processes and risks, the fundamental principles of securing the software supply chain remain applicable to both. As organizations increasingly build or integrate AI-driven features into their applications, application security vendors are in a prime position to address the emerging security needs of these AI components.”

Because of that, she said, “Given the larger trends around consolidation in cybersecurity, organizations are likely going to want these capabilities from the tools and vendors they already work with to secure their applications. Further, siloing AI-security from larger application security processes doesn’t ultimately make sense as they all come together and interact in the production application.”

Version 2 of AI Model Discovery will have additional features and support additional languages, Stiefel noted. “This is just the first version that’ll be coming out,” he said. “I don’t have exact timelines for you on this, but just to give you a preview, we’ll be looking at securing not just Hugging Face, but those third-party models as well. So OpenAI, ChatGPT, Claude, Gemini, so that you can find those API integrations in your code.”