News

JFrog Unveils Tool to Track Unauthorized AI Usage Across Organizations

• By John K. Waters
• 11/13/2025

DevOps platform provider JFrog is taking aim at a growing challenge for enterprises: employees and development teams deploying AI tools without company approval. At its swampUP Europe conference, the company introduced Shadow AI Detection, a new feature designed to identify and manage unauthorized artificial intelligence implementations that often fly under the radar of IT departments.

The capability targets a problem that has accelerated alongside the AI boom: developers and teams incorporating AI models and external services into their workflows without going through proper security reviews or governance channels. These unsanctioned implementations, known as Shadow AI, can expose organizations to compliance violations, data leakage, and supply chain vulnerabilities. JFrog's tool automatically discovers both homegrown AI models and third-party API integrations, giving security and compliance teams visibility into AI usage they may not know exists.

"Recognizing and mitigating the risks of shadow AI is becoming a critical priority," said Yuval Fernbach, vice president and CTO of JFrog ML, in a statement. "This capability aims to strengthen oversight without limiting innovation."

As developers increasingly integrate AI models from vendors such as OpenAI, Anthropic, and Google directly into production workflows, organizations face mounting challenges tracking these tools across departments. JFrog's detection feature automatically inventories both internally developed models and third-party APIs in use, enabling centralized governance.

Once detected, the platform allows teams to implement access controls, enforce compliance policies, and audit usage across environments. The tool also supports monitoring of popular AI services, including OpenAI and Google Gemini.

The launch comes amid tightening AI regulations across the US and Europe. JFrog says its detection feature is aligned with emerging frameworks, including the US Transparency in Frontier AI Act, the EU AI Act, the Cyber Resilience Act, and Germany's BSI Guidelines. These regulations increasingly require documentation of AI usage, supply chain transparency, and proactive security controls.

The announcement also reinforces JFrog's longstanding ties to the Java development community. The company has played a key role in maintaining and securing key components of the Java software supply chain, including through its stewardship of the JCenter and Bintray repositories in earlier years. Its support for Java developers continues through integrations and governance features tailored to enterprise-scale Java application delivery.

JFrog positions its software supply chain platform, including the new Shadow AI Detection tool, as a response to both governance risks and global compliance demands. The capability will be available through the company's AI Catalog, with general availability expected in 2025.