Mike Vizard reports on Black Duck Software’s new integration of their AI security assistant into IDE plugins, enabling real-time vulnerability detection and support for natural language security queries as developers write code.

Black Duck Software Brings AI-Powered Security to IDEs

Author: Mike Vizard

At Black Hat USA 2025, Black Duck Software announced it has extended its artificial intelligence (AI) tool, Black Duck Assist, into plugins for popular integrated development environments (IDEs) like Eclipse, IntelliJ, and Visual Studio. The move aims to help developers catch code vulnerabilities as they write, without leaving their primary coding environments.

Key Enhancements

  • Black Duck Assist in IDEs: The AI security assistant is now available directly in IDEs, providing real-time vulnerability detection as code is written and helping developers identify and remediate security risks early.
  • Expanded Editor Support: Support includes IDEs such as Eclipse, IntelliJ, Visual Studio, as well as newer AI-focused editors like Cursor and Windsurf.
  • Natural Language Security Queries: Developers can now use natural language within their IDEs or via the Polaris application security platform to query code for security risks or request summaries, further lowering the barrier for secure code development.
  • Code Analysis for AI-Generated Code: The tool is tailored to review code created by AI coding assistants, providing independent validation to avoid both code generation and security checks relying on the same underlying large language models.

Addressing Modern Development Challenges

  • Increasing Use of AI Coding Tools: With the rise of AI-assisted coding, the risk of accidentally introducing vulnerabilities grows, especially as more developers (including “citizen developers”) rely on these tools.
  • Prompt Engineering and Security: Code quality and security can vary with developers’ prompt engineering skills, making embedded validation valuable.
  • Integrated DevSecOps Workflows: Black Duck’s approach leverages tools and platforms (like Polaris) that many DevSecOps teams already use, reducing the need for additional standalone products.

Perspective

Patrick Carey, executive director for marketing strategy at Black Duck Software, emphasizes the critical role of independent AI security validation. As AI-generated code becomes commonplace, having a security layer not dependent on the exact same models used to create the code is crucial to uncover vulnerabilities that might otherwise be missed. The integration streamlines the developer experience and responds to the reality that most developers—especially those not security-focused—need assistance to maintain code safety as velocity increases.

Broader Implications

  • Quality of AI-Generated Code: AI assistants like Black Duck Assist are intended to remediate vulnerabilities before code is introduced into production.
  • Continuing Evolution in DevOps: The blending of AI, development, security, and operations continues to transform how teams work and how applications are rapidly built and deployed.

For further information, see the official Black Duck Software press release and learn more about how AI coding tools are impacting the DevOps landscape.

This post appeared first on “DevOps Blog”. Read the entire article here