Black Duck today announced the launch of Black Duck Signal™, a new agentic AI platform designed to secure software at the same speed it’s now being developed with AI coding tools.
As AI-driven development accelerates, traditional security testing methods have struggled to keep pace. Black Duck Signal aims to bridge that gap by combining two decades of the company’s software security expertise with large language model (LLM)-powered software analysis to autonomously detect and remediate vulnerabilities across source code, binaries, supply chain components, and running applications.
The rise of AI coding assistants and autonomous agent workflows has transformed how software is built. Still, it has introduced new challenges in ensuring the security of AI-generated code. Signal is purpose-built for this era, working natively within AI-enabled development environments to identify, prioritise, and fix vulnerabilities in real time.
Unlike generic AI tools, Signal blends advanced multi-model LLM technology with human-labeled application security intelligence from the Black Duck KnowledgeBase™, a vast repository built over years of analysis of both open-source and commercial software. The result is a system that provides accurate, context-aware insights without the noise, hallucinations, or false positives that often plague automated code analysis.
Signal’s agentic architecture enables both developers and security teams to work more efficiently by integrating directly with AI coding assistants such as Google Gemini, GitHub Copilot, Claude Code, and Cursor, as well as with other Black Duck security products. The platform’s real-time analysis capabilities allow it to scan new and modified code as it’s written, ensuring continuous protection without slowing down the development process.
“AI is revolutionizing how software is built—and with Signal, Black Duck is redefining how you secure it by completely eliminating the noise of legacy tools,” said Jason Schmitt, CEO of Black Duck. “Developers are moving faster than ever, embracing AI to build and deliver software at unprecedented speed. Signal is the first programming language-agnostic security analysis product to combine the power of LLM-based code analysis with petabytes of human-labeled security data curated over our decades of analysing real-world commercial and open-source software. Signal is designed to give developers the clarity, confidence, and control they need to innovate securely—without slowing down.”
In addition to real-time code analysis, Signal automates the remediation process with verified code fixes and library patching, reducing manual effort while maintaining developer control. It also brings advanced exploitability analysis to reduce alert fatigue and focuses attention on the vulnerabilities that matter most. Beyond traditional vulnerability scanning, Signal’s AI-driven detection of business logic flaws gives teams visibility into application-level zero-days that typically evade rule-based systems.
