The latest upgrades to an AI-powered application security assistant aim to address one of the most pressing challenges in modern software development, keeping pace with the security risks posed by both human- and AI-generated code.
Announced at Black Hat 2025 in Las Vegas, Black Duck Assist now operates directly within developer environments via the company’s Code Sight IDE plugin. The tool performs real-time security scans on code as it is written or generated by AI coding assistants, identifying vulnerabilities and potential intellectual property violations before the work moves further along the development cycle.
The approach reflects a broader shift in the industry towards integrating security directly into the coding process rather than relying solely on separate testing phases. According to research cited from Gartner, pairing generative AI with complementary tools such as AI code security assistants and AI-augmented testing can help reduce the lag between coding, scanning, and remediation.
Security at the point of creation
The integration means developers can receive AI-generated vulnerability summaries, detailed code analysis, and suggested fixes without leaving their coding environment or waiting for input from dedicated security teams. This is designed to shorten remediation times and reduce the risk of vulnerabilities being carried into later stages of development.
Code Sight now works with traditional integrated development environments such as Eclipse, IntelliJ, and Visual Studio, as well as AI-focused editors like Cursor and Windsurf. The latter capability is aimed at teams adopting AI coding assistants such as GitHub Copilot and Claude Code, where the rapid pace of code generation can increase the risk of introducing security flaws if checks are not performed in real time.
The update also adds support for natural language queries in both the IDE and Black Duck’s Polaris platform. This allows developers and security teams to access project statistics, testing results, trend analysis, and product configuration details through simple typed questions, lowering the barrier to extracting key information.
Implications for AI-augmented development
The rise of generative AI in software creation has raised questions over how to maintain quality and security when code can be produced far faster than traditional review processes can handle. By embedding scanning and remediation tools into the same workflow where AI-generated code is produced, the aim is to reduce the gap between creation and security validation.
This trend reflects a growing acknowledgement in the industry that security cannot be an afterthought in AI-augmented development. As generative AI becomes a more common fixture in coding, tools that can operate at the same speed – and in the same space – as developers are likely to play an increasingly important role in ensuring that rapid output does not come at the expense of safety or compliance.
With these upgrades, Black Duck Assist positions itself as part of that evolution, bringing automated checks, context-aware analysis, and AI-driven fixes into the earliest stages of code creation. For organisations seeking to harness AI’s potential without introducing unacceptable risk, integrating security directly into the development environment may become less an optional enhancement and more a baseline requirement.
