AI Bill of Materials (AIBOM)
What is AI Bill of Materials (AIBOM)?
AI Bill of Materials (AIBOM)A machine-readable inventory of every component that goes into an AI system — datasets, base models, fine-tuning data, libraries, prompts, and evaluation artifacts — used for security, compliance, and accountability.
An AIBOM extends the SBOM concept from software to AI systems. Initiatives such as CISA's AIBOM working group, SPDX 3 AI Profile, CycloneDX ML-BOM, and the EU AI Act's technical-documentation requirements prescribe metadata: dataset provenance and licenses, base-model identifiers and versions, fine-tuning recipes, hyper-parameters, evaluation results, and known limitations. AIBOMs help organisations trace the impact of a poisoned dataset or backdoored base model, demonstrate regulatory compliance, manage AI supply-chain risk, support model recall, and feed vulnerability databases (OSV-AI, MITRE ATLAS). Mature MLSecOps programs generate AIBOMs automatically from training pipelines and store them alongside signed model artefacts.
● Examples
- 01
A CycloneDX ML-BOM file attached to a model release listing the base model, datasets, and fine-tuning data with hashes.
- 02
An AIBOM used during incident response to identify every product affected by a vulnerable upstream embedding model.
● Frequently asked questions
What is AI Bill of Materials (AIBOM)?
A machine-readable inventory of every component that goes into an AI system — datasets, base models, fine-tuning data, libraries, prompts, and evaluation artifacts — used for security, compliance, and accountability. It belongs to the AI & ML Security category of cybersecurity.
What does AI Bill of Materials (AIBOM) mean?
A machine-readable inventory of every component that goes into an AI system — datasets, base models, fine-tuning data, libraries, prompts, and evaluation artifacts — used for security, compliance, and accountability.
How does AI Bill of Materials (AIBOM) work?
An AIBOM extends the SBOM concept from software to AI systems. Initiatives such as CISA's AIBOM working group, SPDX 3 AI Profile, CycloneDX ML-BOM, and the EU AI Act's technical-documentation requirements prescribe metadata: dataset provenance and licenses, base-model identifiers and versions, fine-tuning recipes, hyper-parameters, evaluation results, and known limitations. AIBOMs help organisations trace the impact of a poisoned dataset or backdoored base model, demonstrate regulatory compliance, manage AI supply-chain risk, support model recall, and feed vulnerability databases (OSV-AI, MITRE ATLAS). Mature MLSecOps programs generate AIBOMs automatically from training pipelines and store them alongside signed model artefacts.
How do you defend against AI Bill of Materials (AIBOM)?
Defences for AI Bill of Materials (AIBOM) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for AI Bill of Materials (AIBOM)?
Common alternative names include: AIBOM, ML-BOM.
● Related terms
- appsec№ 1068
Software Bill of Materials (SBOM)
A formal, machine-readable inventory of the components, libraries, and dependencies that make up a piece of software, along with their versions and relationships.
- ai-security№ 034
AI Supply Chain Risk
The set of threats arising from the third-party datasets, base models, libraries, plug-ins, and infrastructure that organisations combine to build and deploy AI systems.
- ai-security№ 691
MLSecOps
The discipline of integrating security and risk controls across the entire machine-learning lifecycle, from data sourcing through training, deployment, monitoring, and retirement.
- ai-security№ 027
AI Governance
The policies, processes, roles, and controls organisations and regulators use to ensure AI systems are developed, deployed, and operated responsibly and lawfully.
- ai-security№ 029
AI Incident Response
The set of processes, roles, and playbooks an organisation uses to detect, contain, investigate, communicate, and recover from incidents involving AI systems.
- ai-security№ 281
Data Poisoning
An attack on a machine-learning system in which adversaries inject, alter, or relabel training data so the resulting model behaves incorrectly or contains hidden backdoors.
● See also
- № 081Backdoor Attack (ML)
- № 035AI Watermarking
- № 1026Shadow AI
- № 391EU AI Act