◈ AI Security Intelligence ← All terms
Defense  ·  Glossary

Software Bill of Materials (SBOM) for AI

Definition
A formal inventory that lists every software component and AI model an organisation's product or system depends on — similar to an ingredient label on a food product. For AI systems, it now extends to listing which AI models, datasets, and ML libraries are used, enabling organisations to quickly identify when a component is found to have a security flaw.
Why it matters
AI-powered products often include dozens of third-party ML libraries and pre-trained models. Without an SBOM, organisations cannot quickly answer 'are we exposed?' when a vulnerability is found in a component — a question regulators and enterprise customers are increasingly demanding they be able to answer.
Demonstrated by recent findings
OWASP Dependency-Track 5.0 Generally Available — Enterprise-Scale SBOM Platform with AI/ML Model Inventory and Supply Chain Integrity Verification
References
OWASP Dependency-Track 5.0NIST SP 800-161r1 — Cybersecurity Supply Chain Risk Management
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →