Beyond SBOMs: Industry Pushes for AI-BOMs to Secure Shadow AI Assets
Security researchers are promoting the adoption of AI Bills of Materials (AI-BOMs) and model provenance tools to combat the risks posed by "shadow AI" and opaque supply chains in enterprise environments.
As organizations increasingly integrate artificial intelligence into their enterprise workflows, traditional Software Bills of Materials (SBOMs) are proving insufficient for securing modern environments. To address this, security experts are advocating for the adoption of AI Bills of Materials (AI-BOMs), which provide visibility into the complex ecosystem of models, datasets, and agentic tools that often operate outside of official IT oversight The Register.
The rise of "shadow AI"—unsanctioned AI tools, chatbots, and "vibe coding" platforms deployed by employees—has created significant security blind spots. According to Ian Swanson, VP of AI security at Palo Alto Networks, organizations often lack visibility into the "recipe" of their AI applications, including the underlying ingredients and their origins. An AI-BOM aims to map these components, including SDK libraries, Model Context Protocol (MCP) servers, and specific agentic skills, to understand how they interact with sensitive corporate data and workflows The Register.
Cisco has taken a proactive role in this space by open-sourcing its own AI-BOM tool, which allows organizations to scan codebases, container images, and cloud environments to inventory their AI assets. Amy Chang, Cisco’s head of AI threat intelligence and security research, emphasizes that identifying these assets is the critical first step in establishing a baseline for AI security and risk management The Register.
To further enhance security, Cisco recently released an open-source "Model Provenance Kit," described as a "DNA test" for AI models. This tool operates in two modes: "compare," which evaluates the similarity between two models, and "scan," which matches a model against a database to determine its lineage. The kit currently includes a fingerprint database covering approximately 150 base models across more than 45 families and over 20 publishers, helping organizations verify that their deployed models are authorized and aligned with their risk tolerance The Register.
The provenance tool performs two primary checks: analyzing metadata to identify relationships between base and fine-tuned models—such as identifying if a model is derived from Meta Llama 4 or Alibaba Qwen3—and examining weight-based signifiers. This dual-layered approach provides a repeatable method for attesting to the integrity of customer-facing AI applications The Register.
The push for AI-BOMs and provenance tracking reflects a broader industry shift toward treating AI components with the same rigor as traditional software supply chains. As enterprises continue to adopt diverse and sometimes opaque AI technologies, the ability to verify the origin and composition of these tools will likely become a standard requirement for maintaining secure and compliant operations The Register.