CISA AI Software Bill of Materials (AI SBOM)

A G7-consensus framework establishing the minimum elements an AI System Bill of Materials must document: model versions, training data provenance, fine-tuning procedures, and dependencies on third-party LLM APIs or models. An AI SBOM enables supply-chain transparency and risk assessment at a standardized level.

Without transparency into what goes into an AI system, you cannot audit its risks or trace compromises. The AI SBOM standard—backed by CISA and the G7—creates accountability for AI builders and visibility for AI buyers, reducing the risk of poisoned or untrustworthy models entering your infrastructure.