MOM Call 7: Nov 25, 2025

Overview

The OWASP AIBOM Weekly Call on November 25, 2025 focused on welcoming a large group of new members, aligning workstreams around a clearer definition of “AI Bill of Materials,” and reviewing progress on the roadmap, website, prerequisites, tooling, policy, and threat intelligence workstreams. A key theme was the urgent need for a shared AI BOM definition and taxonomy to avoid fragmentation across workstreams and external efforts (SPDX, CycloneDX, G7, etc.). The group also reviewed the launch of the new website, early collaboration with banks and industry partners, the emerging “AIBOM Watchtower” concept for threat intelligence, and continued sponsorship efforts toward a 50k target.

Action Items

• Definition & Taxonomy
  • Create a focused subgroup/workstream for AI BOM definition and taxonomy, including mapping to other standards (SPDX, CycloneDX, G7, etc.).
  • Arun to schedule a dedicated alignment call in mid-December with workstream leads to prioritize the shared definition and vision.
  • Arun to reach out to Alan, Raymond, Lovely (and others interested) to participate in this taxonomy/definition effort.
• Prerequisites Workstream
  • Complete gap analysis between the current prerequisites draft and SPDX AI BOM work by end of next week.
  • Develop a more comprehensive, harmonized draft (incorporating SPDX and other projects) within ~2 weeks.
  • Circulate the draft to all workstreams for review and alignment.
• Tooling & Threat Intelligence
  • Tooling workstream to continue consolidating open-source AI BOM tooling, including discovery, model provenance, backdoor scanning, and agentic graphs.
  • Threat Intel workstream (Jitendra & Nikhil) to refine the “AIBOM Watchtower” concept and sync with tooling on data model assumptions (SPDX/CycloneDX, risk extensions, knowledge graphs).
  • Jitendra & Nikhil to connect with Victor and AI Exchange on knowledge-graph-based threat modeling (MITRE ATT&CK/DEFEND/LENS).
  • Jitendra & Nikhil to agree phase-1 timelines with Arun in the next few days.
• Policy Workstream
  • Anmol to continue building the regulation tracking list (starting with ~50 regulations and expanding toward 100+).
  • Share the policy/regulation tracking document with Alan for feedback, especially on G7 and other governmental AI BOM references.
• Website & Communications
  • Collect feedback on the new website via the Google form and Slack; incorporate improvements iteratively.
  • Ensure minutes and recordings of the bi-weekly calls and selected workstream calls continue to be posted on the website.
  • Encourage new members to join relevant workstream Slack channels and contribute to docs or comment asynchronously if they cannot attend calls.
• Collaboration & Sponsorship
  • Deepen collaboration with ASP Bank (New Zealand) and an Australian bank around AI BOM + threat intel use cases.
  • Arun to pursue additional collaborations and sponsors during Black Hat Middle East.
  • Continue discussions with the potential third sponsor and other interested Fortune 500 / large enterprises, with the goal of reaching 50k in commitments by year-end.
• Future Localization
  • Keep multilingual publication (translations of key materials) in the backlog for 2026, to be activated once core definitions and foundational documents are stable.

Outline

1. Introductions and Meeting Kickoff

• Arun opens the call, notes strong attendance and many new participants, and suggests quick introductions focusing on background, AI affiliation, and interest in AIBOM.
• Cassie – CEO and co-founder of an AI cybersecurity startup leveraging a bill of materials for zero-day/vulnerability detection; ex-Schneider Electric VP of Supply Chain Security; author of an O’Reilly book on software supply chain security.
• Alan – Originator of the ESBOM effort at NTIA; wrote the minimum elements; previously at CISA; now at the Institute for Security and Technology working on hardware BOM and consulting via TPO; interested in coordinating global AI BOM work.
• Jitendra – Heads product security, compliance, and privacy at Informatica (Austin); also runs AI governance there; interested in evolving their mature SBOM practice into AI BOM.
• Nikhil – Tech lead at Omni, a startup providing GPU data centers for AI modeling and training; works in security and interested in how AI BOM plugs into security portfolios.
• Martin – OWASP LA board member; background in traditional cybersecurity transitioning into AI security; keen to learn AI BOM and contribute.
• Lovely (Francis) – Doctoral researcher affiliated with the University of Maryland’s Trustworthy AI & Law and Society institute; focus on community input, human factors, and participation in security & governance; prior experience as a security compliance auditor (PCI DSS, FedRAMP).
• Amulya – Data scientist at an edtech company in Chicago; former cybersecurity and data science researcher at Rochester Institute of Technology; interested in AI governance direction.
• Gal – Leads research at Solar Security, a new AI-for-security startup; ex-Accenture Labs cyber R&D lead in Tel Aviv; finishing PhD on business impact of cyber risks for AI transformation; interested in AI identity and AI BOM foundations.
• Scott – Long-time information security practitioner; involved with Gentics Foundation and an AI underwriting company; ex-security architect for IBM Watson AI; previously at Veracode; has worked on AI-focused SBOM solutions; keen to clarify AI BOM vs SBOM.
• Later in the call: Deba (developer/AI expert) and Zoe (long-time OWASP member, startup co-founder) briefly introduce themselves and express interest in contributing over time.

2. Project Roadmap and Website Updates

• Arun presents the agenda: roadmap, project growth, workstream updates, collaboration, sponsorship, and open discussion.
• Project growth:
  • Number of participating companies and foundations is increasing, with expectations of further ramp-up as deliverables mature.
• Roadmap:
  • Existing timeline dates have been published for some weeks, but may shift based on workstream feedback and realistic workload.
  • Arun plans a collaboration call with all workstream leads next week to reassess deliverable timelines and expectations.
• New website:
  • A new WordPress website has been launched with hosting and development support from an India-based company (Promote Usability Designs).
  • Design goal: modern, consumable, industry-friendly presentation of AIBOM outputs and updates.
  • Minutes and recordings of bi-weekly calls and some workstream meetings are now posted on the website.
  • A Google feedback form is available for bugs, design suggestions, and feature ideas; improvements will be ongoing, not “set in stone.”

3. Workstreams Overview and New Workstreams

• Original 11 workstreams: prerequisites, formats, tooling, sponsorship, integrity & quality, policy, content, foundational best practices & operational guide, etc.
• Three newer workstreams:
  • Alliances & Collaboration – focus on industry, academia, and cross-foundation partnerships.
  • Promotion & Engagement – outreach, content, community growth.
  • Threat Intelligence – recently added (recommended by Bakul); to be led by Jitendra, focusing on attack surface and dynamic risk.
• Housekeeping:
  • Each workstream has separate calls and Slack channels.
  • New members are encouraged to contact workstream leads via Slack to join and participate.
  • Those unable to join calls can review docs/minutes and provide suggestions asynchronously.

4. Workstream Spotlight: Foundational Best Practices & Operational Guide

• Yui presents the Foundational Best Practices & Operational Guide workstream.
• Goal:
  • Produce practical, actionable reference guides targeted at different personas and stakeholders in AI and security organizations.
  • Provide step-by-step guidance that teams can take back and use immediately (e.g., “steps 1–2–3–4”).
• Scope & structure:
  • Guide will serve as an umbrella “handbook”, with cross-references to other workstreams:
    • Example: a short section describing characteristics of AI BOM tooling, with deep specifics delegated to the tooling workstream.
  • Content will cover:
    • Lifecycle of an AI BOM
    • Phases across the AI lifecycle
    • Roles and responsibilities and a RACI (who’s accountable vs responsible)
    • Templates and starter kits for organizations starting AI BOM practices
  • Future deliverables:
    • Playbook for cybersecurity practitioners focused on AI BOM.
    • Deeper material on data models and role responsibilities from source to consumption to decommissioning.
• Key alignment:
  • First section of the guide will explicitly answer:
    • “What is an AI Bill of Materials?”
    • “Why does it matter?”
  • This section will be informed by existing work across the community and will be socialized extensively.
• Call to action:
  • Workstream is currently a small team and is actively seeking additional contributors.

5. Critical Discussion: Need for Shared Definition & Taxonomy

• Alan raises a central concern:
  • Before building many deliverables, there must be a shared, well-socialized AI BOM definition that the community can point to.
  • Without this, workstreams and partners may diverge and produce conflicting outputs.
• Concerns echoed by Raymond and others:
  • Hard to talk about “best practices” when there isn’t yet a stable set of agreed practices.
  • Need to clarify whether some efforts belong under prerequisites or foundational best practices, and how those scopes interact.
  • Suggests that outputs might initially be “guidance” or “good practices”, not yet “best practices,” until there is evidence and consensus.
• Alan’s suggestions:
  • Prioritize the definitional work and get maximal feedback early.
  • Use this call and broader community as a shared venue for definition discussions.
  • Draw on prior experiences (e.g., ESBOM framing at NTIA) to map concepts and make explicit divergences from existing standards.
• Responses:
  • Yui confirms the initial chapters of the guide will focus on “what is AI BOM and why it matters”, aggregating definitions from various sources and socializing them.
  • Arun acknowledges that:
    • The project is only ~7 weeks old.
    • Deliverables will not be developed in isolation; everything must be reviewed by the community and the broader industry.
    • There is a need for a focused taxonomy/definition effort; he proposes creating a short-lived subgroup (or workstream) for this.
  • Raymond emphasizes:
    • Important that contributors know where to look for canonical definitions.
    • Too many workstreams vs number of active people risks dilution; aligning definitions is critical to avoid duplication and confusion.
• Next steps:
  • Arun commits to:
    • Scheduling a mid-December definition/taxonomy alignment session with workstream leads.
    • Creating a definition/taxonomy subgroup.
    • Looping in Alan, Raymond, Lovely and others to lead/advise on this effort.

6. Prerequisites Workstream Update

• Venkata (prerequisites lead) outlines the current focus:
  • Workstream has produced a base draft of definitions and prerequisites.
  • They are now aligning closely with SPDX AI BOM work:
    • Reviewing SPDX meeting minutes, documents, and GitHub repositories.
    • Studying existing use cases and AI profiles already defined.
  • Objective: perform a gap and inconsistency analysis to build a harmonized set of definitions.
• Planned timeline:
  • Gap analysis between internal draft and SPDX to be completed by end of next week.
  • Within two more weeks, produce a more comprehensive harmonized draft covering inputs from other workstreams and OWASP projects.
  • Then share the draft across all workstreams for review and alignment.
• Arun emphasizes:
  • Importance of cross-review: prerequisites output needs to be reviewed by all other workstreams so everyone maps their work to the same end vision.

7. Tooling Workstream Update

• Yui gives an overview of the tooling workstream:
  • Questioned whether a separate tooling workstream was necessary, but concluded there is value in coordinating tooling expectations.
• Long-term vision:
  • Develop plugins/validators that:
    • Validate formats and schemas.
    • Ensure tools comply with the underlying AI BOM structure rather than reinventing full tools.
• Near-term focus:
  • Consolidate open-source tools relevant to AI BOM into categories such as:
    • AI asset discovery (models, datasets, agents) within repos/infrastructure.
    • Model provenance tracking.
    • Vulnerability/backdoor scanning for models.
    • Agentic dependency graph construction over multi-agent systems.
  • Evaluate characteristics, not “rank” tools.
• Victor comments:
  • Highlights SPDX’s multi-dimensional knowledge graph approach versus simple dependency trees.
  • Notes ongoing work with OpenSSF and automated threat modeling using MITRE ATT&CK/DEFEND/LENS graphs.
  • Encourages considering multi-dimensional graphs for AI BOM as well.

8. Content & Website Workstream Update

• Content workstream (Anmol, Dharmesh, others):
  • Have produced YouTube shorts explaining AIBOM and the project, but further content is on hold pending sponsorship (tooling subscription).
  • Focus now is on:
    • Supporting the new website content.
    • Ensuring meeting minutes and recordings are consistently posted.
• Housekeeping reminder (reiterated):
  • Slack is the main coordination hub.
  • Meeting minutes and some workstream notes are publicly accessible via the website.
  • Newcomers can follow along via documents and contribute at their own pace.

9. Policy Workstream Update

• Anmol shares the direction of the policy workstream:
  • Starting small with a list of ~50 AI-related regulations/policies to track (with the expectation that this grows to 100+).
  • The goal is:
    • Outreach to regulators to support policy shaping.
    • Improve AI BOM literacy among policymakers and regulators.
• Challenges:
  • Running into definition issues again – different bodies may define AI BOM differently.
• Alan notes:
  • The G7 and specific governments (e.g., Italian Foreign Ministry) are already discussing AI BOM-like concepts.
  • Policy workstream should include these sources so that the OWASP AIBOM definition does not unintentionally diverge.
• Next steps:
  • The regulation tracking document will be shared with Alan for review and input.
  • Policy workstream will continue to expand and refine the list, with a focus on alignment and literacy, not just cataloging.

10. Threat Intelligence Workstream Spotlight

• Jitendra presents a high-level concept for the Threat Intelligence workstream:
  • Working name: “AIBOM Watchtower”.
• Vision:
  • Transform AI BOM from a static inventory into a dynamic defense map.
  • Use a graph-based engine layered on top of the AI BOM inventory that can:
    • Overlay dataset poisoning indicators, model reputation, and environment context (e.g., sandbox vs internet-connected deployment).
    • Capture that a model may be “safe” in one context but high-risk in another.
  • Move from passive compliance (checklists) to active defense for defenders.
• Integration with formats/standards:
  • Must respect whichever base standard is chosen (CycloneDX, SPDX, etc.).
  • Example: CycloneDX’s risk and threat context extensions could be populated using Threat Intel outputs.
• Victor adds:
  • OpenSSF + SPDX work on provenance attestations can help capture end-to-end data provenance (source → training → deployment).
  • Knowledge graphs (MITRE ATT&CK/DEFEND/LENS) enable automated threat modeling on top of AI BOM.
• Next steps:
  • Jitendra and Nikhil to:
    • Coordinate with tooling workstream on data model assumptions.
    • Sync with Victor and AI Exchange on using knowledge graphs for AI risk modeling.
    • Align on phase-1 deliverables and timelines with Arun.

11. Collaboration & Sponsorship Updates

• Collaboration:
  • ASP Bank (New Zealand) and an Australian bank are engaging with AIBOM on deeper collaboration, likely around threat intel and AI BOM use cases.
  • Arun will attend Black Hat Middle East to:
    • Raise awareness of AIBOM.
    • Seek collaborations in that region.
• Sponsorship:
  • A third sponsor (unnamed until paperwork is signed) is in active discussion.
  • Multiple Fortune 500 / large enterprises are exploring sponsorship.
  • Goal remains to reach 50k in sponsorship commitments by year-end, even if funds arrive later.
  • Sponsorship tiers (Gold/Silver) and their benefits are detailed on the website.
  • Funds will support:
    • Outreach and operations.
    • Website and infrastructure.
    • Standardization and conference participation.
    • Future translation and localization efforts.

12. Future Localization and Translations

• A reminder that once core materials (definitions, guides, playbooks) are stable, the project aims to:
  • Publish content in multiple languages, following models like the GI project.
• Not an immediate priority, but a medium-term goal once foundational outputs are ready.

13. Closing Discussion and Feedback

• New members (e.g., Deba, Zoe) share positive impressions and interest in contributing.
• Scott reiterates that defining the technology and AI BOM scope is core and should be prioritized.
• Arun:
  • Thanks everyone for frank feedback, especially around definitions and taxonomy.
  • Confirms that community feedback will drive prioritization, and that definitional work will be treated as a top-priority effort.
  • Encourages everyone to:
    • Join workstreams via Slack.
    • Comment on drafts and minutes.
    • Suggest improvements to the website and documentation.
• Meeting closes with a reminder that the next call will be in two weeks (early December), where updates on definition/taxonomy planning, prerequisites draft, and sponsorship will be revisited.