The rapid adoption of artificial intelligence has introduced powerful capabilities to the enterprise, but it also brings complex new risks. AI models often function as “black boxes,” making it difficult for organizations to know what data a model was trained on, what its dependencies are, and where potential vulnerabilities lie. Furthermore, the rise of “Shadow AI”—where developers adopt unmanaged AI tools, coding assistants, and models—creates a sprawling, invisible ecosystem that leaves security teams unable to govern AI usage effectively.
Without complete visibility, organizations cannot confidently manage security, build user trust, or comply with emerging regulatory frameworks like the EU AI Act.
The solution to this visibility gap is the AI Bill of Materials (AIBOM). Extending the traditional Software Bill of Materials (SBOM), an AIBOM is a structured inventory that documents the core components of an AI system, including the training datasets, the models themselves (whether open-source or proprietary), software dependencies, and the deployment environments.
To help you navigate this rapidly emerging space, we have compiled the first tranche of AIBOM generators, standards, and AI security platforms.
Find the list to the AIBOM Tools and Standards consolidation (WIP) where the tools are consolidated.
The First Tranche of AIBOM Tools & Standards
| Tool/Platform Name | Type | Description | Key Capabilities |
| SPDX 3.0.1 (AI Profiles) |
Open Standard | SPDX extends the widely used SBOM specification to support AI systems. The AI profile enables structured documentation of datasets, models, training environments, and dependencies, allowing organizations to represent AI supply chains in a standardized, machine-readable format. | Standardized BOM schema for AI assets; representation of models, datasets, and pipelines; interoperability with SBOM tooling; integration with DevSecOps pipelines for AI transparency. |
| CycloneDX AI/ML BOM | Open Standard | CycloneDX extension of SBOM framework to support Machine Learning, allows structured representation of AI artifacts and dependencies, enabling organizations to document and analyze AI system components throughout the lifecycle. | Representation of models and datasets; dependency tracking; integration with security tooling; machine-readable BOM format for AI supply chains. |
| AIBoMGen | Open-source | AIBoMGen is a research platform that automatically generates AI Bills of Materials during the model training process. It captures metadata about datasets, models, and training environments and can produce verifiable AIBOM records using hashing and signing mechanisms for provenance tracking. | Captures datasets, model metadata, and environment details; performs cryptographic hashing and digital signatures; provenance tracking of AI Assets |
| Manifest | Commercial | Manifest provides enterprise visibility into AI assets across development and deployment environments. The platform enables organizations to inventory AI models, datasets, and pipelines while integrating AI supply chain transparency. | Discovers AI assets; documents datasets, models, and dependencies; integrates AIBOMs into compliance, security, and vendor risk workflows. |
| Mend AI | Commercial | An AppSec platform extension that helps discover, monitor, and report on AI models and technologies integrated into applications. | Discovers Shadow AI components; assesses Hugging Face Unsafe Models; runs behavioral risk (red-teaming) tests via probes like jailbreaks and data exfiltration. |
| Noma AI Security | Commercial | Noma Security provides enterprise security for AI systems by discovering and monitoring AI assets across development and production environments. The platform helps organizations identify risks in models, datasets, and AI pipelines. | Provides discovery; conducts supply chain scanning of agent toolsets and MCP servers; enforces excessive agency controls; performs runtime protection. |
| OWASP AIBOM Generator | Open-source | The OWASP AIBOM Generator helps organizations create structured documentation of AI system components for projects on HuggingFace. It simplifies the process of documenting AI assets and dependencies for governance and transparency. | Structured AIBOM documentation; capture of datasets, models, and dependencies; templates for AI system inventories; support for AI governance workflows. |
| Snyk | Commercial | Snyk is a developer security platform focused on identifying vulnerabilities in open-source dependencies and development pipelines. In AI environments, it helps track risks associated with machine learning libraries and frameworks used in model development. | Open-source dependency analysis; vulnerability scanning for ML frameworks; supply chain security monitoring; policy enforcement in DevSecOps pipelines. |
| Wiz | Commercial | Wiz provides cloud-native security and asset discovery across infrastructure and workloads. In AI environments, it enables visibility into deployed models, training environments, and data services within cloud platforms. | Cloud AI asset discovery; infrastructure risk analysis; misconfiguration detection; visibility into AI workloads and environments. |
| Cisco AI Defense – AIBOM Tool | Open-source | Cisco’s open-source AI BOM tool generates an AI Bill of Materials by scanning source code repositories and container images to identify AI components used in applications. It inventories models, frameworks, agents, prompts, and other AI artifacts, helping organizations understand the composition and provenance of their AI stack and supporting secure AI supply-chain management. | AI component discovery from repositories; inventory of models, prompts, agents, and frameworks; repository and container scanning; AI asset provenance and dependency mapping. |
Call for Community Submissions
This list represents just the first tranche of AIBOM tooling. As the AI security landscape evolves, we know that new open-source projects, commercial platforms, and operational standards are being developed every day.
We want to build a comprehensive, community-driven repository of AIBOM solutions. We are officially soliciting input from the community to submit additional tools, platforms, or frameworks that help generate, manage, or operationalize AI Bills of Materials.
Is your tool missing from this list? Please submit your AIBOM tooling suggestions using our community submission form: Submit an AIBOM Tool Here
