Overview
The OWASP AIBOM Weekly Call #13 focused on continued expansion of the project through community growth, new contributor onboarding, and increased collaboration across industry and academia. Key discussions included Phase 2 initiatives aimed at industry adoption, the consolidation of AI BOM tooling into a centralized index, and progress on the AI BOM 101 guide. The call also highlighted sponsorship developments, including confirmation of a new Silver Sponsor (Kesi/Codacy) and continued engagement with Manifest Cyber. A major technical discussion emphasized the importance of modeling agentic AI systems as interconnected ecosystems rather than isolated models, reinforcing the need for full-stack visibility in AI risk analysis.
Action Items
Tooling & Ecosystem
- Submit additional tools to the AI BOM tools index via the Google Form
- Review and validate the consolidated tooling list for community use
- Continue building a centralized repository of AI BOM tools and standards
Content & Documentation
- Contribute as authors to the AI BOM 101 guide (sections still open)
- Submit blog ideas and draft content for publication on the website
- Expand content strategy to include blogs, videos, and social media
Community & Engagement
- Join Slack channels and participate in relevant workstreams
- Share resources, tools, and research contributions with the community
- Increase engagement through blog contributions and discussions
Sponsorships & Partnerships
- Support onboarding of new sponsor (Kesi/Codacy)
- Prepare for Manifest Cyber platform presentation in upcoming call
- Identify and connect potential sponsors to the project
- Strengthen academic collaborations with universities (UMD, GWU, Drexel, and others)
Research & Collaboration
- Contribute to cross-foundation collaboration efforts (e.g., SPDX, Linux Foundation)
- Participate in discussions around AI BOM inventory and ecosystem standardization
- Engage with academia for bidirectional research collaboration
Outline
Welcome and Introductions
- Kickoff of OWASP AIBOM Call #13
- Reminder of recorded sessions and Slack community
- Introduction of new members from AI governance, compliance, and engineering backgrounds
Community Growth & Metrics
- 225 LinkedIn followers
- 125 Slack members
- 18 active contributors
- 4 sponsors
Phase 2 Roadmap (March–May)
- Focus on industry adoption and practical implementation
- Public review of AI BOM tooling consolidation
- Development of AI BOM 101 guide
- Expansion of community engagement through blogs and content
Tooling & Index
- Consolidated index of AI BOM tools (open-source + proprietary)
- Community encouraged to submit additional tools via Google Form
- Goal: create a centralized reference for organizations and practitioners
Sponsorships & Collaborations
- Confirmation of new Silver Sponsor: Kesi (Codacy), formal announcement pending
- Continued engagement with Manifest Cyber as an existing sponsor
- Additional sponsors in pipeline
- Collaboration efforts with:
- University of Maryland
- George Washington University
- Drexel University
- European academic partners
- Submissions planned for Black Hat and DEF CON
Workstreams Overview
- Nine active workstreams including:
- Foundations
- Threat Intelligence
- Policy
- Content
- Alliances
- Workstreams operate via dedicated Slack channels and separate meeting cadences
AI BOM 101 Guide
- Identified as a key deliverable for 2026
- Draft table of contents created
- Open call for contributors and authors
- Intended as a foundational guide for AI BOM adoption
Policy & Threat Intelligence
- Initial focus on regulatory frameworks (e.g., EU AI Act)
- Development of threat intelligence taxonomy aligned with AI vulnerabilities
- Dependencies between foundational definitions and threat intelligence workstreams
Agentic Systems & Risk Discussion
- Strong emphasis on moving beyond static model analysis
- AI BOM must represent:
- Interactions between sub-agents
- Tool and system dependencies
- Cloud infrastructure and deployment context
- Permission and authentication models
- Consensus: analyzing AI models in isolation is insufficient for risk assessment
Collaboration & Ecosystem Expansion
- Push toward cross-industry and cross-foundation collaboration
- Exploration of a shared AI BOM inventory across organizations
- Recognition of challenges in sharing proprietary AI BOM data at scale
Closing Remarks
- Encouragement to contribute to tooling, content, and sponsorship efforts
- Continued discussions to take place in Slack and workstreams
- Next call scheduled in two weeks
