Setting our vision, strategy, and core design framework.
Project Roadmap
Phase 1:
Foundation & "Minimum Viable Community" (MVC)
Focus: Establishing the "Lighthouse" to attract contributors and sponsors.
- Infrastructure: Launch "V1" website, Slack workspace, and automated meeting minute distribution.
- Awareness Engine: Awareness Engine: Initiate the LinkedIn and YouTube "AIBOM series" for educational outreach.
- Early Utility: Publish the "Initial AIBOM Tooling List"—a curated index of existing tools that support BOM or AI visibility.
- Sponsorship V1: Define the tiered sponsorship structure and secure the first 3-5 "Anchor Sponsors."
- Conference Presence: Secure "Lightning Talk" or "BoF" (Birds of a Feather) sessions at major security and AI summits (e.g., RSA, Black Hat, OWASP AppSec).
- Timeline:
- Aug 2025 - Feb 2026
Phase 2: Specification & "Minimum Viable Standard" (MVS)
Focus: Defining the "What" and the "How" for industry adoption.
- Roadmap Refinement: Finalize workstreams (e.g., Schema, Policy, Tooling, Sector-Specific).
- The Taxonomy Map: Publish a comprehensive mapping of AI components - model weights, datasets, training environments, and inference endpoints.
- Vertical Blueprints: Release "AIBOM Use Cases" for high-stakes industries (Automotive, Defense, Healthcare, Finance) to prove practical value.
- Policy & Regulatory Bridge: Establish a formal feedback loop with global regulators (e.g., NIST, ENISA) to align AIBOM with the EU AI Act.
- Quality & Attestation: Develop guidance on "What makes a 'Good' AIBOM?" including quality checks and digital signatures.
- Timeline:
- Mar 2026 - May 2026
Phase 3: Ecosystem Coordination & Operationalization
Focus: Moving from "Paper" to "Production" through technical alignment.
- Ecosystem Alignment: Maintain a comprehensive technical index and coordinate with developers of commercial and open-source AIBOM generators to ensure spec compliance.
- Threat Intel Integration: Develop the AIBOM-to-VEX (Vulnerability Exploitability eXchange) mapping to automate "True-Positive" triage and drastically reduce alert fatigue for SOC teams.
- Interoperability Lab: Host a virtual sandbox environment where vendors and developers can test their AIBOM outputs for cross-compatibility and standard compliance.
- Automated Evidence & Compliance Orchestration: Transform AIBOM from a static manifest into a live governance asset by developing technical templates that map AIBOM metadata directly to regulatory requirements (e.g., EU AI Act, NIST RMF), providing CISOs with real-time, audit-ready compliance evidence.
- Timeline:
- Jun 2026 - Sept 2026
Phase 4:
Amplification & Global Adoption
Focus: Establishing AIBOM as the de facto international standard for AI trust.
- International Institutionalization: Transition the specification from "Community-led" to an internationally recognized standard (e.g., via ISO/IEC fast-track).
- The Global AIBOM Summit: Launch an annual flagship event to showcase enterprise success stories and release Industry Adoption Benchmarks.
- Regulatory & Procurement Alignment: Move from "engaging" regulators to being referenced in government procurement requirements (e.g., "AIBOM required for all AI vendors").
- Open Trust Framework (Self-Attestation): Release a community-driven framework for Self-Attestation, allowing organizations to publicly declare compliance without the need for a third-party certification body.
- Timeline:
- Oct 2026 Onwards
