AI Bill of Materials (AI-BOM) | AI Security Glossary

An AI Bill of Materials (AI-BOM) is a structured inventory of every AI component that ships with a product. It is the AI-specific cousin of the Software Bill of Materials (SBOM) mandated under US Executive Order 14028 and increasingly required under EU regulation.

An AI-BOM typically lists: foundation models (provider, version, license, training-data disclosure), fine-tuned and self-hosted models (parent model, fine-tuning corpus, deployment endpoint), embedding models, system prompts and prompt templates, RAG corpora (source, retention, last refreshed), vector stores (engine, region, tenant namespace), agents and MCP servers (tool catalogue, authorisation scopes), and runtime gateway policy bundles.

AI-SPM platforms produce the AI-BOM as a byproduct of asset inventory. Regulators in EU AI Act Annex IV technical documentation review increasingly ask for it.

Related terms

Other entries in this neighbourhood.

AI Security Posture Management (AI-SPM) Continuous discipline that discovers, assesses, secures, and proves the compliance posture of AI systems including LLM apps, agents, MCP servers, RAG pipelines, and vector databases. MCP Server (Model Context Protocol) A server that exposes tools and resources to AI agents via the Model Context Protocol open standard; the tool surface is the security boundary. Retrieval-Augmented Generation (RAG) An LLM pattern where the prompt is augmented with documents retrieved from a vector store at query time; the retriever and the corpus are the new attack surfaces.

Primary sources

Where to read the canonical definition.

EU AI Act Annex IV (Technical documentation) open →

See AI Bill of Materials (AI-BOM) in production.

The Penaxtra platform implements the controls and assessments described above as part of its AI-SPM programme.

AI-SPM platform overview →