Is 2026 the Year AI Bills of Materials Get Real?

Is 2026 the Year AI Bills of Materials Get Real?

Newsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsEndpoint SecurityChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsbyAlexander CulafiMay 22, 20264 Min ReadApplication SecurityGitHub Confirms Breach, 4K Internal Repos StolenGitHub Confirms Breach, 4K Internal Repos StolenbyAlexander CulafiMay 20, 20263 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyber RiskCybersecurity OperationsCybersecurity AnalyticsNews, news analysis, and commentary on the latest trends in cybersecurity technology.Is 2026 the Year AI Bills of Materials Get Real?Understanding AI BOMs and where they fit into risk management for artificial intelligence.Ericka Chickowski, Contributing WriterMay 18, 20266 Min ReadSource: Kirsty Pargeter via Alamy Stock PhotoIt's still early days for AI bills of materials (AI BOMs), but the drumbeat for their use is growing louder. The younger sibling of software bills of materials (SBOMs), AI BOMs extend the concept by taking stock of the data sets and models that traditional software inventories were never designed to capture. Regulators in Europe and the US are increasingly requiring them for high-risk AI systems, either explicitly or as part of broader SBOMs. The G7 countries recently released new guidance spelling out the minimum elements for AI BOMs. Industry groups like ISACA are also now recommending AI BOM requests as standard due diligence for technology procurement. And security leaders are starting to see that without visibility into AI components, they'll have a hard go managing their organizations' AI risk.Unfortunately, the reality right now is that practical use of AI BOMs is still largely aspirational. Related:What It'll Take to Make AI BOMs Usable in a Modern Security Program"Even just educating people on what an AI BOM is is still necessary in a lot of conversations," says Daniel Bardenstein, co-founder and CTO of Manifest Cyber. "You know, 'Why it's different from an SBOM. Why is it valuable?'"With critical AI deployments skyrocketing, this year will be pivotal for security leaders and industry influencers to start making serious progress on AI visibility and transparency. This could be AI BOM's moment. But it means security industry movers have to move beyond just wrapping their arms around the basic definitions and start crystallizing standards around what they contain and how they're documented. They'll also need to put meaningful tooling into place for both generation and consumption of AI BOMs. [Read more about what regulators and standards bodies are doing in What Will Make AI BOMs Real?]So, What Is an AI BOM?An AI BOM extends the concept of an SBOM to include the unique components that make AI systems work. Whereas an SBOM inventories code libraries and dependencies, an AI BOM documents the models, datasets, training history, licensing, and operational metadata that define an AI system's behavior and risk profile."An SBOM, in general, tells you what is inside a piece of software, and an AI BOM extends that idea to what's inside an AI system and what it depends on at runtime," says Krti Tallam, senior member of technical staff at Kamiwaza AI and contributor to the National Institute of Standards and Technology's (NIST) AI Risk Management Framework. "Because in AI, the ingredients that drive behavior are not just libraries, they're also data. They're also retrieval sources. They're also tools. They're also policies."Related:What Will Make AI BOMs Real?There's no single, universally mandated standard yet for what an AI BOM must contain, but standards and practitioner guidance from authorities like the Cybersecurity and Infrastructure Security Agency, the G7 Cybersecurity Working Group, the Open Web Application Security Project, NIST, and the Linux Foundation have begun to converge on core elements. "Under the hood, I would enumerate in a few layers," Tallam explains. "First, the model artifact itself: which model, what exact version, how was it produced? And where this gets interesting is the data lineage that has shaped it. This includes [details around] the training and the fine-tuning of data sets, such as where they come from, ownership, provenance, and the audit trail."A peer-reviewed study published in October 2025 by a cohort of experts in charge of Linux Foundation's Software Package Data Exchange (SPDX) AI BOM standard documented what practitioners actually need to transparently and safely consume AI systems. One lead data scientist interviewed anonymously for the research laid out some of the most unique elements they'd need: "What do I look for? I look for license support [and answers to questions like] which training data was used, what demographic was used, and what biases do they have? What's the reported accuracy? How did you test it?"Most frameworks also call for documenting the software dependencies the model relies on, as well as the configuration and hyperparameters used before training. In addition, they recommend documentation of the deployment context, describing where and how the model runs and human oversight records covering validation steps, approval workflows, and audit history. As agentic AI systems become more prevalent, experts like Tallam argue that AI BOMs will need to expand further to cover behavioral artifacts and governance-related artifacts, including retrieval sources, tool integrations, agent chains, and permission structures. "I think that's the direction the conversation needs to go. I think what's going to happen is an agentic BOM is going to add the execution layer," she says, explaining that this could include information about the agent's identity and what it is authorized to do.However, right now, even documenting the basics of models and data lineage remains a challenge for most AI builders and organizations that would consume AI BOMs. For example, the SPDX researchers pointed out that even foundational datasets such as ImageNet and CIFAR-10 don't fully disclose their data sources. For this reason, many advocates believe it is best to start simpler."Early drafts that attempted to capture every conceivable detail of an AI system consistently faced pushback from practitioners. Most organizations simply do not maintain information at that level of granularity, and a standard that demands it becomes impractical," they wrote. "We therefore optimized our AI BOM specification for adoption by defining a small set of readily recordable required fields and enforcing strict entry criteria. In some cases, we intentionally excluded ambitious goals to improve practicality."Why AI BOMs Matter NowUnvetted and opaque AI systems are increasingly becoming the linchpin to business infrastructure in 2026. Not only are the attackers already taking advantage of the situation, but the regulators are also beginning to wrap their arms around the risks.A recent report from Hugging Face found that this open source repository of AI models and data grew to 13 million users last year. The number of models on the site doubled to 2 million, while the number of data sets available reached 500,000. Meantime, the attack surface is growing right along with it. JFrog's "Software Supply Chain State of the Union 2025" report found a six-and-a-half times increase in malicious models identified on the platform compared to the prior year. And research published in February documented backdoored models that passed all of Hugging Face's security checks.Meantime, in August, the EU AI Act goes live, and among the requirements is better documentation for high-risk systems that either use AI to impact safety features or for risky use cases like critical infrastructure or law enforcement.These regulators have been listening to broader security leaders who have been proselytizing the most important takeaway that, without better visibility tools, including AI BOM documentation, the rapidly expanding AI supply chain will remain effectively invisible to security teams. Read more in What It'll Take to Make AI BOMs Usable in a Modern Security Program for the steps CISOs need to take. "CISOs should really emphasize the bill of materials, both AI BOMs and SBOMs for the software we build around AI," says Hasan Yasar, technical director of Rapid Fielding of High Assurance Software at the Carnegie Mellon University Software Engineering Institute. "Because at this point, we don't know what we don't know about AI. All we know is based on the code, but that is only the tip of the iceberg. We don't see what's underneath the water."About the AuthorEricka Chickowski, Contributing WriterEricka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.See more from Ericka Chickowski, Contributing WriterWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Fl