AI-BOMs Replace SBOMs As Way To Track AI Agents And Bots
The Register, Monday, May 4th, 2026
Organizations are adopting AI-BOMs to provide visibility into AI assets, models, and agents as traditional SBOMs no longer capture the full AI infrastructure landscape.
As enterprises increasingly integrate AI applications and agents into their operations, traditional Software Bills of Materials (SBOMs) are proving insufficient for comprehensive inventory tracking. AI-BOMs extend visibility to include AI models, datasets, frameworks, agents, prompts, and their interactions, while also addressing "shadow AI" risks from unsanctioned tools.
Major tech companies like Cisco and Google are releasing open-source AI-BOM tools alongside model provenance tracking solutions to help organizations understand and secure their AI supply chains.
The visibility provided by AI-BOMs enables faster detection of attacks, such as system prompt manipulation and model poisoning, while helping organizations comply with regulations like the EU's AI Act that mandate documentation of AI systems and their training methodologies.