OWASP AIBOM
It’s becoming increasingly clear that we will need an AI Bill of Materials (AIBOM). Just as with a Software Bill of Materials (SBOM), there are potentially important questions when we use an AI model, which we’re not set up to answer meaningfully. As organizations increasingly rely on AI to make decisions and automate processes, it becomes essential to understand how these models are built, including the datasets used, the data lineage, and the methodologies applied. This initiative on AIBOM (MLBOM) aims to provide this visibility, ensuring that AI systems are auditable and traceable, which helps mitigate risks such as bias, data integrity issues, and unintended consequences. Furthermore, as regulatory scrutiny of AI increases, AIBOM is a foundational tool to demonstrate compliance and foster stakeholder trust. The initiative will ensure alignment and collaboration with OWASP CycloneDX, OWASP AI Exchange, etc. Collaboration with CycloneDX will be essential to defining the format and attributes of the AIBOM structure, and collaboration with AIExchange will be necessary for an organization to adopt the AIBOM.
Road Map
- AIBOM Operationalizing Guide and Best Practices Guide Objective: To create a comprehensive guide detailing the operationalization of AIBOM and its best practices for secure and trusted generative AI systems.
Target Audience:
Regulators CISOs Chief AI Officers or CTOs and Governance CxOs Developers Gen AI Security Architects LLMOps Security Engineers Timeline:
Review Dates: August 2025, September 2025 Publication Date: October 2025
- AIBOM Format Review Objective: To conduct a detailed review of the AIBOM format ensuring alignment with industry standards and regulatory requirements, focusing on the security, safety, and trust aspects.
Target Audience:
Regulators CISOs Chief AI Officers or CTOs and Governance CxOs Developers Gen AI Security Architects LLMOps Security Engineers Timeline:
Review Dates: August 2025, September 2025 Publication Date: October 2025
- AIBOM Tooling Objective: To develop and review tools that support the implementation and usage of AIBOM for ensuring the security, safety, and trustworthiness of generative AI systems.
Target Audience:
Regulators CISOs Chief AI Officers or CTOs and Governance CxOs Developers Gen AI Security Architects LLMOps Security Engineers Timeline:
Review Dates: August 2025, September 2025 Publication Date: October 2025
- AIBOM Funding Objective: To secure funding for the AIBOM project through strategic partnerships and discussions with companies, ensuring sufficient financial support for development and implementation.
Target Audience:
AIBOM Core Team Timeline:
Discussions with Companies: April 2025 Fundraising Kick-off: June 2025
- AIBOM Promotion and Awareness Objective: To promote and raise awareness of AIBOM, ensuring readiness to showcase the project at conferences and industry events.
Target Audience:
AIBOM Core Team Timeline:
Ready for Conference Applications: February 2025
Example
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.