AI Bill of Materials (AIBOM)

A structured inventory of every component that contributes to an AI system: the foundation model and version, training-data sources, fine-tuning data, retrieval indexes, tool integrations, prompt templates, evaluation sets, and the human reviewers in the loop. AIBOM extends the Software Bill of Materials (SBOM) concept to AI deployments where the supply chain includes model weights and training data, not just code dependencies.

AIBOM is the disclosure primitive most enterprises will need by 2027 and most don't have today. EU AI Act Article 11 technical documentation overlaps materially with AIBOM scope; the Cyber Resilience Act amplifies the SBOM expectation; insurance underwriters are starting to ask for it during agent-mode policy renewals. The practical first version is a YAML or JSON manifest stored alongside the deployment configuration, listing each component with version, license, residency, and the verification evidence behind each line.

Related frameworks

• GAUGE →

Articles that analyse this term

• AI Bill of Materials in 2026: when AI-BOM becomes a procurement requirement
• Agentic-AI vendor contracts: the six gotchas in 2026 enterprise MSAs that procurement teams routinely miss
• EU AI Act Article 12 audit-evidence template for agentic AI

Primary sources

• CISA. Software Bill of Materials (SBOM) guidance
• European Union. Cyber Resilience Act