Shadow IT has given way to shadow AI. Enter AI-BOMs

2026-05-04 · Source: The Register: Enterprise Technology News and Analysis · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Intermediate, medium

Summary

The increasing integration of AI applications and agents into enterprise supply chains necessitates a new approach to security beyond traditional Software Bill of Materials (SBOMs). AI-BOMs (Artificial Intelligence Bill of Materials) address this by providing comprehensive visibility into AI assets, including models, datasets, SDK libraries, ML frameworks, agents, prompts, and their interconnections within workflows. This is crucial for managing "shadow AI"—unsanctioned AI tools used by employees—and ensuring compliance with regulations like the EU AI Act, which mandates documentation for high-risk systems. Cisco has open-sourced its AI-BOM tool and a new Model Provenance Kit, which uses "compare" and "scan" modes to track model lineage and verify authenticity through metadata and weight-based signifiers. This enhanced visibility is vital for protecting against threats like AI system prompt manipulation and supply chain attacks involving poisoned models or skills.

Key takeaway

For CTOs and VPs of Engineering tasked with securing AI deployments, adopting AI-BOMs and model provenance tracking is no longer optional. You must gain comprehensive visibility into all AI assets, including shadow AI, to understand and mitigate risks effectively. Implement tools like Cisco's open-source AI-BOM and Model Provenance Kit to track model lineage, verify authenticity, and detect unauthorized changes, thereby reducing exposure to supply chain attacks and regulatory non-compliance.

Key insights

AI-BOMs and model provenance tracking are essential for securing AI supply chains and mitigating risks from shadow AI and malicious attacks.

Principles

• Visibility is foundational for AI security.
• Track AI assets from development to deployment.
• Verify model lineage and authenticity.

Method

Cisco's Model Provenance Kit uses "compare" mode to assess similarity between two models and "scan" mode to match a model against a database for lineage candidates, leveraging metadata and weight-level signals.

In practice

• Implement AI-BOMs to inventory all AI components.
• Utilize model provenance tools to verify model origins.
• Monitor AI system configurations for unauthorized changes.

Topics

• AI-BOMs
• Shadow AI
• Model Provenance Kit
• AI Supply Chain Security
• Prompt Manipulation

Code references

• cisco-ai-defense/aibom
• cisco-ai-defense/model-provenance-kit

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, MLOps Engineer, AI Architect

Related on AIssential

• Seven steps to AI supply chain visibility — before a breach forces the issue — AI supply chain visibility is critical for security, but current enterprise practices and traditional SBOMs are inadequate for dynamic AI models.
• [R] shadow APIs breaking research reproducibility (arxiv 2603.01919) — Shadow APIs providing access to large language models introduce significant reproducibility and reliability risks.
• You Patched LiteLLM, But Do You Know Your AI Blast Radius? — The LiteLLM compromise reveals AI system risk extends beyond dependencies to runtime access and hidden connections.
• Building AI Security with Our Customers: 5 Lessons from Evo’s Design Partner Program — Effective AI security requires continuous visibility, tailored detection, and enforced policies for custom and agentic AI systems.
• Valid certificates, stolen accounts: how attackers broke npm's last trust signal — Automated trust signals in developer tools are broken by credential theft and design flaws, enabling widespread supply chain attacks.
• The Air-Gapped Chronicles: The Model Zoo Ambush — When Your ‘Pretrained’ AI Ships the Attack — AI supply chain attacks exploit opaque model artifacts and lack of provenance, necessitating rigorous security measures beyond traditional AppSec.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Register: Enterprise Technology News and Analysis.