Software bill of materials (SBOM) for artificial intelligence

As part of the G7 Cybersecurity Working Group, ANSSI congratulates ACN and BSI on negotiating and adopting the minimum requirements for an AI SBOM.

This document provides stakeholders in the public and private sectors with concrete guidelines on what can reasonably be expected from a Software Bill of Materials (SBOM) for AI, as well as on ways to improve transparency and cybersecurity throughout the AI supply chain.

This document is likely to be adapted to account for rapid developments in artificial intelligence.

What is an SBOM (Software Bill of Materials) ?

A software bill of materials specifically designed for AI systems (SBOM for AI) improves the transparency and traceability of an AI system, reducing response times to vulnerabilities and security breaches.

This bill of materials takes the form of a mapping of the AI supply chain, the components deployed and their dependencies within an AI system. It thus creates transparency and, when combined with the right tools, effectively ensures the cybersecurity of an AI system.