The AI Bill of Materials: Standardized AIBOM Formats Emerging in 2026

What an AIBOM Is

A Software Bill of Materials (SBOM) lists the components in a piece of software so consumers can audit dependencies and respond to vulnerabilities. An AI Bill of Materials (AIBOM) does the same for AI systems: models, training data, prompts, tools, fine-tunes, and the relationships between them.

By 2026, AIBOM is the standard request from regulators and enterprise procurement when AI is part of a product. Two competing formats lead: CycloneDX-AI (OWASP) and SPDX-AI (Linux Foundation). This piece compares them and walks through what an AIBOM should capture.

What an AIBOM Captures

flowchart TB
    AIBOM[AIBOM] --> M[Models]
    AIBOM --> D[Datasets]
    AIBOM --> P[Prompts / templates]
    AIBOM --> T[Tools / MCP servers]
    AIBOM --> Pipe[Training pipeline]
    AIBOM --> Eval[Evaluation results]
    AIBOM --> Lic[Licenses + provenance]
    AIBOM --> Sec[Security attestations]

The unique-to-AI elements:

• Model lineage (was this model fine-tuned from another? on what data?)
• Dataset provenance and licensing
• Performance and safety evaluation pointers
• Known limitations and failure modes

The shared-with-software elements (libraries, dependencies, SBOM data) usually get folded in via a regular SBOM that the AIBOM references.

CycloneDX-AI

CycloneDX is the OWASP-stewarded SBOM format. CycloneDX-AI extends it with AI-specific component types: machine-learning-model, dataset, prompt, etc. The format is JSON or XML.

• Strengths: extends a widely-deployed SBOM format; tooling shares CycloneDX ecosystem
• Weaknesses: less explicit about training-pipeline relationships
• Adoption: leading among OWASP-influenced security teams

SPDX-AI

SPDX is the Linux Foundation's SBOM format. The "AI Profile" extends SPDX 3.0 with AI-specific concepts. The format is JSON, RDF, or other supported encodings.

• Strengths: deep license-management heritage, formal data model
• Weaknesses: heavier abstraction; tooling smaller in 2026
• Adoption: leading among open-source projects and license-focused organizations

Choosing Between Them

flowchart TD
    Q1{Already on CycloneDX<br/>for SBOMs?} -->|Yes| CDXa[CycloneDX-AI]
    Q1 -->|No| Q2{Already on SPDX<br/>for SBOMs?}
    Q2 -->|Yes| SPDXa[SPDX-AI]
    Q2 -->|No| Q3{License management<br/>top concern?}
    Q3 -->|Yes| SPDXb[SPDX-AI]
    Q3 -->|No| CDXb[CycloneDX-AI]

For most teams, the right answer is "the one you already use for software SBOMs." Mixing formats is more painful than picking either.

A Sample AIBOM Entry

A simplified CycloneDX-AI fragment for a fine-tuned model:

{
  "type": "machine-learning-model",
  "name": "callsphere-medical-intent-classifier",
  "version": "2.3.1",
  "supplier": "CallSphere LLC",
  "modelCard": "https://callsphere.tech/models/intent-classifier/v2.3.1",
  "components": [
    {
      "type": "machine-learning-model",
      "name": "Llama-3-8B-Instruct",
      "version": "v3",
      "relationship": "base-model",
      "license": "Llama 3 Community License"
    },
    {
      "type": "dataset",
      "name": "internal-medical-intent-v2",
      "license": "proprietary",
      "modificationsFromTraining": "deduplicated, PHI-redacted"
    }
  ]
}

Generating an AIBOM

In 2026 several tools generate AIBOMs:

• MLflow + CycloneDX plugin: emits AIBOM from MLflow runs
• DVC: data and model versioning, exports to AIBOM
• Hugging Face Hub: emits AIBOM-shaped metadata for hosted models
• Vendor tools: Anthropic, OpenAI, and major MLOps platforms emit AIBOM-shaped artifacts

For a custom pipeline, the right pattern is to emit AIBOM from your training and deployment pipelines automatically, not by hand. Hand-written AIBOMs go stale immediately.

What Regulators Want

Regulators reading an AIBOM in 2026 typically check:

• Are all training data sources accounted for?
• Are licenses compatible with the deployed product?
• Are evaluation results linked and current?
• Are known limitations disclosed?
• Is the lineage clear (which models built which models)?

A clean AIBOM substitutes for a lot of separate documentation in compliance reviews.

What Procurement Wants

Enterprise procurement teams in 2026 are increasingly requesting AIBOMs in RFPs. The questions they ask:

• What models are in the system?
• Where do they come from? Are they updateable?
• What datasets touched the model? Is any of our data in them?
• What is your update cadence and deprecation policy?
• What are the known failure modes?

Sources

• CycloneDX AIBOM specification — https://cyclonedx.org/capabilities/mlbom
• SPDX AI Profile — https://spdx.dev
• "AIBOM use cases" CISA — https://www.cisa.gov
• OWASP AI Exchange — https://owaspai.org
• Linux Foundation SBOM resources — https://www.linuxfoundation.org/projects/sbom