What is an AIBOM?
An AI Bill of Materials — a machine-readable inventory of every component of an AI system (models, training data, datasets, accuracy metrics). CycloneDX 1.6 is the most mature format. EU AI Act Article 11 + Annex IV documentation is functionally an AIBOM mandate.
AIBOM extends the SBOM concept to AI. CycloneDX 1.6 added the `machine-learning-model` component type with sub-fields for modelCard, datasets, performance metrics, ethical considerations. OWASP's AIBOM project (launched 2025) ships an open-source generator + validator + assessment tool against existing CycloneDX + SPDX gaps for AI use cases.
Why machine-readable matters: auditors reviewing 50+ vendors per quarter can't read 50 markdown documents. AIBOM lets them grep + diff + automate compliance review. EU AI Act enforcement starting Aug 2 2026 will accelerate this — Notified Bodies are scaling around AIBOM-formatted intake.
Securie's `crates/sbom` emits CycloneDX 1.6 AIBOM on every release alongside the standard SBOM, signed via the attestation chain.