Multiple government cyber agencies have a new resource defining the minimum elements for software bills of materials (SBOMs) for AI to strengthen the AI-supply chain.
The aim is to help public and private sector stakeholders improve transparency in their artificial intelligence (AI) systems and supply chains.
The paper, Software Bill of Materials (SBOM) for Artificial Intelligence – Minimum Elements, was published on 12 May and was written by the G7 Cybersecurity Working Group.
It builds on the shared vision of SBOMs for AI published by working group in June 2025.
The core of the approach to SBOMs for AI in the document is seven “clusters” of potential elements within those clusters that can be used by both producers and users of AI systems.
The Seven SBOM for AI Clusters
The seven SBOM for AI Clusters are as follows:
- Metadata: The metadata cluster is used to represent information related to the SBOM for AI itself, and not the individual components or sub-elements
- System Level Properties (SLP): The SLP cluster contains elements that refer to information on the AI system as a whole. This cluster also includes all software dependencies and frameworks used in the AI system as well as information about how AI system components interact and process user data
- Models: The Models cluster includes basic information for identifying the models used by the AI system, describes for each model how its weights were produced, and outlines their properties and limitations
- Dataset Properties (DP): The DP cluster provides information on datasets used during the whole life cycle of the model, including basic information that documents the identity and provenance of data
- Key Performance Indicators (KPI): The KPI cluster contains elements that refer to information on the AI system’s KPIs and its components (including AI models that are integrated in the system), focusing on their lifecycle phases
- Infrastructure: The infrastructure cluster contains physical and virtual infrastructure that is critical to proper operation and support of the AI system. If existing, it also includes a link to a Hardware Bill of Materials (HBOM), to also cover specialized AI hardware
- Security Properties (SP): The SP cluster focuses on the cybersecurity measures that apply to AI models and systems
The paper noted that, apart from the Metadata cluster, which contains information about the SBOM for AI itself, all clusters are equally important.
SBOMs Alone Not Enough
Importantly, the document states that these clusters are not mandatory and are open to further refinement.
Of the seven clusters, Allan Friedman, who led CISA’s SBOM efforts between August 2021 and July 2025, said he “liked a lot” of them. However, he commented that many of the clusters are “hard to measure or even hard to define in a specific, cross-organization fashion.”
Read more: US and 14 Allies Release Joint Guidance on Software Bill of Materials
The document also notes that an SBOM for AI by itself is “not sufficient” for increasing cybersecurity along the supply chain.
The authors argue that in order to ensure substantial protection of the AI supply chain, the SBOM for AI ought to be connected to cybersecurity tools, such as vulnerability scanning and management tools, security advisories and bulletins, and promoting development of adaptable and evolutionary tooling mechanisms.
“Eventually, an SBOM for AI will help to strengthen the security of the AI supply chain if deployed together with the right cybersecurity tools,” the paper says.
The guidance has been jointly published by Germany’s Federal Office for Information Security (BSI), Italy’s National Cybersecurity Agency (ACN), France’s National Cybersecurity Agency (ANSSI), Canada’s Communications Security Establishment (CSE), the US Cybersecurity and Infrastructure Security Agency (CISA), UK’s National Cyber Security Centre (NCSC) and Japan’s National Cybersecurity Office (NCO), in collaboration with the EU Commission.
