ai-bom
Safeguard articles tagged "ai-bom" — guides, analysis, and best practices for software supply chain and application security.
38 articles
AI Cybersecurity Glossary: Key Machine Learning & Security Terms
A defender's glossary of AI security terms — prompt injection, model poisoning, AI-BOM, adversarial ML — with dated, real-world incidents behind each one.
SPDX Coverage: Griffin AI vs Mythos
SPDX is the format auditors ask for, the format regulators reference, and the format most enterprise procurement teams standardize on. Griffin AI treats it as a first-class graph. Mythos-class tools treat it as a long document.
CycloneDX Support: Griffin AI vs Mythos
CycloneDX is not a text format to be summarized — it's a typed graph with dozens of semantically-rich fields. Griffin AI consumes it as a graph. Mythos-class tools consume it as tokens. That difference decides every downstream finding.
SBOM Ingestion: Griffin AI vs Mythos
A detailed comparison of how Griffin AI consumes SBOMs as structured reasoning context while Mythos-class pure-LLM tools skim them as prose — and why that architectural gap determines the quality of every downstream finding.
AI Bill of Materials (AI-BOM) for Model Supply Chains
An AI-BOM tracks every model, dataset, and dependency in your ML pipeline so a compromised base model or license issue can be traced in minutes, not weeks.
How Snyk AI-BOM discovers agents, tools, models, and data...
How Snyk AI-BOM's static analysis engine discovers agents, tools, models, datasets, and MCP servers hiding in code, even without a manifest file.
How Snyk AI-BOM detects MCP servers connected to an appli...
A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.
How Snyk AI-BOM generates a CycloneDX v1.6-compliant ML-BOM
How Snyk's aibom CLI uses static analysis to detect models, agents, and MCP servers, then maps them into a CycloneDX v1.6-compliant ML-BOM structure.
How Snyk AI-BOM's continuous refresh model differs from a...
How Snyk's AI-BOM keeps model and dataset inventories current through continuous refresh, and why that differs mechanically from a point-in-time static SBOM export.
How Snyk AI-BOM surfaces shadow AI usage that security te...
How Snyk's AI-BOM uses code-level analysis, not manifest parsing, to surface shadow AI models, agent frameworks, and MCP servers security teams don't know are running.
How Snyk's AI-BOM API lets teams query AI component inven...
How Snyk's AI-BOM API exposes AI model and dataset inventories as queryable, CycloneDX-aligned data teams can pull into CI, GRC, and asset tooling programmatically.
How Snyk AI-BOM's --html flag visualizes AI dependency an...
How Snyk's snyk aibom --html flag turns CycloneDX AI-BOM data into an interactive graph of models, agents, tools, and MCP client-server-tool dependency chains.