Safeguard
Tag

ai-bom

Safeguard articles tagged "ai-bom" — guides, analysis, and best practices for software supply chain and application security.

38 articles

AI Security

AI Cybersecurity Glossary: Key Machine Learning & Security Terms

A defender's glossary of AI security terms — prompt injection, model poisoning, AI-BOM, adversarial ML — with dated, real-world incidents behind each one.

Jan 24, 20268 min read
AI Security

SPDX Coverage: Griffin AI vs Mythos

SPDX is the format auditors ask for, the format regulators reference, and the format most enterprise procurement teams standardize on. Griffin AI treats it as a first-class graph. Mythos-class tools treat it as a long document.

Jan 23, 20267 min read
AI Security

CycloneDX Support: Griffin AI vs Mythos

CycloneDX is not a text format to be summarized — it's a typed graph with dozens of semantically-rich fields. Griffin AI consumes it as a graph. Mythos-class tools consume it as tokens. That difference decides every downstream finding.

Jan 15, 20267 min read
AI Security

SBOM Ingestion: Griffin AI vs Mythos

A detailed comparison of how Griffin AI consumes SBOMs as structured reasoning context while Mythos-class pure-LLM tools skim them as prose — and why that architectural gap determines the quality of every downstream finding.

Jan 7, 20267 min read
Software Supply Chain Security

AI Bill of Materials (AI-BOM) for Model Supply Chains

An AI-BOM tracks every model, dataset, and dependency in your ML pipeline so a compromised base model or license issue can be traced in minutes, not weeks.

Nov 2, 20257 min read
Industry Analysis

How Snyk AI-BOM discovers agents, tools, models, and data...

How Snyk AI-BOM's static analysis engine discovers agents, tools, models, datasets, and MCP servers hiding in code, even without a manifest file.

Aug 21, 20258 min read
Industry Analysis

How Snyk AI-BOM detects MCP servers connected to an appli...

A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.

Aug 21, 20258 min read
Industry Analysis

How Snyk AI-BOM generates a CycloneDX v1.6-compliant ML-BOM

How Snyk's aibom CLI uses static analysis to detect models, agents, and MCP servers, then maps them into a CycloneDX v1.6-compliant ML-BOM structure.

Aug 21, 20257 min read
SBOM

How Snyk AI-BOM's continuous refresh model differs from a...

How Snyk's AI-BOM keeps model and dataset inventories current through continuous refresh, and why that differs mechanically from a point-in-time static SBOM export.

Aug 20, 20258 min read
Industry Analysis

How Snyk AI-BOM surfaces shadow AI usage that security te...

How Snyk's AI-BOM uses code-level analysis, not manifest parsing, to surface shadow AI models, agent frameworks, and MCP servers security teams don't know are running.

Aug 20, 20257 min read
Industry Analysis

How Snyk's AI-BOM API lets teams query AI component inven...

How Snyk's AI-BOM API exposes AI model and dataset inventories as queryable, CycloneDX-aligned data teams can pull into CI, GRC, and asset tooling programmatically.

Aug 20, 20258 min read
Open Source Security

How Snyk AI-BOM's --html flag visualizes AI dependency an...

How Snyk's snyk aibom --html flag turns CycloneDX AI-BOM data into an interactive graph of models, agents, tools, and MCP client-server-tool dependency chains.

Aug 20, 20257 min read
ai-bom (Page 3) — Safeguard Blog