Safeguard
Tag

ml-bom

Safeguard articles tagged "ml-bom" — guides, analysis, and best practices for software supply chain and application security.

13 articles

AI Security

Securing LLM and Model Supply Chains

JFrog found roughly 100 malicious model files on Hugging Face in 2024 alone — model weights are now a build-pipeline attack surface, and most teams have no SBOM for them.

Jul 8, 20266 min read
AI Security

AI Supply Chain Security: Securing Models and Datasets

Your AI supply chain is not just your npm dependencies anymore. It is the models you download, the weights you load, and the datasets you train on — and each is an attack surface most software security programs have never inventoried.

Jul 6, 20265 min read
FAQ

AIBOM (AI Bill of Materials): Frequently Asked Questions

A practical FAQ on AI bills of materials in 2026 — what an AIBOM captures, how it extends SBOMs to models and datasets, model provenance risks, formats, and governance drivers.

Jul 3, 20266 min read
Buyer's Guides

Best AIBOM Tools in 2026: AI Bill of Materials Platforms Compared

An honest, technical guide to the best AIBOM tools in 2026 — from the open-source OWASP AIBOM Generator to AI-BOM features in Snyk, Wiz, Mend, JFrog, and Manifest Cyber — with clear guidance on what an AI bill of materials should actually capture.

Jun 13, 20268 min read
SBOM & Compliance

CycloneDX 1.7 New Features Reviewed

CycloneDX 1.7 brings richer ML-BOM, better attestations, and VEX tightening. A practical review of what changed and what it means for your SBOM pipeline.

Apr 5, 20266 min read
AI Security

AI-BOM and ML-BOM: The State of Standards in 2026

Where AI-BOM and ML-BOM specifications stand in 2026, which formats have real adoption, and what to capture today even if the standards are still in motion.

Mar 18, 20265 min read
AI Security

AI Bill of Materials (ML-BOM) Standards in 2026

A senior engineer's survey of AI-BOM and ML-BOM standards in 2026, from CycloneDX ML components to SPDX 3.0 AI profile, and what to actually ship.

Mar 18, 20267 min read
Software Supply Chain Security

AI BOM Spec Comparison: CycloneDX ML-BOM in 2026

AI bills of materials moved from proposal to procurement requirement. A practical comparison of CycloneDX ML-BOM, SPDX 3.0 AI profile, and what to ship in 2026.

Jan 29, 20266 min read
AI Security

CycloneDX ML-BOM in 1.7: Implementation Guide

CycloneDX 1.7 was published in October 2025 and adopted by the General Assembly in December. We unpack what the ML-BOM capability means in practice for AI inventory.

Jan 15, 20267 min read
AI Security

What an AI Bill of Materials is and why enterprises need one

An AI bill of materials (AIBOM) inventories the models, data, and dependencies behind an AI system. Here's what it is and why enterprises need one.

Dec 15, 20257 min read
Software Supply Chain Security

AI Bill of Materials (AI-BOM) for Model Supply Chains

An AI-BOM tracks every model, dataset, and dependency in your ML pipeline so a compromised base model or license issue can be traced in minutes, not weeks.

Nov 2, 20257 min read
Industry Analysis

How Snyk AI-BOM generates a CycloneDX v1.6-compliant ML-BOM

How Snyk's aibom CLI uses static analysis to detect models, agents, and MCP servers, then maps them into a CycloneDX v1.6-compliant ML-BOM structure.

Aug 21, 20257 min read
ml-bom — Safeguard Blog