AI methods are evolving sooner than most safety packages can observe. Fashions change, instruments multiply, and agent behaviors emerge throughout codebases and containers. That creates a easy however pressing query: what’s an AI system composed of and the way is it constructed?
The reply to that’s Cisco’s AI BOM (AI Invoice of Supplies), now out there as a part of Cisco AI Protection and as an open-source device. It offers safety and engineering groups a transparent stock of AI belongings and the context wanted to grasp how these AI belongings are orchestrated in an agentic workflow.
The AI Stock Hole
Conventional SBOM (Software program Invoice of Supplies) focuses on packages and dependencies. Then again, cloud visibility platforms present visibility into deployed infrastructure on cloud, which can embody AI belongings, corresponding to fashions, MCP instruments, brokers, and prompts. That isn’t sufficient for complete AI visibility. For instance, an AI chat app could hook up with a number of brokers, use a number of MCP instruments, and different MCP constructs and datastores like vector databases to construct a cohesive response to person queries. Organizations want deep visibility into AI-specific constructing blocks like fashions, brokers, instruments, prompts, and the workflows that hook up with them by shifting left to the supply of the AI app by scanning the code in code repositories or container photographs to supply a complete AI BOM.
With out that deep visibility, groups face AI provide chain dangers like:
- Unapproved or surprising fashions launched into manufacturing
- Shadow instruments or agent capabilities that broaden past meant scope
- AI workflows that contact delicate knowledge with out clear lineage
- Incomplete governance and audit trails for AI methods
Cisco’s AI BOM: A Differentiated Strategy
Cisco’s AI BOM is purpose-built to map the AI belongings used within the AI software. In its preliminary launch, it scans codebases and container photographs to determine AI belongings like brokers, prompts, fashions, and instruments to supply a structured report of how these AI belongings are used collectively. This lays the muse for deeper lineage and dependency evaluation.
Cisco’s AI BOM’s method facilities on three ideas:
- AI asset discovery
This focuses on AI belongings that matter to safety and governance, not simply generic dependencies. Conventional SBOMs have centered on package deal dependencies utilized in a software program product. - A curated information base
It’s powered by information base which is ceaselessly up to date with a complete categorization of all code constructs, together with greater than 10+ widespread AI and agentic frameworks like Langchain, OpenAI, AWS BedRock, Autogen, Anthropic SDK, and Google GenAI to a point out a couple of. This supplies beneficial grounding data to map AI belongings found in supply code. - AI asset dependency graph
AI BOM constructs dependency graphs that present how AI belongings are orchestrated inside an AI software. This consists of relationships between brokers, fashions, MCP instruments and prompts, primarily based on code scans.
This mixture makes AI BOM uniquely actionable. It exhibits what belongings are there, how they’re utilized by AI purposes, and the place they sit in your AI ecosystem.
Cisco’s Strategy to AI Safety
Cisco AI Protection secures the AI software lifecycle by means of a unified method spanning Discovery, Detection, and Safety.
Securing AI software lifecycle utilizing AI Protection begins with discovery which focuses on figuring out AI belongings and understanding how they’re used. AI Protection supplies AI cloud visibility throughout fashions, brokers, and related knowledge sources. AI-BOM augments this discovery by figuring out how AI purposes are constructed from supply code and container photographs, capturing visibility into AI belongings corresponding to fashions, brokers, MCP instruments, and frameworks.
Detection makes use of this asset visibility to determine danger earlier than manufacturing influence. AI Protection scans mannequin recordsdata, brokers, prompts and MCP instruments to detect malicious or unsafe AI belongings as a part of AI provide chain danger administration. It additionally runs algorithmic crimson teaming by means of AI Validation, that identifies security, safety, and privateness vulnerabilities in AI belongings and purposes.
Safety mitigates threats at runtime. With full visibility into AI belongings, AI Protection Runtime applies guardrails to manufacturing AI purposes and brokers, blocking dangerous responses and assaults in actual time to guard deployed AI purposes. Collectively, these capabilities assist groups transfer past ad-hoc audits towards constant, repeatable AI safety practices throughout the AI software lifecycle.
Get Began
Cisco’s AI BOM is an open-source, CLI-based utility out there now for early experimentation, extension and integration into developer workflows. Discover the mission, evaluation the method, and contribute to the neighborhood on the GitHub repository: https://github.com/cisco-ai-defense/aibom
