putilov_denis - stock.adobe.com
How and why to create an AI bill of materials
AIBOMs help developers and security teams by providing a transparent view of AI system components, improving supply chain security and compliance. Use this guide to get started.
Following the generative AI boom, a new concept is emerging among cybersecurity experts and software developers alike: the AI bill of materials. This framework offers a systematic and structured method for documenting and understanding the components of AI systems.
In today's rapidly evolving IT threat landscape, software bills of materials (SBOMs) have become key to managing and securing software supply chains. As software projects grow increasingly complex -- incorporating both proprietary and vendor-supplied components -- ensuring transparency is critical for software and data security.
Similar to SBOMs, AI bills of materials (AIBOMs) enable organizations to track and understand the makeup of AI models and systems, mitigating the numerous cyberthreats that can arise from both proprietary and open source AI components. Organizations can establish a well-defined AIBOM by mastering the main elements of AIBOM documentation, along with its associated tools and frameworks.
What is an AI bill of materials?
An AIBOM is a comprehensive list detailing all elements involved in the development, training and deployment of an AI system. A typical AIBOM includes information about software, hardware, training data, training history and model performance metrics. This documentation enables observers to trace the origin and evolution of the model throughout its lifecycle.
For instance, a financial institution implementing an AI-driven fraud detection system should have an AIBOM that includes all elements used to build and train the system. Security teams can then assess potential security vulnerabilities and work to fix them before deploying the AI system into the production environment.
AIBOMs can also guide software developers working on AI integration projects. For example, consider a development team tasked with incorporating a natural language processing model into a customer service AI chatbot. An AIBOM provides a clear list of the model's software dependencies, training parameters and potential biases, facilitating more efficient integration and troubleshooting.
How AIBOMs strengthen the security of AI systems
AIBOMs offer numerous advantages when it comes to creating secure AI systems, including improved risk management, incident response, compliance, supply chain security and AI system auditing.
Risk management
AIBOMs provide a transparent view of the components used in developing an AI system, revealing dependencies and interactions among various components. With a complete list of dependencies, security teams can identify security vulnerabilities associated with each component and then address them before integration into the AI system.
Incident response
If the AI system experiences a security incident, an AIBOM helps the incident response team quickly identify affected components. This rapid identification enables more efficient remediation, which is critical in minimizing the impact of security breaches and reducing downtime. Additionally, an AIBOM can aid in identifying the root cause of the problem, supporting digital forensics investigations.
Compliance
AIBOMs help enterprises meet regulatory requirements. Many compliance regulations require a detailed list of components used in developing software systems. For example, the U.S. Food and Drug Administration requires organizations to manage the software components used in medical devices; the same principle applies to AI-powered medical devices.
Supply chain security
AI systems commonly use components and training data sets from external providers. An AIBOM significantly improves resilience to risks associated with third-party components and data sets, strengthening overall supply chain security.
AI system auditing
AIBOMs facilitate more efficient AI system security audits, as the AIBOM lists all components along with each vendor and version. This enables cybersecurity professionals to discover weak points and fix them before they are exploited by malicious actors. For example, a modern intrusion detection system (IDS) might use machine learning (ML) models to discover anomalies in network traffic. If a component in the AI-powered IDS is outdated and contains a security vulnerability, it can be easily discovered and updated before hackers exploit it.
AIBOM vs. SBOM
While SBOMs and AIBOMs are similar, SBOMs focus on software projects generally, whereas AIBOMs focus on AI systems specifically. Still, many software developers use SBOM principles as the basis for creating AIBOMs.
The concept of SBOMs emerged to address the risks associated with increased dependence on third-party software components. Many cyberattacks that result in high-profile data breaches, such as the 2019 SolarWinds hack, originate from security vulnerabilities in third-party components.
Due to these risks, generating an SBOM document is now mandatory for vendors selling software programs to the federal government, as stipulated in the Biden administration's Executive Order 14028.
Main elements of an AIBOM
A proper AIBOM should contain all hardware and software elements that constitute the AI system. This includes the following components:
- Model name and type. The name of the model and its classification, such as text generator or image classifier.
- Model version. Specific versioning, such as 1.0 or 2.3, or semantic versioning, such as v1.2.1.
- Developer name. The name of the developer or organization responsible for developing the model, including their contact information.
- License information. Details of the licenses -- e.g., Apache 2.0 or GPL 3.0 -- for the model and any components used.
- Data sets. Detailed information about the data sets used to train the ML model, including each data set's name, version, format and limitations.
- ML models and algorithms. Core algorithms, model architecture, hyperparameters and any pretrained models used.
- Software components. All software elements, including third-party libraries and frameworks; required OS and any software version needed to run the model; runtime environments; and any proprietary software needed.
- Hardware requirements. Hardware specifications necessary to run the AI system, such as server hardware and networking devices used to facilitate remote connections.
- Input and output technical specifications. Input and output data formats and API specifications for integration.
- Model parameters. Parameters such as learning rate, number of hidden layers and computational resources used.
- Usage scenarios and limitations. Various use cases, potential malicious uses of the system, system limitations and potential biases.
- Security requirements. Types of encryption used to protect model data and user information, in addition to the required access control mechanisms.
- AIBOM digital signature. Intended to ensure AIBOM's authenticity and integrity.
Tools and frameworks for generating AIBOMs
Several tools and frameworks are available for generating AIBOMs. The following are four common options:
- AI Security Research's AIBOM Visualizer. A visualization tool for the AIBOM schema, providing a graphical representation of AI system components.
- Open Web Application Security Project CycloneDX. A comprehensive SBOM standard that offers enhanced supply chain capabilities to reduce cyber-risks.
- System Package Data Exchange AI. A tool that generates a comprehensive inventory of software components and versions used in an AI system.
- IBM's AI Factsheets. A source that collects metadata and information about the model lifecycle to track ML model performance.
Nihad A. Hassan is an independent cybersecurity consultant, expert in digital forensics and cyber open source intelligence, blogger and book author. Hassan has been actively researching various areas of information security for more than 15 years and has developed numerous cybersecurity education courses and technical guides.
