惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
V
Visual Studio Blog
P
Privacy International News Feed
月光博客
月光博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
L
Lohrmann on Cybersecurity
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
Webroot Blog
Webroot Blog
T
Threatpost
宝玉的分享
宝玉的分享
The Last Watchdog
The Last Watchdog
小众软件
小众软件
L
LINUX DO - 最新话题
C
Cisco Blogs
T
Troy Hunt's Blog
Schneier on Security
Schneier on Security
酷 壳 – CoolShell
酷 壳 – CoolShell
www.infosecurity-magazine.com
www.infosecurity-magazine.com
雷峰网
雷峰网
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Know Your Adversary
Know Your Adversary
博客园 - 叶小钗
罗磊的独立博客
V
V2EX
博客园 - Franky
P
Proofpoint News Feed
SecWiki News
SecWiki News
腾讯CDC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
PCI Perspectives
PCI Perspectives
V2EX - 技术
V2EX - 技术
Google DeepMind News
Google DeepMind News
Last Week in AI
Last Week in AI
aimingoo的专栏
aimingoo的专栏
Cisco Talos Blog
Cisco Talos Blog
N
News and Events Feed by Topic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
SegmentFault 最新的问题

OWASP Gen AI Security Project

Memory Is a Feature. It Is Also an Attack Surface Memory Is a Feature. It Is Also an Attack Surface FinBot CTF Is Live: A Hands-On Companion to the OWASP GenAI Security Project FinBot CTF Is Live: A Hands-On Companion to the OWASP GenAI Security Project OWASP GenAI Exploit Round-up Report Q1 2026 OWASP GenAI Exploit Round-up Report Q1 2026 OWASP GenAI Security Project Expands AI Security Frameworks Ahead of RSA 2026, Celebrates Continued Sponsor Support OWASP GenAI Security Project Expands AI Security Frameworks Ahead of RSA 2026, Celebrates Continued Sponsor Support Evolving AI Transparency: The Journey of the AIBOM Generator and Its New Home at OWASP OWASP Top 10 for Agentic Applications – The Benchmark for Agentic Security in the Age of Autonomous AI OWASP Top 10 for Agentic Applications – The Benchmark for Agentic Security in the Age of Autonomous AI OWASP GenAI Security Project Releases Top 10 Risks and Mitigations for Agentic AI Security OWASP GenAI Security Project Releases Top 10 Risks and Mitigations for Agentic AI Security OWASP Agentic AI Taxonomy in Action: From Theory to Tools OWASP Agentic AI Taxonomy in Action: From Theory to Tools OWASP Gen AI Incident & Exploit Round-up, Q2’25 OWASP Gen AI Incident & Exploit Round-up, Q2’25 CyberRisk Alliance and OWASP Join Forces to Advance Application Security and AI Education Across the Cyber Ecosystem CyberRisk Alliance and OWASP Join Forces to Advance Application Security and AI Education Across the Cyber Ecosystem
Evolving AI Transparency: The Journey of the AIBOM Generator and Its New Home at OWASP
Helen Oakley and Dmitry Raidman · 2025-12-19 · via OWASP Gen AI Security Project

Earlier this year, during RSAC 2025, we introduced something the industry had never seen before: an open-source tool capable of generating an AI Software Bill of Materials (AIBOM) for models on Hugging Face. That launch ignited a wave of interest across the security, AI, and software supply chain communities. It confirmed what many of us had already sensed — AI transparency was lagging behind AI adoption, and practitioners were eager for practical tools to close that gap.

Since then, the AIBOM Generator has grown far beyond an initial release. Now also listed in the CycloneDX Tool Center, it became a living reference for what AI supply chain visibility can look like, demonstrating not only what metadata matters, but how it can be extracted, structured, and assessed at scale. Today, we’re entering the next chapter of that journey.

Turning Theory into Practical Implementation

When we created the tool, the goal was simple: offer the community a way to automatically extract essential AI model metadata and produce a standards-aligned AIBOM in CycloneDX format. The generator helped teams understand:

  • What’s inside a model
  • Where it came from
  • What data, configurations, and parameters shaped it
  • How complete and trustworthy the available documentation is

This work emerged alongside early industry discussions on AIBOMs, including the published use cases from the CISA SBOM working groups’ AI SBOM Tiger Team. While those efforts described what organizations needed from AI supply chain transparency, the AIBOM Generator focused on translating those ideas into something practical and usable.

Before standards stabilized, the tool offered a tangible starting point — a way to test assumptions, explore implementation paths, and gather feedback from practitioners. And that feedback made one thing clear: the community wanted this work to live in a place where it could grow openly and collaboratively.

Why We Contributed the Tool to OWASP

As the AIBOM Generator evolved, it became clear that its evolution should be shaped by the broader AI and security community. OWASP — with its global reach, open governance, and established role in stewarding security standards — became the natural home for the next phase.

We officially contributed the AIBOM Generator to the OWASP GenAI Security Project, where it now exists as the OWASP AIBOM Generator (owasp-genai-aibom.org), aligned with initiatives such as the OWASP Top 10 for LLMs and the OWASP Agentic Application Security.

This move unlocks:

  • Open community governance
  • Transparent evolution of AIBOM field mappings and checks
  • Standards-aligned development with CycloneDX and SPDX ecosystems
  • A shared space for researchers, engineers, and security teams to collaborate

The mission remains the same — but the scale and impact can now grow.

Continuing the Work: AIBOM as an OWASP GenAI Security Project Initiative

The AIBOM Generator is now a core initiative within the OWASP GenAI Security Project, advancing practical AI supply chain transparency. Building on earlier community efforts, including the CISA SBOM AI use cases, the project focuses on improving AI-relevant field checks, strengthening completeness scoring, and enhancing automated extraction to support consistent, scalable AIBOM generation for models on Hugging Face.

Alongside this work, the team is developing the OWASP AIBOM Generation Handbook, documenting the tool, field mappings, standards alignment, and recommended practices for applying AIBOMs across governance, compliance, and incident response workflows. Together, these efforts move AIBOM from theory into repeatable, community-maintained implementation — aligned with broader OWASP GenAI outputs.

Why This Matters for AI Security Right Now

AI systems are advancing faster than traditional transparency and assurance mechanisms. AIBOMs bring structure to that accelerating landscape.

They help organizations understand the models they rely on, the risks that accompany them, and the obligations — technical or regulatory — they must meet. Whether for safety and general usage evaluations, third-party risk assessments, or post-incident investigations, AIBOMs offer a standardized way to document AI systems across diverse components and dependency chains.

Now, with the AIBOM Generator under OWASP, the path toward consistent, interoperable AI supply chain visibility is clearer than ever.

Join Us in Shaping the Future of AI Transparency

The OWASP AIBOM Generator is an on-going work with a roadmap of improvements and integration endpoints. It is a community tool, built for continuous iteration as AI evolves and new supply chain needs emerge.

We welcome contributors across:

  • AI and ML engineering
  • Software engineering
  • Security and risk management
  • Standards development
  • Policy and compliance
  • Research and academia

Your insights shape where AIBOM goes next.

👉 Explore the project & get involved:
 OWASP GenAI Security Project – AIBOM Generator Initiative (URL – tbd)
 Try the tool: owasp-genai-aibom.org