{"id":2128,"date":"2025-08-06T03:52:00","date_gmt":"2025-08-06T03:52:00","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/08\/06\/bhusa-experts-urge-greater-ai-supply-chain-transparency-as-genai-adoption-surges\/"},"modified":"2025-08-06T03:52:00","modified_gmt":"2025-08-06T03:52:00","slug":"bhusa-experts-urge-greater-ai-supply-chain-transparency-as-genai-adoption-surges","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/08\/06\/bhusa-experts-urge-greater-ai-supply-chain-transparency-as-genai-adoption-surges\/","title":{"rendered":"#BHUSA: Experts Urge Greater AI Supply Chain Transparency as GenAI Adoption Surges"},"content":{"rendered":"<div id=\"layout-7cc56b8f-2901-4424-be9e-ed7a33bc1648\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Experts have called for greater transparency in AI supply chains as generative AI (GenAI) adoption continues to grow, bringing with it more security and data privacy compliance challenges for enterprises.<\/p>\n<p>One proposed solution gaining traction is the AI Bill of Materials (AIBOM), a framework designed to document the components, data sources and training methodologies behind AI systems to mitigate risks and improve accountability.<\/p>\n<p>The concept builds on Software Bills of Materials (SBOMs), which are structured, machine-readable inventories listing all components, libraries and dependencies used in a software application to enhance transparency and security.<\/p>\n<h2><strong>Growing SBOM Adoption Amid Persistent Challenges<\/strong><\/h2>\n<p>During the Software Supply Chain Security Summit hosted by Lineaje, a pre-Black Hat event held on August 5 in Las Vegas, Nick Mistry, CISO at the software supply chain security company, highlighted that the rise of SBOM adoption by security teams has increased software transparency.<\/p>\n<p>He argued this transparency is a critical first step to better secure both open-source and proprietary software that organizations depend on.<\/p>\n<p>According to an Enterprise Strategy Group (ESG) study, approximately 22% of organizations are currently using an SBOM and 4% are planning to do so in the future.<\/p>\n<p>While this number can seem relatively low, Melinda Marks, a practice director of cybersecurity at ESG, stated that it is growing \u2013 in part thanks to the adoption of common SBOM formats, such as Software Package Data Exchange (SPDX), introduced by the Linux Foundation, and CycloneDX, proposed by the OWASP Foundation.<\/p>\n<p>\u201cHowever, 79% of respondents still find it challenging to generate an SBOM, notably because a variety of tools can be used to do so, including software supply chain security solutions, SCAs, CSP features, application security solutions, dedicated SBOM tools or even manual processes,\u201d she said during the Software Supply Chain Security Summit.<\/p>\n<h2><strong>AI BOMs Already on The Global Agenda <\/strong><\/h2>\n<p>The concept of the AI BOM has already reached the desks of the highest-level world leaders, according to Allan Friedman, a pioneer and one of the most vocal advocates of SBOMs.<\/p>\n<p>Friedman, who left his role as senior advisor and strategist at the US Cybersecurity and Infrastructure Agency (CISA) in July, explained that the G7 Cybersecurity Working Group agreed in May to develop a joint vision focused on AI security, including the creation of AIBOMs, by their second meeting later in 2025.<\/p>\n<p>\u201cThe G7 is made up of diplomats representing the seven richest countries on the planet. Now, I love my friends who work at the State Department, but I&#8217;m not going to be leaning on them for the future of critical infrastructure security, the national security concerns and the defense against nation-state attacks,\u201d Friedman noted.<\/p>\n<p>\u201cSo, this is an area we, [cybersecurity professionals,] are going to need to be a little more explicit about how we&#8217;re going to build it and how we&#8217;re going to build it collaboratively,\u201d he added.<\/p>\n<p>Overall, he agreed that where software has benefitted from transparency, AI would also benefit because \u201cAI is software\u201d.<\/p>\n<p>\u201cThe challenge we have is that transparency needs to be semantically relevant to whoever is looking at it. My concern about AI BOMs is that we\u2019re going to implement it before we know what it is,\u201d he added.<\/p>\n<h2><strong>AI BOM Standardization Efforts <\/strong><\/h2>\n<p>Several cybersecurity organizations have started working to standardize AI BOMs.<\/p>\n<p>Some, like Sajeeb Lohani, global TISO and senior director of cybersecurity at Bugcrowd, think AI software dependencies should be included in SBOMs rather than in standalone AI BOMs.<\/p>\n<p>The Linux Foundation, for instance, has published a report explaining how to implement AI BOMs with its latest SBOM format, SPDX 3.0.<\/p>\n<p>Similarly, In July, Allan Friedman\u2019s former employer, CISA, introduced an AI SBOM working group, which has built a community-driven resource on GitHub to help organizations apply SBOM practices to AI systems.<\/p>\n<p>Helen Oakley, one of the founders of the working group, also authored a paper for the US National Institute of Standards and Technology (NIST) in September 2024, titled <em>\u201cSecuring AI Ecosystems: The Critical Role of AI Bills of Materials (AIBOM) in Mitigating Software Supply Chain Risks.\u201d<\/em><\/p>\n<p>Others are still investigating how to best standardize AI BOMs, such as the OWASP Foundation, which has created its own AI BOM working group and is looking to release the \u201cAI BOM Operationalizing Guide and Best Practices Guide Objective,\u201d comprehensive guide detailing the operationalization of AIBOM and its best practices for secure and trusted generative AI systems, in October 2025.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Experts have called for greater transparency in AI supply chains as generative AI (GenAI) adoption continues to grow, bringing with it more security and data privacy compliance challenges for enterprises. One proposed solution gaining traction is the AI Bill of Materials (AIBOM), a framework designed to document the components, data sources and training methodologies behind<\/p>\n","protected":false},"author":2,"featured_media":2129,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2128","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/08\/2128-39133e15-7638-4c35-8754-cedeeddceb69-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2128"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2128\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2129"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2128"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}