Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TAIBOM: Bringing Trustworthiness to AI-Enabled Systems

Vadim Safronov, Anthony McCaigue, Nicholas Allott, Andrew Martin

TL;DR

This paper addresses the challenge of establishing trust in AI-enabled software supply chains by extending the SBOM concept to AI-specific artifacts, resulting in TAIBOM. TAIBOM introduces a structured data model and cryptographic attestations that link data, training code, model weights, and inference systems to create a verifiable trace across the AI lifecycle. Through comparative analysis with existing approaches and four representative use cases, TAIBOM demonstrates end-to-end provenance, integrity verification, and risk propagation across training, deployment, and inference. The framework lays the groundwork for trustworthy, auditable AI systems and invites future work on scalability, trust recovery, and integration with development pipelines to support broader adoption.

Abstract

The growing integration of open-source software and AI-driven technologies has introduced new layers of complexity into the software supply chain, challenging existing methods for dependency management and system assurance. While Software Bills of Materials (SBOMs) have become critical for enhancing transparency and traceability, current frameworks fall short in capturing the unique characteristics of AI systems -- namely, their dynamic, data-driven nature and the loosely coupled dependencies across datasets, models, and software components. These challenges are compounded by fragmented governance structures and the lack of robust tools for ensuring integrity, trust, and compliance in AI-enabled environments. In this paper, we introduce Trusted AI Bill of Materials (TAIBOM) -- a novel framework extending SBOM principles to the AI domain. TAIBOM provides (i) a structured dependency model tailored for AI components, (ii) mechanisms for propagating integrity statements across heterogeneous AI pipelines, and (iii) a trust attestation process for verifying component provenance. We demonstrate how TAIBOM supports assurance, security, and compliance across AI workflows, highlighting its advantages over existing standards such as SPDX and CycloneDX. This work lays the foundation for trustworthy and verifiable AI systems through structured software transparency.

TAIBOM: Bringing Trustworthiness to AI-Enabled Systems

TL;DR

This paper addresses the challenge of establishing trust in AI-enabled software supply chains by extending the SBOM concept to AI-specific artifacts, resulting in TAIBOM. TAIBOM introduces a structured data model and cryptographic attestations that link data, training code, model weights, and inference systems to create a verifiable trace across the AI lifecycle. Through comparative analysis with existing approaches and four representative use cases, TAIBOM demonstrates end-to-end provenance, integrity verification, and risk propagation across training, deployment, and inference. The framework lays the groundwork for trustworthy, auditable AI systems and invites future work on scalability, trust recovery, and integration with development pipelines to support broader adoption.

Abstract

The growing integration of open-source software and AI-driven technologies has introduced new layers of complexity into the software supply chain, challenging existing methods for dependency management and system assurance. While Software Bills of Materials (SBOMs) have become critical for enhancing transparency and traceability, current frameworks fall short in capturing the unique characteristics of AI systems -- namely, their dynamic, data-driven nature and the loosely coupled dependencies across datasets, models, and software components. These challenges are compounded by fragmented governance structures and the lack of robust tools for ensuring integrity, trust, and compliance in AI-enabled environments. In this paper, we introduce Trusted AI Bill of Materials (TAIBOM) -- a novel framework extending SBOM principles to the AI domain. TAIBOM provides (i) a structured dependency model tailored for AI components, (ii) mechanisms for propagating integrity statements across heterogeneous AI pipelines, and (iii) a trust attestation process for verifying component provenance. We demonstrate how TAIBOM supports assurance, security, and compliance across AI workflows, highlighting its advantages over existing standards such as SPDX and CycloneDX. This work lays the foundation for trustworthy and verifiable AI systems through structured software transparency.

Paper Structure

This paper contains 12 sections, 2 figures, 1 table.

Table of Contents

  1. Background
  2. Software Bill of Materials
  3. AI Bill of Materials
  4. Related Work
  5. Existing AIBOM Proposals
  6. TAIBOM: A Trustable AIBOM Solution
  7. TAIBOM Architecture
  8. TAIBOM Data Model
  9. TAIBOM Framework
  10. TAIBOM Use Cases
  11. Discussion and Limitations
  12. Conclusions

Figures (2)

  • Figure 1: TAIBOM Data Model.
  • Figure 2: TAIBOM Operation Workflow.