Table of Contents
Fetching ...

AIBoMGen: Generating an AI Bill of Materials for Secure, Transparent, and Compliant Model Training

Wiebe Vandendriessche, Jordi Thijsman, Laurens D'hooge, Bruno Volckaert, Merlijn Sebrechts

TL;DR

AIBoMGen introduces a verifiable provenance platform that generates cryptographically signed AI Bills of Materials (AIBOMs) during model training, acting as a neutral root of trust and recording training inputs, configurations, and environments via in-toto attestations and artifact hashes. The PoC demonstrates that verifiable documentation can be achieved with negligible performance overhead and without relying on TEEs, addressing regulatory needs (e.g., EU AI Act) and improving auditability. It surveys related work, identifies gaps in cryptographic guarantees and interoperability, and offers a modular, cloud-native architecture with programmable verification endpoints. The results advocate for integrating provable provenance into AI pipelines, while outlining future directions like hardware-backed attestations, broader framework support, and enhanced lineage tracking to bolster trust in AI ecosystems.

Abstract

The rapid adoption of complex AI systems has outpaced the development of tools to ensure their transparency, security, and regulatory compliance. In this paper, the AI Bill of Materials (AIBOM), an extension of the Software Bill of Materials (SBOM), is introduced as a standardized, verifiable record of trained AI models and their environments. Our proof-of-concept platform, AIBoMGen, automates the generation of signed AIBOMs by capturing datasets, model metadata, and environment details during training. The training platform acts as a neutral, third-party observer and root of trust. It enforces verifiable AIBOM creation for every job. The system uses cryptographic hashing, digital signatures, and in-toto attestations to ensure integrity and protect against threats such as artifact tampering by dishonest model creators. Our evaluation demonstrates that AIBoMGen reliably detects unauthorized modifications to all artifacts and can generate AIBOMs with negligible performance overhead. These results highlight the potential of AIBoMGen as a foundational step toward building secure and transparent AI ecosystems, enabling compliance with regulatory frameworks like the EUs AI Act.

AIBoMGen: Generating an AI Bill of Materials for Secure, Transparent, and Compliant Model Training

TL;DR

AIBoMGen introduces a verifiable provenance platform that generates cryptographically signed AI Bills of Materials (AIBOMs) during model training, acting as a neutral root of trust and recording training inputs, configurations, and environments via in-toto attestations and artifact hashes. The PoC demonstrates that verifiable documentation can be achieved with negligible performance overhead and without relying on TEEs, addressing regulatory needs (e.g., EU AI Act) and improving auditability. It surveys related work, identifies gaps in cryptographic guarantees and interoperability, and offers a modular, cloud-native architecture with programmable verification endpoints. The results advocate for integrating provable provenance into AI pipelines, while outlining future directions like hardware-backed attestations, broader framework support, and enhanced lineage tracking to bolster trust in AI ecosystems.

Abstract

The rapid adoption of complex AI systems has outpaced the development of tools to ensure their transparency, security, and regulatory compliance. In this paper, the AI Bill of Materials (AIBOM), an extension of the Software Bill of Materials (SBOM), is introduced as a standardized, verifiable record of trained AI models and their environments. Our proof-of-concept platform, AIBoMGen, automates the generation of signed AIBOMs by capturing datasets, model metadata, and environment details during training. The training platform acts as a neutral, third-party observer and root of trust. It enforces verifiable AIBOM creation for every job. The system uses cryptographic hashing, digital signatures, and in-toto attestations to ensure integrity and protect against threats such as artifact tampering by dishonest model creators. Our evaluation demonstrates that AIBoMGen reliably detects unauthorized modifications to all artifacts and can generate AIBOMs with negligible performance overhead. These results highlight the potential of AIBoMGen as a foundational step toward building secure and transparent AI ecosystems, enabling compliance with regulatory frameworks like the EUs AI Act.
Paper Structure (30 sections, 7 figures, 1 table)

This paper contains 30 sections, 7 figures, 1 table.

Figures (7)

  • Figure 1: Architecture diagram of AIBoMGen backend, authorized entities can submit training jobs which are executed and attested by the platform.
  • Figure 2: Overview of the main steps performed by a worker node during a training job.
  • Figure 3: Use case diagram of the AIBoMGen application.
  • Figure 4: Total training time and AIBOM generation time as a function of epoch count.
  • Figure 5: AIBOM generation time box plots across different epoch counts with global mean and std.
  • ...and 2 more figures