In software security, there is a well-established principle: you cannot secure what you cannot see. The software bill of materials the SBOM exists specifically because organisations needed a structured inventory of every software component, library, and dependency in their systems in order to identify which vulnerabilities affected them.
That principle has arrived in AI. And the inventory problem it reveals is significantly larger than most organisations have acknowledged.
A new governance standard called the AI-BOM, AI Bill of Materials is gaining traction this week as enterprise environments become saturated with AI models, agents, tools, and unsanctioned applications that existing software inventory practices cannot track. The AI-BOM is designed to inventory not just models, but datasets, agents, prompts, and the interconnections between all of them.
The reason this standard is emerging now is the same reason the SBOM emerged when it did: organisations have discovered that their AI environment is larger, more interconnected, and less governed than they believed and that the gap between what they think is running and what is actually running is material.
What shadow AI actually looks like in practice
Shadow AI is the enterprise AI equivalent of shadow IT, AI tools, models, and agents deployed outside the formal IT and governance process. And like shadow IT, it is almost always deployed with good intentions by people trying to be more productive with the tools available to them.
A finance team that has connected a department ChatGPT account to the company's financial reporting data to help draft commentary. A legal team that has built a document review workflow using a third-party AI tool not on the approved vendor list. A software engineering team that has integrated an AI coding assistant that has access to the production codebase. A customer service supervisor who has built a prompt-based AI assistant that team members use for drafting customer responses.
Each of these represents a productive use of AI capability. Each also represents a data governance risk, a security risk, and a compliance risk that the organisation is carrying without awareness.
The WEF's finding today that 87% of organisations identify vulnerabilities in AI systems themselves as among the fastest-growing threats is, in part, a shadow AI problem. You cannot protect a system from AI-specific attack vectors if you do not know the system exists.
What an AI-BOM actually requires
The AI-BOM standard emerging this week is more complex than the software SBOM because the AI environment has more interconnected elements than a conventional software environment.
A complete AI-BOM covers: every AI model deployed, including the version, the training data source, the deploying team, and the current operational status; every AI agent with access to systems or data; every prompt template used in production workflows; every dataset used for training, fine-tuning, or retrieval; and the dependencies between all of these — which model uses which dataset, which agent calls which model, which workflow uses which agent.
Building this inventory in organisations that have been deploying AI tools without central governance for two years is not a trivial exercise. It requires active discovery scanning for deployed models and tools not just cataloguing the ones IT knows about.
The governance principle the AI-BOM enforces
You cannot govern what you cannot see. You cannot secure what you cannot govern.
For organisations with significant AI deployment activity, the AI-BOM is not an optional governance enhancement. It is the foundation of a credible AI governance posture, the prerequisite for every other governance capability, from security monitoring to regulatory compliance to incident response.
The organisations building their AI-BOM practice now are building the visibility that makes every subsequent governance investment useful. Those governing the AI they know about while shadow AI proliferates underneath are carrying risks they cannot quantify, which is a worse position than carrying risks they can see clearly enough to address.
PalTech helps enterprises build the AI governance infrastructure including AI inventory, shadow AI discovery, and AI-BOM practices that makes governance complete rather than partial.
Top comments (0)