Securing the AI Supply Chain: A Framework for AI Software Bills of Materials and Model Provenance Assurance

Abstract

The proliferation of artificial intelligence (AI) systems has exposed critical vulnerabilities in their supply chains, encompassing models, datasets, training pipelines, and dependencies, which introduce risks such as data poisoning, model theft, and adversarial attacks. These threats extend beyond traditional software supply chain concerns, necessitating specialized security measures to ensure trustworthiness in AI deployments across critical sectors. Despite advancements in software bills of materials (SBOMs) driven by initiatives like U.S. Executive Order 14028, existing frameworks inadequately address AI-specific artifacts and provenance requirements, leaving a significant gap in comprehensive risk management. This paper aims to propose a robust framework for operationalizing secure AI supply chains. The key contribution lies in extending SBOM standards to AI components, integrating provenance verification into MLOps pipelines, aligning with governance frameworks such as NIST SSDF and AI RMF, and applying zero-trust principles to AI artifacts. Findings demonstrate that these measures enable proactive vulnerability mitigation, enhanced transparency, and regulatory compliance, thereby advancing resilient and accountable AI systems. These contributions strengthen the field by providing actionable strategies that balance innovation with security, fostering greater trust in AI technologies.