What goes in an SBOM for a federal AI deployment?
A software bill of materials lists the components, versions, suppliers, and dependency relationships of the deployed system, typically in SPDX or CycloneDX, so consumers can track vulnerabilities and provenance. For an AI deployment the practice extends…
Answer.
A software bill of materials lists the components, versions, suppliers, and dependency relationships of the deployed system, typically in SPDX or CycloneDX, so consumers can track vulnerabilities and provenance. For an AI deployment the practice extends toward model and data lineage (sometimes called an AI-BOM), though that is still maturing. Planisphere does not generate your SBOM; it pins the audited model and probe set by hash so the thing measured is unambiguously identified alongside whatever SBOM you maintain.
The mark behind the answer.
software bill of materials · NTIA + CISA.
Prepare evidence for SBOM review.
First evidence record within 21 days of access · re-runs in a single business day. Planisphere measures model behaviour and emits a reproducible, sha-pinned record — it does not certify, file, or give legal advice.