CybersecurityVulnerability Management

Global Agencies Unveil AI Supply Chain Risk Guidance with SBOMs

Analyst 207||Source: InfoSecMag
Global agency representatives meet to discuss AI supply chain risks, surrounded by laptops and documents.

"I liked a lot" of the proposed elements, but many are "hard to measure or even hard to define in a specific, cross-organization fashion," said Allan Friedman, who led CISA’s SBOM efforts between August 2021 and July 2025.

The G7 paper and who signed on

On 12 May the G7 Cybersecurity Working Group published a new guidance document titled Software Bill of Materials (SBOM) for Artificial Intelligence - Minimum Elements. The paper was jointly released by Germany’s Federal Office for Information Security (BSI), Italy’s National Cybersecurity Agency (ACN), France’s National Cybersecurity Agency (ANSSI), Canada’s Communications Security Establishment (CSE), the US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC) and Japan’s National Cybersecurity Office (NCO), in collaboration with the EU Commission. The document builds on a prior shared vision of SBOMs for AI that the working group published in June 2025.

The seven SBOM for AI clusters, explained

The guidance centers on seven clusters — groupings of potential SBOM elements that producers and users of AI systems can apply. The paper defines each cluster and the types of information it is intended to capture:

  • Metadata: information related to the SBOM for AI itself, and not the individual components or sub-elements.
  • System Level Properties (SLP): information on the AI system as a whole, including software dependencies, frameworks used, and how system components interact and process user data.
  • Models: identifying the models used, how each model’s weights were produced, and the models’ properties and limitations.
  • Dataset Properties (DP): information on datasets used during the whole life cycle of the model, including identity and provenance of data.
  • Key Performance Indicators (KPI): elements referring to the AI system’s KPIs and those of integrated components, with attention to their lifecycle phases.
  • Infrastructure: physical and virtual infrastructure critical to the AI system’s operation, and, if available, a link to a Hardware Bill of Materials (HBOM) for specialized AI hardware.
  • Security Properties (SP): the cybersecurity measures that apply to AI models and systems.

The paper notes that, apart from Metadata (which documents the SBOM itself), all clusters are considered equally important. It also frames the list as a starting point: the clusters are not mandatory and remain open to further refinement.

SBOMs alone are not sufficient

The authors emphasize that an SBOM for AI by itself is "not sufficient" to increase cybersecurity across the AI supply chain. The document argues that SBOMs must be tied into operational cybersecurity tooling — examples given include vulnerability scanning and management tools, security advisories and bulletins, and development of adaptable and evolutionary tooling mechanisms.

As the paper puts it: “Eventually, an SBOM for AI will help to strengthen the security of the AI supply chain if deployed together with the right cybersecurity tools.” That linkage is presented as essential for any SBOM scheme to translate into meaningful, sustained protection.

Reaction from Allan Friedman and the question of measurability

Allan Friedman — identified in the document as having led CISA’s SBOM efforts between August 2021 and July 2025 — offered a qualified endorsement. He said he “liked a lot” of the clusters but warned that many are "hard to measure or even hard to define in a specific, cross-organization fashion." That tension — between a comprehensive set of candidate elements and the practical need for clear, measurable requirements that can be consistently implemented across organizations — is threaded throughout the guidance.

What this means for technologists, policymakers, and procurement leaders

Technologists and security teams: The seven clusters provide a structured taxonomy to document models, data provenance, infrastructure, and security controls; teams will need to plan how to integrate SBOM content with vulnerability scanners, advisories, and lifecycle tooling as the paper recommends.

Policymakers and regulators: The document offers a non‑mandatory, harmonized starting point that can inform standards and guidance. The paper’s emphasis on tool integration and evolutionary tooling mechanisms highlights where regulatory expectations may intersect with operational practice.

Procurement and enterprise IT leaders: The inclusion of System Level Properties, Dataset Properties, and a possible HBOM link for hardware gives procurement a clearer checklist to request from suppliers, but the paper’s caveat that clusters are open to refinement — and Friedman's concern about measurability — signals that practical contract language may still evolve.

The G7 working group's Minimum Elements paper is positioned as a practical taxonomy rather than a finished standard: it maps what information could be useful for AI supply-chain transparency and security, while explicitly urging that SBOMs be connected to the tooling and processes that make them actionable. How quickly that translation from taxonomy to operational practice occurs — and how measurability challenges identified by experts like Allan Friedman are resolved — will determine whether these minimum elements move from guidance into effective defense.

https://www.infosecurity-magazine.com/news/new-sboms-for-ai-guidance-2026/

Artificial IntelligenceCisaEmerging ThreatsInformation SecurityNational SecurityAI Supply ChainSoftware Bill Of MaterialsSBOMG7
Related Intelligence

Continue Reading

Diverse group of people collaborate around a large table with laptops and notes.

AI Exposes Thousands of Open-Source Vulnerabilities

This summer is shaping up to be a wild ride, with thousands of open-source vulnerabilities exposed and a new coalition, Athena, stepping in to save the day with AI-powered solutions. Led by Chainguard, Athena brings together over two dozen major companies to tackle the problem head-on.

Analyst 207
Diverse group of people engaged in respectful conversation around a table with laptops and notebooks.

Cybersecurity Forum Opens Weekend Discussion Thread

Join the weekend Bunker Talk thread, where the community comes together for a refreshing, no-holds-barred discussion that's free from the usual toxicity - with one key rule: respectful, fact-based conversation, even when politics get involved. Share your thoughts, hash out differences, and engage with the best commenting crew on the net in a space that values civility and substance.

Analyst 207
Secret Service agent in airport terminal looks concerned at personal smartphone.

US Secret Service Exposes Agents to Cyber Risk with Lax Mobile Security

The US Secret Service is putting its agents at risk of cyber attacks by allowing them to use personal phones for work, with over 15,000 instances of unsecured calls made during critical operations. This lax mobile security leaves them vulnerable to hackers, despite having access to supposedly secure government-issued devices.

Analyst 207
Technician examines server rack with laptop in a brightly-lit network operations room.

CISA Mandates Urgent Patching for Exploited Cisco Flaw

Don't wait until it's too late: Cisco has issued a critical patch for a vulnerability (CVE-2026-20230) in its Unified Communications Manager Server, and the US Cybersecurity and Infrastructure Security Agency (CISA) is requiring urgent remediation by June 28. Act now to protect your system from potential remote exploitation.

Analyst 207