Scan your AI codebase and automatically map the models, agents, prompts, tools, datasets, and APIs inside it. The Trivy for AI applications.
AIBOM finds AI components in your code and maps them to a structured inventory.
from langchain import ChatOpenAI
llm = ChatOpenAI(
model="gpt-4",
temperature=0.7
)from langchain.agents import initialize_agent
agent = initialize_agent(
tools,
llm,
agent="zero-shot-react-description"
)from langchain.tools import Tool
search = Tool(
name="SerpAPI",
func=search_run
)embeddings = OpenAIEmbeddings(
model="text-embedding-3-small"
)
vectorstore = FAISS.from_documents(
docs, embeddings
)prompt = ChatPromptTemplate.from_messages([
("system", "You are a helpful assistant..."),
("human", "{input}")
])AIBOM generates a structured JSON document mapping all AI components in your codebase.
AI systems contain many hidden dependencies that traditional tooling cannot see.
Models, prompts, tools, datasets, and APIs form complex dependency graphs that are invisible to traditional SBOM tools.
Prompt injection, model poisoning, and data leakage require visibility into how AI components interact with your systems.
Organizations need to track AI usage for compliance, risk management, and responsible AI practices.
Third-party models and APIs introduce supply chain risks that must be audited and monitored continuously.
Three simple steps to complete AI supply chain visibility.
AIBOM analyzes your codebase using AST parsing to identify Python files, notebooks, and configuration files.
Multiple detectors identify models, agents, prompts, tools, datasets, and frameworks with precise source locations.
Produces a structured JSON document with full inventory, risk findings, and export formats like SPDX and CycloneDX.
Install AIBOM and scan your first AI project in minutes.
pip install aibom
aibom scan .
aibom export --format spdx
AIBOM is built by and for the AI security community. We welcome contributions from AI security researchers, AI engineers, and LangChain developers.