AI Bill of Materials (AIBOM) for Python Developers: Mapping Your AI Dependencies with Snyk

As AI integrates deeper into Python codebases, understanding your AI supply chain has become critical. Whether you're building with OpenAI's GPT models, integrating Hugging Face transformers, or deploying computer vision systems, your applications now depend on complex webs of AI models, datasets, and services that can introduce new security and compliance risks.

Enter the AI Bill of Materials (AIBOM) or ML Bill of Materials (MLBOM) – a standardized way to catalog and track AI components in your applications. Snyk's new experimental AIBOM tool makes this visibility accessible to Python developers, providing automated discovery and cataloging of AI dependencies across your projects.

What is an AI Bill of Materials?

An AI Bill of Materials (AIBOM) extends the traditional Software Bill of Materials (SBOM) concept to include AI-specific components like machine learning models, datasets, training parameters, and AI service integrations. Think of it as an inventory manifest for all the AI pieces powering your application.

For Python developers, this means understanding not just your pip dependencies, but also:

• Which AI models your code references

• External AI services and APIs being called

• Datasets used for training or inference

• Model versions and provenance information

• Licensing implications for datasets and model architectures

Real-world AIBOM examples: From computer vision to AI agents

owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo$ ls
GroundingDINO  OpenHands
owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo$ snyk aibom --experimental --org=61d6c8ed-5876-4af4-a35c-95ea4131c845 > ai_bom.json^C
owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo$ cd GroundingDINO/
owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo/GroundingDINO$ snyk aibom --experimental --org=61d6c8ed-5876-4af4-a35c-95ea4131c845 --html > ai_bom.html
owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo/GroundingDINO$ cd ..
owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo$ cd OpenHands/
owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo/OpenHands$ snyk aibom --experimental --org=61d6c8ed-5876-4af4-a35c-95ea4131c845 --html > ai_bom.html
owler@OwlUbuntu:~/Documents/Snyk/ai-bom-demo/OpenHands$ google-chrome ai_bom.html
Opening in existing browser session.

Let me walk through two compelling examples that demonstrate AIBOM in action with actual Python projects.

Example 1: GroundingDINO - Computer vision pipeline

GroundingDINO is a sophisticated computer vision project that combines object detection with natural language understanding. Running Snyk's AIBOM tool reveals a fascinating dependency landscape:

AI models discovered:

• bert-base-uncased and roberta-base for language processing

• Multiple ResNet variants (resnet18, resnet50, resnet101) for image feature extraction

• Training datasets including bookcorpus and wikipedia

Key Python libraries:

• torch and torchvision for deep learning infrastructure

• transformers for NLP model integration

• timm for image model implementations

• gradio for interactive demos

This AIBOM output immediately reveals the project's multimodal nature and highlights potential areas of concern – like the dependency on specific model versions that might have known vulnerabilities or licensing restrictions.

Example 2: OpenHands - AI agent framework

OpenHands presents an even more complex AI ecosystem. The AIBOM reveals a comprehensive catalog of large language models and AI services.

Extensive model portfolio
Including but not limited to…

• Complete Claude family: claude-3-5-sonnet-20241022, claude-opus-4-20250514, claude-sonnet-4-20250514

• OpenAI models: gpt-4o, gpt-4-turbo, o1-preview, whisper-1

• Google Gemini series: gemini-2.5-pro, gemini-2.0-flash-exp

• Mistral AI: devstral-small-2505

• Cohere: command

Service integrations:

• Direct OpenAI API endpoints

• Hugging Face Hub integration

• Various model inference libraries (vllm, openai)

This AIBOM demonstrates how modern AI applications often integrate multiple model providers and services, creating complex dependency webs that traditional dependency scanning might miss.

Why Python developers need AIBOM visibility

Python's rich AI ecosystem makes it particularly susceptible to hidden AI dependencies. Consider these scenarios:

Hidden model dependencies

Your code might reference models indirectly through library calls:

from transformers import pipeline
classifier = pipeline("sentiment-analysis")  # Downloads default model

This seemingly simple code actually downloads and uses a specific model version, creating an undocumented dependency.

Service Integration Risks

AI service integrations create external dependencies:

import openai
response = openai.ChatCompletion.create(model="gpt-4")

Each service call represents a dependency on external AI infrastructure with its own security considerations.

Model provenance issues

Understanding where your AI models come from is crucial for secure AI adoption. Models trained on unknown datasets or with unclear licensing can introduce legal and security risks.

Getting started with Snyk's AIBOM tool

Snyk's AIBOM tool provides automated discovery for Python projects. Here's how to use it:

# Generate AIBOM in JSON format
snyk aibom --experimental --org=your-org-id > aibom.json

# Generate interactive HTML visualization
snyk aibom --experimental --org=your-org-id --html > aibom.html

The tool performs static code analysis to identify:

• Model references in your Python code

• AI library imports and usage patterns

• Service endpoint configurations

• Model card information and metadata

Security implications of AI dependencies

AI components introduce unique security vectors that traditional vulnerability scanning might miss:

Model poisoning risks

AI attacks can target models directly. Understanding which models your application uses helps assess exposure to model-specific vulnerabilities.

Data exposure concerns

AI models can inadvertently expose training data through model inversion attacks. Knowing your model provenance helps evaluate these risks.

Supply chain attacks

Just as traditional dependencies can be compromised, AI models and services can be targets for supply chain attacks. Agent hijacking represents a new class of threats specific to AI systems.

Compliance and licensing

AI models often have complex licensing terms and usage restrictions. AIBOM helps ensure compliance with model licenses and terms of service.

Best practices for AI dependency management

1. Regular AIBOM auditing

Generate AIBOMs regularly to track changes in your AI dependencies:

# Run as part of CI/CD pipeline
snyk aibom --experimental --json | jq '.components[] | select(.type=="machine-learning-model")'

2. Model version pinning

Just like traditional dependencies, pin AI model versions:

# Instead of using latest
model = AutoModel.from_pretrained("bert-base-uncased")

# Pin specific versions
model = AutoModel.from_pretrained("bert-base-uncased", revision="abc123")

3. Monitor model updates

Track when models are updated or deprecated. The AIBOM helps identify which models need attention.

4. Implement AI-specific security scanning

Combine AIBOM with AI-aware security tools that understand AI-specific vulnerabilities.

Integration with development workflows

CI/CD integration

Incorporate AIBOM generation into your deployment pipeline:

# GitHub Actions example
- name: Generate AIBOM
  run: snyk aibom --experimental --json > artifacts/aibom.json
- name: Archive AIBOM
  uses: actions/upload-artifact@v3
  with:
    name: aibom
    path: artifacts/aibom.json

Code review enhancement

Use AIBOM insights to enhance AI code review processes. Understanding AI dependencies helps reviewers assess the broader implications of code changes.

Risk assessment

Regular AIBOM analysis helps identify:

• Concentration risk (over-reliance on single AI providers)

• License compatibility issues

• Deprecated or EOL models

Performance and cost implications

The Future of AI Dependency Management 

As AI continues to evolve, dependency management will become increasingly complex. We're already seeing:

• Multi-modal models that combine text, image, and audio processing

• Federated learning systems with distributed dependencies

• Edge AI deployment requiring model optimization pipelines

• AI hallucination mitigation requiring model ensemble strategies

AIBOM provides the foundation for managing this complexity, giving Python developers the visibility needed to build secure, reliable AI applications.

The examples from GroundingDINO and OpenHands demonstrate that even relatively focused AI projects can have surprisingly complex AI dependency graphs. As your projects grow and incorporate more AI capabilities, having clear visibility into these dependencies becomes essential for maintaining security, compliance, and operational reliability.

Start generating AIBOMs for your Python projects today with Snyk's experimental tool. Understanding your AI supply chain is the first step toward securing your AI-generated code and building more resilient AI applications.

Ready to map your AI dependencies? Try Snyk's AIBOM tool and discover what AI components are powering your Python applications.

WHITEPAPER

What's lurking in your AI?

Explore AI Security Posture Management (AISPM) and proactively secure your AI stack.

Get the full guide