Evo Adds CycloneDX Support to Give Full AI Visibility

Escrito por

19 de dezembro de 2025

0 minutos de leitura

AI is now a supply chain problem

AI adoption inside enterprises is exploding. Developers are pulling models from open source repositories, HuggingFace, internal checkpoints, and fine-tuned variants hosted on MCP servers. However, this rapid innovation has outpaced the security guardrails designed to manage it. While innovation accelerates, security and platform teams often lack visibility into the models being used, they origins, or they behavior.

This creates a fundamental risk: you cannot secure what you cannot see. To regain control, enterprises need a centralized way to inventory AI models, track their origins, and ensure compliance—all without forcing developers to rebuild existing pipelines from scratch.

This is where AI Bill of Materials (AI-BOMs) become critical. An AI-BOM provides a structured, machine-readable inventory that captures dependencies, provenance, and licensing. While there hasn't been a widely accepted standard for these inventories in the past, the arrival of CycloneDX 1.6—the industry’s most popular SBOM standard—changes the landscape.

We are excited to announce that Evo’s Discovery Agent now fully supports CycloneDX’s AI ModelCards. This integration enables portable, standardized AI-BOMs that can be activated alongside existing SBOM workflows with minimal effort. By extending CycloneDX with deeper security insights and actionable metadata, Evo makes the AI-BOM intelligent, usable, and truly enterprise-ready.

The visibility gap: Why you can’t secure what you can’t see

Enterprises are struggling to gain clear visibility into the AI models running across their environments. The issue includes:

No centralized AI-BOM: There’s no consistent inventory of AI models across codebases, repositories, developer machines, or MCP servers.
No provenance tracking: Teams often cannot see who authored a model, where it originated (HuggingFace, GitHub, or a custom checkpoint), whether it has been modified, or whether it can be trusted.
License compliance blind spots: Model licenses are often missing, incomplete, or manually reviewed, creating compliance risks.
No architectural visibility: Teams cannot easily understand model type (text, code, vision, audio, or multimodal), task domain (text-generation, code-repair, image-classification, etc.), architecture family (transformer, CNN, diffusion), input/output formats, or learning approach (supervised, self-supervised, RL).
No implementation insight: Is the model running via the MCP standard SDK, a fine-tuned custom fork, or an unapproved inference library? Without this, governance, risk management, and compliance are nearly impossible.

Standardizing AI-BOM with CycloneDX

By introducing structured AI ModelCards, CycloneDX provides a machine-readable format that brings SBOM-level discipline to AI systems. This standard allows teams to capture essential metadata, including model names, versions, and the specific authors or suppliers responsible for them.

Beyond basic identification, CycloneDX 1.6 documents the technical DNA of a model—its architecture, learning approach, and defined inputs and outputs. This creates a portable, consistent record that serves as the foundation for any modern AI governance strategy.

Beyond the standard: Extending AI-BOMs with Evo

While CycloneDX provides the necessary framework, enterprise-grade governance requires more than just a list of static fields. Many CycloneDX fields allow for free-text entries, which can be difficult for security teams to analyze or act upon at scale. To solve this, Evo extends the standard by mapping model data to a granular, industry-leading taxonomy.

Evo supports all CycloneDX 1.6 AI ModelCard fields:

Learning approach: supervised, unsupervised, RL, semi-supervised, self-supervised
Architecture family: transformer, CNN, RNN, LSTM, residual network
Model architecture: GPT-1, LLaMA-3, ResNet-50, YOLOv3
Inputs / outputs: string formats, multimodal representations

CycloneDX fields that are free-text can be difficult to act upon. Evo adds a granular, industry-leading taxonomy to make AI metadata actionable, such as:

Task taxonomy:

# Text-related
`Text-generation` `Text-summarization` `text-classification` `Information-extraction` `Question-answering` `Translation` `Text-reasoning` `Text-to-structure` `text-correction`

# Code-related
`Code-generation` `Code-explanation` `Code-repair` `Text-to-code` `code-summarization`

# Image-related
`Image-classification` `Object-detection` `Image-segmentation` `Image-generation` `Image-editing` `Image-captioning` `Visual-question-answering` `ocr` `Video-understanding` `video-generation`

# Audio-related
`Speech-recognition` `Text-to-speech` `Speech-translation` `Audio-classification` `Audio-generation` `voice-cloning`

Standardized input/output Types:

model_io_types \= [
`text` `image` `audio` `video` `tabular` `structured` `numeric`

Implementation path and SDK detection: Evo identifies MCP standard SDK usage, custom inference libraries, fine-tuned forks, and unapproved or deprecated toolchains. This is critical for enterprise governance.

How CycloneDX and Evo fill in the visibility gaps

AI models now carry supply chain risks similar to software, but with new semantic and behavioral dimensions. CycloneDX provides the industry-standard AI-BOM format, and Evo adds intelligence and depth, operationalizing the AI-BOM for governance, compliance, and risk scoring. Together, they bring SBOM discipline to AI systems, providing full visibility, automated compliance, and actionable insights.

Combined with CycloneDX, Evo addresses the key visibility and governance gaps:

Centralized AI-BOM: Evo generates full-fidelity inventory across machines, repos, MCP servers, and agents; CycloneDX ensures portability.
Provenance tracking: tracks author, supplier, source URL, download location, and model hash/signature.
License compliance: automatically extracts and normalizes licenses, supporting policy enforcement and audit readiness.
Architectural visibility: reveals model type, architecture family, specific architecture, task domain, input/output modalities, and learning approach.
Implementation insight: maps MCP SDK usage, custom wrappers, and noncompliant inference flows; CycloneDX captures component relationships.

Mapping to customer outcomes

Desired outcome	How Evo delivers
Complete inventory of all models	CycloneDX ModelCard + EVO scans across repos, endpoints, and MCP
Automated license tracking	CycloneDX license fields + EVO normalization
Classification by type, input/output	CycloneDX inputs/outputs + Snyk I/O taxonomy
Classification by task domain	EVO task taxonomy extension
Architecture-level understanding	architectureFamily + modelArchitecture
Learning approach analysis	approach.type for policy & risk
Visibility into model implementation	MCP SDKs, wrappers, inference toolchains
Govern usage across environments	Machine-readable AI-BOM powering policy engines & CI checks

The AI-BOM standard has arrived, and Evo is defining it

The arrival of AI models in the enterprise has introduced supply chain risks that are as much about behavior and semantics as they are about code. True governance requires the ability to operationalize the industry-standard that CycloneDX 1.6 provides.

By combining the portability of CycloneDX 1.6 with Evo’s deep architectural intelligence, enterprises are able to gain:

Complete visibility into all AI models in use
Provenance-based trust
Architecture-level insight
Automated license and policy enforcement
Repeatable governance workflows

Ready to bring full visibility into your AI supply chain? Discover every AI component hidden in your codebase with Evo today.

INTRODUCING

Evo by Snyk

Your AI apps are built to serve your business. Evo is built to protect it.

Explore Evo

A plataforma de segurança para desenvolvedores