The SBOM tab allows you to document the underlying components, dependencies, and third-party services that make up the AI system. This includes models, APIs, cloud services, libraries, and any other integrated software.
Purpose
The goal of this tab is to provide visibility into what is building the AI—whether it’s a foundation model like GPT-4, a cloud-based service, or a combination of open-source and proprietary tools.
Capturing this information supports risk assessment, regulatory disclosure, and vendor management. Organizations are increasingly being asked not only what AI they’ve built, but what external models or infrastructure that AI relies on.
Maintaining an accurate SBOM is particularly useful when responding to vendor risk assessments or preparing for audits under frameworks like the NIST AI RMF or EU AI Act.
User Goals
Users come to this page to:
Record the technical stack powering the AI system
Provide transparency into which models or services are in use
Support documentation and explainability for reviewers and auditors