Toward a transparent supply chain for AI

Behind the smartphone in your pocket, and nearly every other manufactured good, is something called a BOM — a bill of materials that breaks down the product’s parts and explains how it was made. A BOM serves as a manufacturing blueprint that can help businesses manage inventory, reduce waste, and improve supply chain efficiency.

Software products got their own bill of materials in the 2010s, with an initial focus on making open-source licensing requirements easier to follow. As malicious attacks grew more common, the scope of software BOMs (or SBOMs) expanded to include provenance and security vulnerabilities. Now, as AI takes over some traditional software roles, the SBOM is evolving again to bring more consistency and accountability to the fragmented way that foundation models and their off-shoot applications are currently documented.

Standards are still evolving, but an AIBOM at a high level provides a standardized, auditable record of the datasets, weights, and methodologies underpinning a modern AI model. It’s like a machine-readable model card with enough fine print for users to inspect dataset licenses, earlier versions of the model, and evaluation results. In theory, the AIBOM is the record you check to make sure your model complies with ethical standards and major safety and security regulations.

To the extent that today’s models are documented at all, the metadata is often buried in PDFs, long blog posts, or in semi-structured model cards. Downstream users often have little idea of what data went into the models they’re adapting or how design choices during pre-training could play out in real life.

As a first step toward a full AIBOM, IBM just released model and dataset metadata for its Granite 4.0 models in machine-readable JSON. The structured format means that model cards and other AI documentation that model builders had to create manually can now be generated instantly. Enterprises can also use this format to compare models and check that those put into production meet internal safety and security policies, adding extra risk controls at runtime.

Granite’s transition to structured disclosures brings a new level of transparency to the models, which hold the number one spot on Stanford’s Foundation Model Transparency Index and were among the first large language models to earn ISO 42001 certification.

An audit trail for AI models

Like an SBOM, an AIBOM tracks individual software components. Its scope, however, extends to features unique to foundation models — things like model weights, downstream applications, and the provenance of training data, whether it was gathered from the web or generated automatically, in increasingly complex pipelines.

Other AI-specific components include the hardware the model trained on and what will be required for it to run, as well as details related to LLMs and LLM agents whose outputs can vary widely based on how a prompt is worded.

“Software is currently treated as a first-class citizen, while the data is an afterthought,” said Arthit Suriyawongkul, a researcher at Trinity College in Dublin focused on AI governance. “Modern AI flips that around. Data is just one of many primary artifacts that need to be thoroughly documented.”

Then, as now, security concerns and emerging regulations drove the tech industry to adopt SBOMs with their more rigorous reporting. The Linux Foundation in 2010 introduced its software package data exchange (SPDX) standard to make open-source licensing easier to communicate.

Later, a series of high-profile supply chain attacks led Linux to expand the focus of SPDX to exposing security risks. In 2017, the Open Worldwide Application Security Project (OWASP) introduced its own standard for generating software documentation, CycloneDX. The emphasis on security continued with President Biden’s executive order in 2021 to improve the nation’s cybersecurity by making software supply chain risks more visible.

Both Linux and OWASP are now extending their SBOM standards to AI, and IBM Research drew on this work in building out Granite’s new structured disclosures. As the industry works toward a common standard, IBM researchers have shared their best practices back with the community.

Broadly, an AIBOM covers six main areas — models, datasets, code, hardware, data processing, and governance. Once this information is machine-readable, it can be updated as models and processes evolve. Information can be instantly extracted for reporting, and security policies can be integrated into downstream applications to ensure the model behaves as its creators intended.

“If you look at any model card on hugging face, it's a README.md file which you can look at, but you can’t actually use programmatically without developing some parsing mechanism,” said Rakesh Jain, manager and chief architect of the data management platform behind IBM Granite. “Every model provider writes it differently.”

There’s more work to do before IBM Granite has a full bill of materials, but the team’s investments in governance and automated workflows should streamline the process, since most of the metadata needed for a full AIBOM already exists, said Jain.

“Once we have it all in a machine-readable format, retrieving information at a large scale from all our models will become very easy,” he said.

The untapped value of open

Open-source LLMs have improved dramatically in recent years, with Granite and other top open models now outperforming much larger frontier models in specific domains at a fraction of the cost. Despite the narrowing gap, closed models dominate the inferencing market, capturing about 96% of revenue, according to a new study by MIT and Georgia Tech researchers Frank Nagle and Daniel Yue.

This imbalance is economically significant, they found, estimating that if demand were to shift to open models, inferencing costs would drop by more than 70%, on average. In 2025, open models could have delivered $24.8 billion in savings to users.

“It’s more than the annual GDP of entire nations,” Nagle wrote in a blog post for the Linux Foundation, where he is also chief economist. “It represents a substantial consumer savings that could be captured by organizations, developers, and downstream users.”

It’s unclear whether brand recognition, performance benchmarks, or other factors are driving user preference for closed models, but standardized disclosures on their own are probably not enough to convince users to switch, said Nagle in an interview.

“Open models aren’t underutilized because of transparency — closed model users have no idea what’s in the models they’re using and which they’re paying more for,” he said. “But trust is a big thing, and maybe an AIBOM could help some people get over the hurdle.”

Open models covered by an AIBOM could be especially appealing to enterprises doing business in Europe, where AI-specific regulations are now in effect. Machine readable documentation leaves a clear audit trail for both enterprises and regulators, which could be helpful for both parties.

It makes data provenance and model lineage easier to track and prove. And if an AI system is attacked, the structured metadata can help enterprises isolate compromised datasets, dependencies, and model versions, which could lead to faster remediation.

The business case for transparency

The latest Stanford transparency rankings showed many tech companies moving away from transparency, for what could be a variety reasons.

Companies may be focused on performance above all else, while others may want to keep their data and techniques private to protect their market advantage. Companies that took shortcuts may not want to draw attention to themselves. If they gathered training data haphazardly and their models ingested copyrighted material, even unintentionally, it could open the door to lawsuits.

There’s no question that transparency brings extra scrutiny and can slow down the development process. But there’s ample evidence to suggest that transparency, and the ethical practices that go with it, can create value.

Responsible AI systems can build trust among customers and employees, lower risks by reducing customer complaints and compliance problems, and lead to higher-quality products. In a recent survey of 915 global executives, researchers at IBM and the University of Notre Dame’s Institute for Ethics and the Common Good found that organizations that invested the most in AI ethics reported 30% higher operating profit attributable to AI, on average, than those that spent the least.

“The ROI can be short-term and quantitative, like higher profits or reduced expenses, but it can also be a qualitative return like increasing the skills and capabilities within a firm,” said study co-author Francesca Rossi, an IBM Fellow who focuses on AI governance.

Check out IBM Granite’s new structured disclosures for the Granite language models here, including our Nano collection here.

Read the first piece in the series: How IBM Granite became a leader in responsible AI