Operationalising artificial intelligence bills of materials for verifiable AI provenance and lifecycle assurance

Journal article

Introduction: Artificial intelligence (AI) systems increasingly rely on complex, multi-layered software supply chains, creating substantial challenges for reproducibility, transparency, and security assurance. Existing software bills of materials inadequately capture AI-specific artefacts such as model lineage, training provenance, and disclosure metadata, limiting verifiable lifecycle governance. Methods: This study proposes an Artificial Intelligence Bill of Materials (AIBOM) schema that extends the CycloneDX standard through structured schema engineering. The framework integrates cryptographic validation and agent-driven automation to enable machine-verifiable provenance. An autonomous AI pipeline was implemented to conduct continuous environment inspection, vulnerability enrichment, and reproducibility auditing across containerised analytic workflows. Results: Empirical evaluation demonstrates 98.7% reproducibility fidelity across replicated executions, 96.2% precision in vulnerability matching against reference datasets, and a 63% reduction in manual oversight compared with conventional documentation-based approaches. Discussion: The results demonstrate the feasibility of automated provenance assurance and reproducible AI lifecycle validation at scale. The proposed AIBOM framework strengthens software supply chain transparency, enhances provenance integrity, and provides a generalisable methodology for securing AI systems. It further supports alignment with international information security and compliance standards, advancing the scientific foundations of reproducibility engineering in AI-enabled systems.

Authors: Radanliev, P; Santos, O; Maple, C; Atefi, K

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Frontiers Media
• Journal: Frontiers in Computer Science
• Volume: 8
• Article number: 1735919
• Publication date: 2026-01-21
• Acceptance date: 2026-01-05
• DOI: 10.3389/fcomp.2026.1735919
• EISSN: 2624-9898
• ISSN: 2624-9898
• Language: English
• Keywords: federated analytics; reproducibility; CVE automation; secure data pipelines; AI bill of materials (AIBOM); schema validation; agentic AI; CycloneDX