Execution-bound advisory automation for agentic AI: a reproducible AIBOM-driven CSAF-VEX framework

Journal article

Introduction: Agentic AI systems integrate foundation models, prompt templates, tool connectors, orchestration logic, and containerised dependencies, creating exploitability conditions that cannot be inferred from static Software Bills of Materials (SBOMs). Artificial Intelligence Bills of Materials (AIBOM) extend transparency to AI-specific artefacts, yet current CSAF/VEX workflows remain based on static component–CVE correlation without runtime validation. Materials and methods: A protocol-driven framework is presented that binds SBOM and AIBOM artefacts to deterministic environment capture and structured runtime telemetry. Exploitability is computed from declared artefacts, observed activation conditions, and enforced execution policies. CSAF-VEX advisories are generated from combined static and runtime evidence, cryptographically signed, and validated through deterministic replay. Evaluation uses approximately 10,000 component entries across synthetic Agentic AI workloads (50–5,000 components), incorporating OSV, GitHub Advisory, KEV, and EPSS datasets. Results: Under controlled experimental conditions, the framework achieves an F1-score of 0.93 (precision 0.96, recall 0.92), reduces false positives by up to 42% relative to static SBOM–CVE matching without runtime validation, and alters exploitability outcomes in 31% of AI-specific artefact cases through AIBOM extension. Advisory artefacts remain reproducible under deterministic replay. Discussion: Binding AIBOM artefacts to runtime telemetry transforms CSAF-VEX generation from static disclosure into execution-grounded exploitability assessment for Agentic AI supply chains.

Authors: Radanliev, P; Santos, O; Maple, C; Atefi, K

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Frontiers Media
• Journal: Frontiers in Artificial Intelligence
• Volume: 9
• Article number: 1826384
• Publication date: 2026-05-14
• Acceptance date: 2026-04-29
• DOI: 10.3389/frai.2026.1826384
• EISSN: 2624-8212
• ISSN: 2624-8212
• Language: English
• Keywords: execution-bound exploitability; agentic AI; runtime telemetry; AI supply chain security; CSAF-VEX automation; artificial intelligence bill of materials