Enter a model on Hugging Face, in a format <organization-or-username>/<model-name> (easy copy button), or model's URL, to generate AIBOM in CycloneDX format. You can browse available models in the Hugging Face models repository.
This open-source tool generates AIBOM (AI Bill of Materials) for models hosted on Hugging Face. It automatically extracts and formats key information about AI models into a standardized, machine-readable SBOM (Software Bill of Materials) using the CycloneDX JSON format. Because metadata quality varies across models and much of the information is unstructured, the tool analyzes what is available, organizes it into a consistent structure, and provides an AIBOM completeness score that evaluates how well the model is documented. This helps users quickly understand documentation gaps and supports transparency, security, and compliance. The tool is also listed on CycloneDX Tool Center.
An AIBOM (Artificial Intelligence Bill of Materials, also known as AI/ML-BOM, AI SBOM, or SBOM for AI) is a detailed, structured inventory that lists the components and dependencies involved in building and operating an AI system—such as pre-trained models, datasets, libraries, and configuration parameters. Much like a traditional SBOM for software, an AIBOM brings transparency to what goes into an AI system, enabling organizations to assess security, compliance, and ethical risks. It is essential for managing AI supply chain risks, supporting regulatory requirements, ensuring model provenance, and enabling incident response and audits. As AI systems grow more complex and widely adopted, AIBOMs become critical for maintaining trust, accountability, and control over how AI technologies are developed, integrated, and deployed.
If you encountered any problems, found a bug, or have suggestions for improvement, we'd love to hear from you!
📋 View on GitHubIf you find this tool useful, share it with your network! https://genai.owasp.org
Follow us for updates: @OWASP GenAI Security Project