AIBOM: Powering Transparency and Security in AI and Software Supply Chains
CVE/FIRST VulnCon 2025 · Main Stage
In an era where Artificial Intelligence (AI) rapidly integrates into critical business operations, the security of AI models and their underlying supply chains has become paramount. This talk by Dimiter Raidman, CTO and co-founder of SyzItz Cab, delves into the critical need for **AI Bill of Materials (AIBOMs)** to ensure transparency, security, and compliance within the burgeoning AI landscape. Raidman, who also co-leads the CISA Tiger Team defining AI SBOMs alongside Helen Oakley from SAP and Daniel from Manifest Cyber, highlights the unique risks and vulnerabilities inherent in AI systems that traditional software supply chain security measures fail to address adequately.
AI review
A well-intentioned policy/standards talk that arrives at VulnCon dressed as security research but delivers mostly conceptual framework advocacy with minimal technical substance. The speakers are legitimately involved in the CISA AIBOM Tiger Team, which gives them real credentials in this space, but the content never gets past the 'why AIBOMs matter' pitch and into anything that would help a practitioner actually build, validate, or attack one. The talk reads like a pre-RSA warm-up for a standards workshop, not a VulnCon session.