Snyk AI-BOM – Visualize and audit AI supply chains with dependency graphs

Summary: Snyk AI-BOM CLI generates a comprehensive inventory of AI components in applications, including models, datasets, and external services. It extends traditional SBOMs by mapping dependencies via the MCP open standard, enabling security and engineering teams to audit AI usage, track LLM providers, and ensure compliance efficiently.

What it does

Snyk AI-BOM scans AI projects to identify and map models, datasets, MCP servers, and external API calls, producing an AI Bill of Materials (AIBOM). It integrates into the CLI for local scans or CI/CD workflows, providing a clear dependency graph of AI components.

Who it's for

It is designed for security and engineering leaders who need visibility and governance over AI models, datasets, and services used across their applications.

Why it matters

It addresses the lack of centralized tracking for AI dependencies, enabling immediate identification of affected applications when AI models change, APIs update, or out-of-policy models are introduced.