Close

New Research from CDW on Workplace Friction

Learn how IT leaders are working to build a frictionless enterprise.

Click Here to Read the Report
Jun 01 2026
Artificial Intelligence

How Federal Agencies Can Inventory and Govern AI Systems With AI-BOMs

Federal agencies use AI bills of materials to count artificial intelligence assets, reduce shadow AI risk and strengthen zero-trust governance.
by

Jessica Balen is a freelance writer for the CDW family of magazines.

Federal agencies are rapidly adopting generative artificial intelligence, AI-enabled enterprise software and AI coding assistants to improve productivity and modernize operations. But as AI becomes embedded across cloud platforms, Software as a Service (Saas) applications and development environments, many agencies face a familiar cybersecurity challenge in a new form: They do not have complete visibility into what AI systems are running, what data those systems can access or how those tools interact with the broader IT environment.

That challenge is driving growing interest in the concept of an AI bill of materials, or AI-BOM. Similar to a software bill of materials (SBOM), which inventories software components and dependencies, an AI-BOM helps organizations identify and track AI models, data sets, application programming interfaces (APIs) and services operating across their environments. For agencies pursuing AI risk management and zero-trust initiatives, that visibility is becoming increasingly important.

BECOME TRUSTWORTHY: Why data governance is the foundation of trustworthy AI

What Is an AI Bill of Materials?

Mitchel Herckis, global head of government affairs at Wiz, describes an AI-BOM as “a comprehensive inventory of every component that makes up an AI system.”

“An easy way to think of it is as an ingredient label for your AI,” Herckis says.

An AI-BOM can include AI models, training data sets, software dependencies, frameworks and the infrastructure supporting AI systems, he says. While an SBOM focuses on traditional software components, an AI-BOM is designed to capture risks and dependencies specific to AI environments.

“Because today’s software supply chains include AI services and models, organizations are increasingly pairing SBOMs with AI-BOMs to track AI-specific assets and risks that traditional SBOMs miss,” he says.

The distinction matters because AI systems are more dynamic than traditional applications. Models evolve, interact with external services and continuously process new data. As a result, agencies need visibility not only into what software they are running but also into how AI systems operate and what they can access.

What Challenges Might Shadow AI Pose for Federal Agencies?

One of the biggest concerns surrounding AI governance is the growth of “shadow AI,” or AI tools and services operating outside formal IT oversight.

Herckis says the problem is becoming especially visible in development environments.

“One of the biggest blind spots we see today is the rise of shadow AI inside development environments,” he says.

In its 2025 State of AI in the Cloud report, Wiz observed widespread use of AI coding assistants such as GitHub Copilot, Claude Code and OpenAI Codex across cloud environments. Researchers also identified a growing number of open-source and niche AI coding tools being installed independently by developers.

“These tools often operate outside centralized governance processes, creating pockets of shadow AI across organizations,” Herckis says.

For federal agencies, the issue extends beyond standalone AI applications. AI capabilities are increasingly embedded into collaboration platforms, SaaS applications and cloud services, meaning agencies may be using AI features without fully understanding their security implications.

Without visibility into those tools, agencies may not know what sensitive data AI services can access, whether they connect to external providers or whether they bypass existing security controls. As AI adoption accelerates, agencies need a clearer understanding of where AI tools are operating and how they interact with enterprise environments.

Click the banner below to learn how to build a frictionless enterprise with AI.

XS_Q225_AI_cta_desktop02 XS_Q225_AI_cta_mobile02

 

How Can Agencies Adapt Software Inventory Practices for AI Systems?

Federal agencies already have experience with software inventory initiatives through software supply chain security efforts and SBOM requirements. But adapting those practices for AI systems introduces additional complexity.

Unlike traditional software inventories, AI-BOMs must account for models, APIs, agents and data sets operating across hybrid and multicloud environments.

“Federal agencies have had far less enterprise visibility into cloud environments and third-party platforms than their on-premises counterparts,” Herckis says.

He notes that many agencies still rely on legacy cloud security tools that may fail to review assets such as containers, virtual machines and serverless functions.

“With multicloud and hybrid systems, there is a need to leverage platforms that can identify not only AI models but APIs, agents and other AI services,” he says.

That reflects the increasingly interconnected nature of AI ecosystems. A single AI-enabled workflow may rely on multiple cloud providers, third-party APIs and embedded services operating across different environments.

For agencies, the transition from SBOM to AI-BOM is not about replacing existing inventory practices but extending them. Agencies need ways to continuously identify AI components, understand their dependencies and evaluate the risks associated with those systems.

READ MORE: CDW government transforms video and collaboration for a federal entity.

How Do AI-BOMs Strengthen Zero Trust and Supply Chain Oversight?

As agencies continue implementing zero-trust architectures, visibility into AI systems is becoming more important.

Herckis says AI-BOMs can provide the continuous visibility needed to support those efforts.

“AI-BOMs give security teams a clear, continuous list of every AI component in the environment, how it’s configured and what it can access,” he says. “That visibility is the baseline that a zero-trust approach requires to identify and mitigate risks early.”

AI-BOMs can also help agencies understand how AI systems interact with sensitive data and external services.

“AI-BOMs also capture the relationships between AI components, so teams can see how AI systems actually operate in production and build a foundation for traceability, risk assessment and governance as AI systems evolve,” Herckis says.

That visibility becomes especially important when agencies rely on third-party AI providers. Herckis points to the Office of Management and Budget’s M-26-05 memorandum as an example of the federal government’s increasing focus on software and AI supply chain transparency.

“When working with third-party AI providers, federal agencies can look to the recent OMB memoranda and consider working into contract language a requirement that the software producer provide an SBOM or AI-BOM of the runtime production environment upon request,” he says.

Such requirements could help agencies assess exposure more quickly when vulnerabilities or supply chain risks emerge.

EXPLORE: A practical approach to improving digital experiences across federal agencies.

How Can a Resource-Constrained Agency Launch an AI Inventory?

For many agencies, one of the biggest obstacles to AI governance is limited staffing and resources. But Herckis says agencies should avoid treating AI inventory as a manual process.

“The steps around building an inventory should be practical,” he says. “Building Excel spreadsheets of use cases is already becoming virtually impossible due to the ubiquity of AI as it becomes increasingly embedded into all aspects of digital infrastructure.”

Instead, agencies should prioritize automation and continuous visibility.

“Agencies, therefore, should focus on being able to automate the continuous inventorying of both AI models and technologies within their environments,” Herckis says.

He also recommends that agencies establish identity and access controls for AI systems themselves.

“It is also critical to consider ensuring agentic identities for each individual AI entity, limiting entitlement and data access,” he says.

As agencies mature their AI governance practices, those controls can be integrated into broader security posture management and application protection platforms.

Ultimately, the goal of an AI-BOM is not simply to catalog AI technologies. It is to provide the visibility agencies need to support AI risk management, strengthen zero-trust security strategies and govern AI systems responsibly as adoption expands across the federal enterprise.

insta_photos/Getty Images

More On

Related Articles