What is an MLBOM? - Checkmarx

Summary

“An MLBOM (Machine Learning Bill of Materials) is a structured record detailing all ML system components, from model architecture and datasets to dependencies and training processes. An MLBOM helps organizations protect AI-driven applications from threats, data corruption and vulnerabilities.”

Jonathan Singer Senior Product Marketing Manager

An MLBOM (Machine Learning Bill of Materials) is a structured record of all components involved in the lifecycle of an ML model and any system involving ML.

MLBOM SBOM software bill of material types

It includes the model type, architecture, training data and more. An MLBOM provides transparency, traceability and governance over ML models and systems, ensuring they are reproducible, compliant and secure.

MLBOM vs. AIBOM

AI and ML are often used interchangeably.

AI, Artificial Intelligence, is a broader term covering systems that mimic human capabilities by simulating human intelligence.

ML, machine learning, is a subset of AI. It covers systems that teach themselves autonomously from data, used for providing accurate and advanced analysis outputs.

AIBOM (AI Bill of Materials) and MLBOM (Machine Learning Bill of Materials) are both inventory lists of AI systems.

Based on the differences between AI and ML described above, MLBOM is a subset of AIBOM. AIBOM provides a broader, more comprehensive view of the entire AI system while MLBOM covers the ML components.

An AIBOM includes models, datasets, dependencies, frameworks, hardware, licenses and governance policies. This is used to track provenance, security risks, compliance and ethical considerations in AI development.

An MLBOM focuses on the machine learning components. It includes model architectures, training datasets, feature engineering processes, hyperparameters and evaluation metrics. This is used for ML model lifecycle management, version control and auditability. It does not cover hardware or regulatory aspects unless directly ML-related.

This is the MLBOM definition and meaning. To learn about the AIBOM, click here. [link to AIBOM article to learn more]

Why Use an MLBOM?

MLBOMs allow managing ML models and systems effectively. Organizations that adopt an MLBOM gain control over their ML pipelines, reducing risks and improving governance.

MLBOMs provide:

End-to-end visibility into all components, from data sources to model deployment.
Transparency into how ML models make decisions.
Ability to recreate models with the same parameters, data and dependencies.
Documentation of every iteration of a model, preventing loss of knowledge.

This enables:

Bias identification & ethical AI tracking
Drift and performance monitoring
Support for identifying and mitigating security risks
Support for meeting regulatory compliance

How Does an MLBOM Work?

An MLBOM acts as a single source of truth for model governance, security, compliance and lifecycle management. Here’s how it works:

1. An MLBOM is generated by automatically or manually logging ML components, like ML model metadata, data lineage, software dependencies, dataset metadata and more.

2. Once created, the MLBOM is stored in a centralized system.

3. The MLBOM is used for ongoing needs, like model reproducibility, regulations, bias audits, security audits, dependency management, drift monitoring, etc.

4. MLBOMs are updated as models and systems are updated. For example, when models are restrained or fine-tuned, when security vulnerabilities are patched or when code is updated.

Tools & Technologies That Support MLBOM

Many MLOps platforms and data lineage tools help in managing an MLBOM:

Model tracking – MLflow, Kubeflow
Data lineage – Data version control
Dependency management – Conda, Poetry, Docker
Bias and Explainability – SHAP
And more

MLBOM as Part of ASPM

Application Security Posture Management (ASPM) applies SBOM (Software Bill of Materials) principles to the MLBOM, ensuring transparency and security for ML-driven applications. This is required to address the security risks introduced by AI and ML models, like:

Model Poisoning Attacks – Adversaries manipulate training data to create biased or insecure models.
Data Integrity Risks – Compromised datasets leading to faulty AI predictions.
Model Theft & Adversarial Attacks – Exposure of proprietary ML models through reverse engineering.
Third-Party Dependencies – ML frameworks (TensorFlow, PyTorch) introduce vulnerabilities like outdated libraries or misconfigurations.

Checkmarx Zero – Latest Security Research

Specializing in breaking and protecting the building blocks of modern software development. From traditional AppSec, through open-source supply chain threats to LLM security.

Zero Post
“Free Hugs” – What To Be Wary of in Hugging Face – Part 1

Zero Post
“Free Hugs” – What to be Wary of in Hugging Face – Part 2

Zero Post
A Beautiful Factory for Malicious Packages

Zero Post
A New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk

Zero Post
All You Need to Know about Spring Framework Vulnerabilities

When integrated into ASPM, MLBOM ensures that AI-driven features are secure, compliant and monitored, which in turn ensure security and reliability of the enterprise application.

To see how Checkmarx can help you secure your software supply chain, click here for a demo.