Skip to content

Proposal: AI Behavioral Risk Assertions Across SBOM/VEX Ecosystem (AIVEX Concept) #625

Description

@devashridatta-dotcom

Summary

Propose a standardized model for AI Behavioral Risk Assertions that extends existing SBOM/VEX concepts to AI/ML systems, enabling consistent representation of model behavior risks, prompt injection susceptibility, data provenance risks, and runtime behavioral constraints.

Motivation

Current SBOM/VEX standards focus on software component vulnerabilities but do not capture AI-specific behavioral risks. As AI becomes embedded in software supply chains, there is a need to represent non-deterministic and behavior-driven risks.

Proposal

Introduce a lightweight assertion layer (AIVEX-like model) that can:

  • Represent AI model behavioral risks (hallucination, prompt injection susceptibility, unsafe outputs)
  • Express provenance of training and fine-tuning data
  • Link AI components to SBOM entries (CycloneDX/SPDX)
  • Provide machine-readable assertions compatible with OpenVEX-style structures

Relationship to Existing Work

  • CycloneDX SBOM extensions (component-level metadata)
  • OpenVEX (vulnerability/exemption semantics)
  • SPDX AI/ML profile discussions (where applicable)

Request

Feedback on:

  1. Whether this belongs in SBOM Everywhere SIG or a new working group
  2. Alignment with existing OpenSSF AI security initiatives
  3. Interest in prototyping a reference schema

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions