Summary
Propose a standardized model for AI Behavioral Risk Assertions that extends existing SBOM/VEX concepts to AI/ML systems, enabling consistent representation of model behavior risks, prompt injection susceptibility, data provenance risks, and runtime behavioral constraints.
Motivation
Current SBOM/VEX standards focus on software component vulnerabilities but do not capture AI-specific behavioral risks. As AI becomes embedded in software supply chains, there is a need to represent non-deterministic and behavior-driven risks.
Proposal
Introduce a lightweight assertion layer (AIVEX-like model) that can:
- Represent AI model behavioral risks (hallucination, prompt injection susceptibility, unsafe outputs)
- Express provenance of training and fine-tuning data
- Link AI components to SBOM entries (CycloneDX/SPDX)
- Provide machine-readable assertions compatible with OpenVEX-style structures
Relationship to Existing Work
- CycloneDX SBOM extensions (component-level metadata)
- OpenVEX (vulnerability/exemption semantics)
- SPDX AI/ML profile discussions (where applicable)
Request
Feedback on:
- Whether this belongs in SBOM Everywhere SIG or a new working group
- Alignment with existing OpenSSF AI security initiatives
- Interest in prototyping a reference schema
Summary
Propose a standardized model for AI Behavioral Risk Assertions that extends existing SBOM/VEX concepts to AI/ML systems, enabling consistent representation of model behavior risks, prompt injection susceptibility, data provenance risks, and runtime behavioral constraints.
Motivation
Current SBOM/VEX standards focus on software component vulnerabilities but do not capture AI-specific behavioral risks. As AI becomes embedded in software supply chains, there is a need to represent non-deterministic and behavior-driven risks.
Proposal
Introduce a lightweight assertion layer (AIVEX-like model) that can:
Relationship to Existing Work
Request
Feedback on: