defoneos.mod/ai-bom-sbom-card · csoai.org · ship-grade · tick 96

AI-BOM / SBOM Card

The single document DEFONEOS presents when a buyer CISO / EU CRA conformity assessor / EU AI Office auditor / US FedRAMP / UK NCSC asks "what is inside your model and where did every component come from?" Cross-walks CycloneDX 1.6, SPDX 3.0, EU CRA Annex I §13, EU AI Act Article 13, US EO 14028 / 14110, ISO/IEC 42001 A.6.7, and SLSA L3 supply chain into one machine-readable & human-readable artefact.
BOM standards supported2 (CycloneDX 1.6 · SPDX 3.0)
Regulatory regimes cross-walked6 (EU CRA Annex I §13 · EU AI Act Art-13 · US EO 14028 · US EO 14110 · ISO 42001 A.6.7 · SLSA L3)
BOM components (per build)~3,200 direct dependencies · ~28,000 transitive · ~450 ML-specific (models / datasets / tokenisers)
Cryptographic attestationSIGIL-anchored per build (Ed25519) + SLSA L3 provenance (in-toto)
Vulnerability scanningDaily (OSV-Scanner · Trivy · Grype · Snyk) + 24h CVE-to-attestation pipeline
License scanningDaily (ScanCode Toolkit) + weekly deep (FOSSology)
Public attestation endpointcsoai.org/aibom/{build_sha256}.cdx.json · .spdx.json · .intoto.jsonl
Retention10 years (EU CRA Annex I §13.2 + ISO 42001 A.6.7.3)

1 · Why this document exists

Every regulated AI deployment reaches a point where a buyer's CISO, their EU CRA conformity assessor, the EU AI Office, US FedRAMP, or the UK NCSC asks the same six questions:

  1. "What is inside your model?" (weights, architecture, training data, tokenisers, RLHF preferences)
  2. "Where did every component come from?" (provenance, supply chain, integrity)
  3. "What is its licence posture?" (commercial / OSS / copyleft / proprietary)
  4. "What known vulnerabilities does it have?" (CVEs, advisories, patch status)
  5. "Can you prove it hasn't been tampered with?" (cryptographic attestation, reproducible builds)
  6. "Will you tell us when something changes?" (continuous monitoring, advisory feed)

This card answers all six in one place, with machine-readable artefacts for automated ingestion and human-readable summary for procurement / legal / CISO review.

2 · The 3 BOM formats (machine-readable)

FormatStandardEndpointBuyer tooling
CycloneDX 1.6OWASP CycloneDXcsoai.org/aibom/{build}.cdx.jsonDependency-Track · OWASP Dependency-Check · jq
SPDX 3.0Linux Foundation SPDXcsoai.org/aibom/{build}.spdx.jsonSPDX Tools · ClearlyDefined · ORT
in-toto L3 attestationSLSA v1.0 L3csoai.org/aibom/{build}.intoto.jsonlslsa-verifier · Witness · Tekton Chains

All three are regenerated every build. Every artefact is SHA-256 hashed and Ed25519-signed by the build pipeline's SIGIL key. The build pipeline runs in a hermetic, network-isolated environment with reproducible-build guarantees (SLSA L3 source).

3 · The BOM hierarchy (what gets inventoried)

DEFONEOS's BOM has 4 layers. Every component at every layer is inventoried, attested, and SIGIL-signed.

LayerWhat it coversInventory sizeExample entries
L1 · ApplicationSource code, binaries, container images, configuration~800 files · ~150 packagesPython 3.11.9 · PyTorch 2.3.1 · FastAPI 0.115.0
L2 · ModelModel architecture, weights, tokenisers, RLHF preferences~15 base models · ~80 LoRA adaptersQwen3-30B-A3B · SOV3-small-9B · Liquid-KAN-MoE
L3 · DataTraining data, evaluation data, calibration data, synthetic data~450 datasets · ~30B tokensCompanies House PSC · DVSA MOT 2024 · OGL-UK-3.0 sources
L4 · InfrastructureHardware, OS, firmware, kernel modules, hypervisor~25 base images · ~12 firmware packagesUbuntu 24.04 LTS · QEMU 9.1 · Intel SGX SDK 2.22

The full transitive inventory at L1 alone is ~3,200 direct dependencies and ~28,000 transitive. Of those, ~450 are ML-specific (model checkpoints, tokenisers, RLHF preference sets, evaluation harness components).

4 · CycloneDX 1.6 sample (excerpt)

{
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:defoneos-2026-07-14-v0.95.1",
  "version": 1,
  "metadata": {
    "timestamp": "2026-07-14T00:00:00Z",
    "tools": {
      "components": [{"type": "application", "name": "defoneos-bom-builder", "version": "1.4.2"}]
    },
    "authors": [{"name": "DEFONEOS Sovereign Build", "email": "build@csoai.org"}],
    "component": {
      "bom-ref": "defoneos-runtime@v0.95.1",
      "type": "application",
      "name": "DEFONEOS Sovereign Runtime",
      "version": "v0.95.1",
      "licenses": [{"license": {"id": "Apache-2.0"}}],
      "hashes": [
        {"alg": "SHA-256", "content": "abc123..."},
        {"alg": "ED25519", "content": "a4f8c2d9e1b3..."}
      ]
    }
  },
  "components": [
    {
      "bom-ref": "pkg:pypi/torch@2.3.1",
      "type": "library",
      "name": "torch",
      "version": "2.3.1",
      "licenses": [{"license": {"id": "BSD-3-Clause"}}],
      "hashes": [{"alg": "SHA-256", "content": "..."}],
      "purl": "pkg:pypi/torch@2.3.1",
      "externalReferences": [
        {"type": "website", "url": "https://pytorch.org"},
        {"type": "vcs", "url": "https://github.com/pytorch/pytorch"}
      ]
    },
    {
      "bom-ref": "model:sov3-small@9b",
      "type": "machine-learning-model",
      "name": "sov3-small",
      "version": "9b",
      "licenses": [{"license": {"name": "DEFONEOS-Sovereign-License-1.0"}}],
      "hashes": [{"alg": "SHA-256", "content": "..."}]
    }
  ]
}

5 · The 6 regulatory regimes cross-walked

RegimeRequired contentWhere DEFONEOS provides it
EU CRA Annex I §13SBOM + vulnerability handling + 5-year supportCycloneDX 1.6 (§4) + OSV daily scan + 10-year retention (§1)
EU AI Act Art-13Transparency to deployers · technical documentationAI-BOM (§3) + Model Card + Data Card + System Card (§6)
US EO 14028SBOM for federal procurementSPDX 3.0 + CycloneDX 1.6 + SLSA L3 attestation
US EO 14110Safe / secure / trustworthy AI developmentModel Card + Data Card + Red Team reports (§6)
ISO 42001 A.6.7AI system lifecycle documentationAll 3 BOMs + Model Card + Data Card + System Card
SLSA v1.0 L3Hardened build pipeline + provenancein-toto L3 attestation (§4) + hermetic build + 2-party review

6 · Model Card · Data Card · System Card

Beyond the BOM, DEFONEOS publishes three narrative cards per model version:

CardContentEndpoint
Model CardArchitecture, training procedure, intended use, out-of-scope use, evaluation results (across 12 benchmarks), bias / fairness analysis, environmental costcsoai.org/models/{model_id}/card.md
Data CardTraining data sources, licence posture, PII handling, geographic distribution, known gaps, consent posturecsoai.org/data/{dataset_id}/card.md
System CardEnd-to-end system description, deployment topology, threat model, attack surface, adversarial test results, red team reportscsoai.org/system/{system_id}/card.md

The System Card is also filed with UK AISI per UK AI Safety Institute evaluation protocol. DEFONEOS is a UK AISI Voluntary Commitment signatory (filed 2026-06).

7 · Vulnerability & advisory pipeline

  1. Daily OSV / Trivy / Grype / Snyk scan of all 4 BOM layers
  2. Matching against CVE / GHSA / OSV databases
  3. Triage by 33-agent BFT council: severity assigned within 4 hours (CRITICAL / HIGH / MEDIUM / LOW)
  4. Patch SLA: CRITICAL = 24h · HIGH = 7d · MEDIUM = 30d · LOW = next release
  5. Patched build attested, SIGIL-anchored, advisory published to csoai.org/advisories
  6. Buyer notification via tenant webhook + email + SIGIL channel within 1h of advisory publication

8 · Licence posture (named)

CategoryComponentsLicence posture
DEFONEOS coreRuntime, council, build pipelineApache-2.0 (open)
DEFONEOS sovereign weightsSOV3 small / large, Liquid-KAN, BFT councilDEFONEOS-Sovereign-License-1.0 (commercial, escrow-backed)
Open-source dependenciesPyTorch, FastAPI, ONNX, etc.BSD-3 / Apache-2.0 / MIT — no GPL / AGPL contamination
Open data sourcesCompanies House, DVSA, ONS, EA, OSOGL-UK-3.0 / CC-BY-4.0 — open, attributed
Third-party modelsWhisper, CLIP, etc. (only if buyer opts in)Per-component licence, opt-in only
Buyer-supplied dataCustomer data, fine-tunesBuyer licence retained — DEFONEOS holds no derivative rights

No GPL / AGPL / SSPL contamination in the core stack. Verified by daily ScanCode scan + weekly FOSSology deep scan. Any new dependency with copyleft licence is blocked at PR review.

9 · Cryptographic attestation (the trust root)

Every build produces a SIGIL-anchored attestation. The signing chain:

  1. Source code is committed to a 2-party-review Git repository (SLSA L3 source).
  2. Build pipeline runs in a hermetic environment (no network access); reproducible from source.
  3. Output artefacts (binaries, model weights, BOMs) are hashed (SHA-256).
  4. Hashes are signed with the build pipeline's Ed25519 SIGIL key (HSM-backed).
  5. Signature is committed to the 33-agent BFT council ledger.
  6. Public verification endpoint: csoai.org/aibom/{build_sha256}.sig

Buyers verify any artefact in <100ms: curl https://csoai.org/aibom/verify/{build_sha256} returns the build details + signature status.

10 · Cross-walk to other DEFONEOS artefacts

QuestionAnswer lives in
"What is your security architecture?"defoneos-mod-zero-trust-network-architecture.html
"Are you EU CRA ready?"defoneos-mod-eu-cyber-resilience-act-readiness.html
"What is your PMS posture?"defoneos-mod-post-market-monitoring-plan.html
"What are your SLAs?"defoneos-mod-sla-tier-card.html
"What is your insurance cover?"defoneos-mod-insurance-liability-bridge.html

11 · The 5 Anti-Patterns (BOM Disasters We Refuse)

  1. No "we'll generate the SBOM at audit time." BOMs are generated every build, daily scan, and advisory release.
  2. No "vendor gave us a binary with no source." All 3rd-party components are inventoried + verified.
  3. No "we patch quarterly." CRITICAL CVEs patched within 24h; buyer notified within 1h.
  4. No "licence is the legal team's problem." Licence scanning is automated; copyleft blocks PR merge.
  5. No "the model is a black box." Model Card + Data Card + System Card are public per release.

12 · Buyer Next Steps

  1. Verify this document hash: curl https://csoai.org/defoneos-mod-ai-bom-sbom-card.html | shasum -a 256
  2. Browse a sample BOM: csoai.org/aibom/sample.cdx.json
  3. Verify any build attestation: csoai.org/aibom/verify/{build_sha256}
  4. Subscribe to advisory feed: csoai.org/advisories/subscribe
  5. Request a 60-minute BOM walkthrough with our CISO.
  6. Inspect the System Card: csoai.org/system/sovereign-runtime/card.md
SIGIL: T96-ai-bom-sbom-card-e9c3a7d5b2f1 · care_score 0.95 · BFT 33-agent vote: 28 approve / 5 amend / 0 reject (quorum 25/33)
Authority: DEFONEOS Sovereign Architecture Board, ratified 2026-07-14
License: Open — buyers, EU CRA conformity assessors, EU AI Office auditors, US FedRAMP reviewers, UK NCSC, FOSS community free to cite and redistribute with SIGIL preserved
Owner: DEFONEOS Security & Compliance · security@csoai.org