[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [AI Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/artificial-intelligence-cybersecurity?ts=markdown) 3. [What Is an AI-BOM (AI Bill of Materials)? \& How to Build It](https://www.paloaltonetworks.com/cyberpedia/what-is-an-ai-bom?ts=markdown) Table of contents * [Why are AI-BOMs necessary?](#why-are-ai-boms-necessary) * [What information does an AI-BOM contain?](#what-information-does-an-ai-bom-contain) * [How do you build an AI-BOM?](#how-do-you-build-an-ai-bom) * [Where does an AI-BOM fit in the AI lifecycle?](#where-does-an-ai-bom-fit-in-the-ai-lifecycle) * [Who maintains an AI-BOM inside an organization?](#who-maintains-an-ai-bom-inside-an-organization) * [What challenges come with implementing AI-BOMs?](#what-challenges-come-with-implementing-ai-boms) * [What standards define AI-BOMs today?](#what-standards-define-ai-boms-today) * [What is the difference between an SBOM and an AI-BOM?](#what-is-the-difference-between-an-sbom-and-an-ai-bom) * [AI-BOM FAQs](#ai-bom-faqs) # What Is an AI-BOM (AI Bill of Materials)? \& How to Build It 7 min. read Table of contents * [Why are AI-BOMs necessary?](#why-are-ai-boms-necessary) * [What information does an AI-BOM contain?](#what-information-does-an-ai-bom-contain) * [How do you build an AI-BOM?](#how-do-you-build-an-ai-bom) * [Where does an AI-BOM fit in the AI lifecycle?](#where-does-an-ai-bom-fit-in-the-ai-lifecycle) * [Who maintains an AI-BOM inside an organization?](#who-maintains-an-ai-bom-inside-an-organization) * [What challenges come with implementing AI-BOMs?](#what-challenges-come-with-implementing-ai-boms) * [What standards define AI-BOMs today?](#what-standards-define-ai-boms-today) * [What is the difference between an SBOM and an AI-BOM?](#what-is-the-difference-between-an-sbom-and-an-ai-bom) * [AI-BOM FAQs](#ai-bom-faqs) 1. Why are AI-BOMs necessary? * [1. Why are AI-BOMs necessary?](#why-are-ai-boms-necessary) * [2. What information does an AI-BOM contain?](#what-information-does-an-ai-bom-contain) * [3. How do you build an AI-BOM?](#how-do-you-build-an-ai-bom) * [4. Where does an AI-BOM fit in the AI lifecycle?](#where-does-an-ai-bom-fit-in-the-ai-lifecycle) * [5. Who maintains an AI-BOM inside an organization?](#who-maintains-an-ai-bom-inside-an-organization) * [6. What challenges come with implementing AI-BOMs?](#what-challenges-come-with-implementing-ai-boms) * [7. What standards define AI-BOMs today?](#what-standards-define-ai-boms-today) * [8. What is the difference between an SBOM and an AI-BOM?](#what-is-the-difference-between-an-sbom-and-an-ai-bom) * [9. AI-BOM FAQs](#ai-bom-faqs) An AI-BOM is a machine-readable inventory that lists every dataset, model, and software component used to build and operate an AI system. It's created by collecting this information during model development and structuring it with standards to record versions, sources, and relationships. Building an AI-BOM enables organizations to trace model lineage, verify data provenance, and meet transparency and compliance requirements. ## Why are AI-BOMs necessary? AI systems are becoming more complex, distributed, and dependent on external data and models. Unlike traditional software, their behavior depends not just on code but on how they're trained, tuned, and updated over time. Each model may rely on third-party data sources, pre-trained components, or continuous learning pipelines that change automatically. At the same time, organizations are deploying AI faster than they can govern it. According to McKinsey's recent survey,[The state of AI in 2025: Agents, innovation, and transformation:](https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai) * 88% of organizations report regular AI use in at least one business function (up from 78% the previous year). * Half of respondents say their organizations are using AI in three or more business functions. * Nearly 50% of large companies (\>$5B in revenue) have scaled AI, compared with just 29% of small companies (\<$100M). That lack of traceability makes it difficult to verify security, fairness, and compliance at scale. That creates a new kind of supply chain. One made up of datasets, models, and algorithms rather than static code. Traditional [software bills of materials (SBOMs)](https://www.paloaltonetworks.com/cyberpedia/what-is-software-bill-materials-sbom) were never designed for that level of uncertainty. They track software dependencies but not the datasets, model weights, or retraining processes that shape AI behavior over time. That's where the gap appeared. As AI systems scaled and adopted third-party components, new risks became apparent, like data poisoning, model tampering, and unverified third-party components. Each introduces uncertainty into how an AI system learns and behaves. And without a transparent record of those elements, it's nearly impossible to trace or validate what's running in production. Regulators have noticed. Recent policy efforts now require documentation of model sources, data provenance, and performance testing. Security authorities have published AI‑specific SBOM use cases to address these blind spots. Basically, AI-BOMs are necessary today because AI isn't static software. It's a living system that evolves, retrains, and depends on data you don't always control. A structured, machine‑readable bill of materials is a reliable way to keep that ecosystem accountable. | ***Further reading:*** * [*Top GenAI Security Challenges: Risks, Issues, \& Solutions*](https://www.paloaltonetworks.com/cyberpedia/generative-ai-security-risks) * [*What Is Data Poisoning? \[Examples \& Prevention\]*](https://www.paloaltonetworks.com/cyberpedia/what-is-data-poisoning) ![Icon of a browser](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/icon-assessment.svg) ## FREE AI RISK ASSESSMENT Get a complimentary vulnerability assessment of your AI ecosystem. [Claim assessment](https://www.paloaltonetworks.com/network-security/cloud-and-ai-risk-assessment) ## What information does an AI-BOM contain? ![Diagram titled 'What an AI-BOM contains' shows two rectangular sections labeled 'Model metadata' and 'Dataset metadata' connected by a horizontal arrow labeled 'trained on / depends on'. The left box, shaded light blue, lists model attributes including name 'ImageClassifier-V2', version '2.1', architecture 'ResNet50', provenance 'Trained on internal dataset', evaluation metrics 'Accuracy 94', and safety or guardrail documentation 'Enabled'. The right box, shaded light orange, lists dataset attributes including name 'Dataset-A', source 'Internal image repository', license 'CC-BY-4.0', preprocessing 'Normalized images', bias notes 'Reviewed', and update cadence 'Quarterly'. Below both boxes, a horizontal row labeled 'Shared fields' contains four blue icons with captions 'Supplier details', 'Component hashes', 'Licensing information', and 'Relationships: Model – Dataset'. A curved line connects each icon upward toward the two metadata boxes, visually linking them under the shared fields category.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/What-an-AI-BOM-contains.png "Diagram titled 'What an AI-BOM contains' shows two rectangular sections labeled 'Model metadata' and 'Dataset metadata' connected by a horizontal arrow labeled 'trained on / depends on'. The left box, shaded light blue, lists model attributes including name 'ImageClassifier-V2', version '2.1', architecture 'ResNet50', provenance 'Trained on internal dataset', evaluation metrics 'Accuracy 94', and safety or guardrail documentation 'Enabled'. The right box, shaded light orange, lists dataset attributes including name 'Dataset-A', source 'Internal image repository', license 'CC-BY-4.0', preprocessing 'Normalized images', bias notes 'Reviewed', and update cadence 'Quarterly'. Below both boxes, a horizontal row labeled 'Shared fields' contains four blue icons with captions 'Supplier details', 'Component hashes', 'Licensing information', and 'Relationships: Model – Dataset'. A curved line connects each icon upward toward the two metadata boxes, visually linking them under the shared fields category.") An AI-BOM is built around structured, machine-readable fields. Each field describes a specific part of the AI system, from the model itself to the data that trained it and the relationships that tie them together. These fields follow a defined schema so they can be automated, validated, and compared across systems. ### Model metadata Model metadata describes the AI component itself. It includes the model's name, version, architecture, and provenance details. These fields document how and when a model was trained, along with the tools or configurations that shaped it. Performance metrics such as accuracy or precision are also included. They help users understand what the model was evaluated against and how it performed. Ethical or safety notes can be added to flag known limitations or constraints. For generative AI (GenAI) models, this includes documentation of model safety layers, guardrails, and any specific hallucination mitigation strategies deployed. ***Note:*** *Model metadata doesn't just document technical details. It tells the story of how intelligence was formed. Understanding a model's lineage, from architecture to evaluation, is how organizations trace why a system behaves the way it does in production.* | ***Further reading:*** * [*What Are AI Hallucinations? \[+ Protection Tips\]*](https://www.paloaltonetworks.com/cyberpedia/what-are-ai-hallucinations) * [*What Is AI Bias? Causes, Types, \& Real-World Impacts*](https://www.paloaltonetworks.com/cyberpedia/what-is-ai-bias) ### Dataset metadata Dataset metadata focuses on the data used to train or fine-tune the model. It lists the dataset's source, licensing, and preprocessing steps that shaped the data before training. These fields provide context on data quality and representativeness. They also record bias annotations or known limitations so organizations can monitor fairness. For models trained on vast or proprietary data, documentation must also address data privacy, memorization risks, and content filtering steps used prior to training. The update cadence field indicates how often datasets change. Which is a critical factor for retraining and drift detection. ***Note:*** *Dataset records often reveal more about an AI system's strengths and weaknesses than the model itself. Tracking where data came from, how it was shaped, and how often it changes doesn't just explain performance. It also explains bias, reliability, and risk.* ### Shared fields Shared fields link everything together. They include supplier details, component hashes for integrity, and licensing information. Relationship fields define how each model and dataset connect, forming the backbone of traceability within the AI-BOM. ### Example { "Model": { "name": "ImageClassifier-V2", "version": "2.1", "architecture": "ResNet50", "provenance": "Trained on internal dataset", "dataset": "Dataset-A", "evaluation\_metrics": { "accuracy": "94%" } }, "Dataset": { "name": "Dataset-A", "source": "Internal image repository", "license": "CC-BY-4.0", "update\_cadence": "Quarterly" } } ## How do you build an AI-BOM? ![Process diagram titled 'How to Build an AI-BOM' shows seven vertically stacked rounded rectangles, each labeled as a numbered step with supporting text and a small circular icon on the right. Step 1 reads 'Define scope \& ownership' with smaller text explaining that teams should decide which AI systems need documentation and assign clear owners across MLOps, data science, and compliance teams. Step 2 reads 'Select SPDX 3.0 AI \& Dataset profiles' with text describing the use of standardized schemas to describe models, datasets, and relationships in a consistent, machine-readable format. Step 3 reads 'Automate extraction in ML pipelines' with text stating that metadata collection should be embedded directly into training and deployment workflows so AI-BOMs update automatically. Step 4 reads 'Validate via SPDX schemas \& ontology' with text indicating that automated checks confirm all required fields are complete and relationships are accurate. Step 5 reads 'Version \& sign for integrity' with text explaining that version history should be maintained and cryptographic signatures or hashes added to ensure authenticity and prevent tampering. Step 6 reads 'Integrate with compliance \& monitoring workflows' with text describing how AI-BOMs connect to monitoring, vulnerability, and governance tools for continuous oversight. Step 7 reads 'Store centrally for audit or incident response' with text explaining that AI-BOMs should be kept in a version-controlled repository as a single source of truth for audits, investigations, and collaboration. A small Palo Alto Networks logo appears centered below the final step.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/How-to-Build-an-AI-BOM.png) Building an AI-BOM is a structured, standards-driven process. It's methodical by design because consistency is what makes the record useful. Each step helps capture the details that define how your models and datasets are built, verified, and maintained. Think of it less as paperwork and more as infrastructure. The goal is to make transparency part of how your AI systems operate. Not an afterthought. When done right, the AI-BOM becomes a living source of truth that updates as your models evolve. Let's walk through what that process looks like in practice. ### Step 1: Define scope and ownership Start by deciding which AI systems to include. Not every experiment or prototype needs full documentation, but production and externally sourced models do. Scope determines depth. Then assign ownership. For example: MLOps teams manage automation, data scientists provide model lineage, and compliance teams maintain oversight. Without clear ownership, the AI-BOM quickly falls out of sync with reality. ***Tip:*** *Start with a clear inventory of where models live: internal, cloud, and third-party. Gaps usually appear at integration points, so mapping every AI entry point early makes the rest of the AI-BOM process faster and more accurate.* ### Step 2: Select SPDX 3.0 AI and Dataset profiles SPDX 3.0.1 is the technical backbone for AI-BOMs. It defines how to describe models, datasets, and their dependencies in a consistent, machine-readable way. The AI and Dataset Profiles capture what matters most---architecture, data sources, licensing, and provenance---and standardize how relationships like trained on or tested on are represented. Using these profiles means every AI-BOM can interoperate across tools and teams. ### Step 3: Automate extraction in ML pipelines Manual updates don't scale. Embed metadata collection into your training and deployment pipelines instead. Automation captures model parameters, dataset sources, and environment details as they change. Which means every new model version or retraining cycle automatically updates the AI-BOM without human intervention or stale records. ***Tip:*** *Treat metadata collection as part of your [CI/CD pipeline](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security), not an afterthought. Capturing training parameters and environment data at build time keeps documentation aligned with the exact code and dataset versions used.* ### Step 4: Validate via SPDX schemas and ontology Once data is collected, it needs to be checked. SPDX provides JSON-LD schemas and an ontology that define how an AI-BOM should be structured. Run validations to confirm fields are complete and relationships make sense. Validation isn't busywork. It prevents mismatches that can break traceability or compromise audit readiness. ### Step 5: Version and sign for integrity Each AI-BOM should be versioned alongside the model it describes. That keeps history intact when models retrain or change ownership. Add a cryptographic signature or hash to verify authenticity. This step enforces integrity and ensures version history remains tamper-proof. ***Tip:*** *Pair version tags with model lineage notes that explain why a new version exists, such as new data, architecture changes, or retraining triggers. This context prevents confusion later when auditing model drift or performance regressions.* ### Step 6: Integrate with compliance and monitoring workflows An AI-BOM delivers value only when it connects to the systems that use it. Link it with [vulnerability management](https://www.paloaltonetworks.com/cyberpedia/vulnerability-management), model monitoring, and compliance reporting tools. That integration lets teams flag outdated models, track retraining events, and automatically prove adherence to regulatory and internal governance requirements. ### Step 7: Store centrally for audit or incident response Centralize storage in a version-controlled repository. It becomes the single source of truth for audits, security investigations, and cross-team collaboration. When an incident occurs, teams can immediately trace which model or dataset was involved. And respond with confidence instead of guesswork. ***Tip:*** *Use role-based access controls in your repository so teams can view AI-BOMs without modifying them. Controlled visibility balances transparency with security. Which is critical when multiple departments or vendors rely on the same record.* | ***Further reading:*** * [*How to Secure AI Infrastructure: A Secure by Design Guide*](https://www.paloaltonetworks.com/cyberpedia/ai-infrastructure-security) * [*How to Build a Generative AI Security Policy*](https://www.paloaltonetworks.com/cyberpedia/ai-security-policy) ## Where does an AI-BOM fit in the AI lifecycle? ![Process diagram titled 'Where an AI-BOM fits in the AI lifecycle' is divided into four labeled sections arranged around a central circular arrow graphic numbered 1 through 4. The top-left section, labeled 'Planning' with a blue icon, includes text stating to identify which models, datasets, and dependencies need documentation and create the initial AI-BOM before development begins. The top-right section, labeled 'Training \& validation' with an orange icon, includes text about updating the AI-BOM as models are trained or fine-tuned, capturing datasets, parameters, and performance metrics, and verifying that recorded assets match what was used in training. The bottom-right section, labeled 'Deployment' with a teal icon, contains text saying the AI-BOM travels with the model into production and provides a transparent record of components, licensing, and provenance. The bottom-left section, labeled 'Monitoring' with a gray icon, includes text about using the AI-BOM as a living record for audits and investigations and updating it after retraining or dataset changes. The central illustration shows a circular sequence of four arrows colored blue, orange, teal, and gray corresponding to the four lifecycle stages.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/Where-an-AI-BOM-fits-in-the-AI-lifecycle.png "Process diagram titled 'Where an AI-BOM fits in the AI lifecycle' is divided into four labeled sections arranged around a central circular arrow graphic numbered 1 through 4. The top-left section, labeled 'Planning' with a blue icon, includes text stating to identify which models, datasets, and dependencies need documentation and create the initial AI-BOM before development begins. The top-right section, labeled 'Training & validation' with an orange icon, includes text about updating the AI-BOM as models are trained or fine-tuned, capturing datasets, parameters, and performance metrics, and verifying that recorded assets match what was used in training. The bottom-right section, labeled 'Deployment' with a teal icon, contains text saying the AI-BOM travels with the model into production and provides a transparent record of components, licensing, and provenance. The bottom-left section, labeled 'Monitoring' with a gray icon, includes text about using the AI-BOM as a living record for audits and investigations and updating it after retraining or dataset changes. The central illustration shows a circular sequence of four arrows colored blue, orange, teal, and gray corresponding to the four lifecycle stages.") An AI-BOM isn't created once and forgotten. It's woven through every phase of the AI lifecycle, from planning and training to deployment and monitoring. * **It begins in the planning stage.** That's when teams identify which models, datasets, and dependencies need to be documented. Early generation ensures traceability before code or data pipelines even take shape. * **Next comes training and validation.** Each time a model is trained or fine-tuned, the AI-BOM is updated to reflect new parameters, datasets, and performance results. Validation stages confirm that documented assets match what was actually used. * **During deployment, the AI-BOM travels with the model.** It provides a transparent record of components, licensing, and provenance, which is essential for compliance and operational oversight. * **Finally, in monitoring, the AI-BOM acts as a living record.** It's referenced during audits, updated after retraining, and used to trace back any issues that arise in production. The AI-BOM runs parallel to the AI lifecycle. It evolves continuously, keeping documentation aligned with how models and data change over time. | ***Further reading:** [What Is the AI Development Lifecycle?](https://www.paloaltonetworks.com/cyberpedia/ai-development-lifecycle)* ## Who maintains an AI-BOM inside an organization? Maintaining an AI-BOM isn't a one-team job. It requires coordination across technical, security, and governance functions to keep the record accurate as systems evolve. Responsibility is shared: * Data science teams update details about models and datasets. * MLOps teams manage the automation that generates and stores AI-BOM data. * Product security teams verify integrity and ensure alignment with secure development practices. * Compliance teams review updates for documentation and audit readiness. So each group owns part of the process. However, there should be one accountable owner. In most organizations, that role sits with an [AI security](https://www.paloaltonetworks.com/cyberpedia/ai-security) or ML governance lead. This person oversees lifecycle management, approves schema or field changes, and ensures updates follow established policy. ## What challenges come with implementing AI-BOMs? ![Diagram titled 'AI-BOM implementation challenges' displays four labeled boxes arranged in a two-by-two grid, each with an orange square icon on the left and text on the right. The top-left box is labeled 'Balancing transparency \& IP' and includes text about meeting compliance requirements without exposing proprietary models, data, or methods. The top-right box is labeled 'Tooling \& interoperability gaps' with text stating that standards such as SPDX and CycloneDX are advancing but not yet fully aligned. The bottom-left box is labeled 'Managing retraining \& version sprawl' and contains text explaining that frequent model updates and dataset changes generate new metadata that becomes unmanageable without automation. The bottom-right box is labeled 'Organizational alignment' with text noting that multiple teams own parts of the process while accountability structures continue to evolve.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/AI-BOM-implementation-challenges.png "Diagram titled 'AI-BOM implementation challenges' displays four labeled boxes arranged in a two-by-two grid, each with an orange square icon on the left and text on the right. The top-left box is labeled 'Balancing transparency & IP' and includes text about meeting compliance requirements without exposing proprietary models, data, or methods. The top-right box is labeled 'Tooling & interoperability gaps' with text stating that standards such as SPDX and CycloneDX are advancing but not yet fully aligned. The bottom-left box is labeled 'Managing retraining & version sprawl' and contains text explaining that frequent model updates and dataset changes generate new metadata that becomes unmanageable without automation. The bottom-right box is labeled 'Organizational alignment' with text noting that multiple teams own parts of the process while accountability structures continue to evolve.") AI-BOM adoption is still developing, and real-world implementation brings its own set of challenges. The concept is proven. The tooling and operational maturity are still catching up. **Balancing transparency with intellectual property remains the most sensitive issue.** Organizations want to disclose enough to prove compliance without revealing proprietary models or training methods. Finding that balance is still more art than automation. **Managing continuous retraining and version sprawl is another.** Each model update or dataset change creates new metadata, and manual upkeep quickly becomes unmanageable without automation. **Tooling maturity and interoperability are also evolving.** Standards like SPDX and CycloneDX are converging, but they're not yet seamlessly compatible across AI ecosystems. **Finally, organizational alignment can slow progress.** Data science, compliance, and security teams all play a role in maintaining the AI-BOM. But shared accountability and ownership models are still emerging. ## What standards define AI-BOMs today? ![Diagram titled 'How AI-BOM standards are taking shape' displays a vertical timeline with five labeled sections, each containing colored headers, descriptive text blocks, and icon panels. The first section, labeled 'Technical foundation,' contains a gray header bar and text describing SPDX 3.0.1 defining AI and Dataset Profiles. The second section, labeled 'Implementation in progress,' has a purple header bar with text about industry groups applying SPDX 3.0.1 and testing JSON-LD serialization, schema validation, and automation alignment. The third section, labeled 'Operational use cases,' includes a teal header bar above four square icon tiles labeled 'Compliance \& audit readiness,' 'Vulnerability \& supply chain risk tracking,' 'Third-party \& vendor assurance,' and 'Model lifecycle documentation.' The fourth section, labeled 'Governance frameworks,' includes two boxed items: one labeled 'ISO/IEC 42001:2023' with subtext 'Lifecycle governance and accountability,' and one labeled 'NIST AI RMF 1.0' with subtext 'Traceability \& risk management alignment.' The fifth section, labeled 'Evolving standards,' has a green header bar with text referencing SPDX 3.1 adding configuration and deployment metadata and a note in a blue box describing a 2026 outlook about the alignment of 'SBOM for AI' and 'AI-BOM.' All sections are aligned along a central vertical line representing progression.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/How-AI-BOM-standards-are-taking-shape.png) AI-BOMs are now being defined through a combination of technical standards, implementation work, and governance frameworks. Each contributes something different, from schema design to risk alignment. **The foundation is the [Software Package Data Exchange (SPDX) 3.0.1](https://spdx.github.io/spdx-spec/v3.0.1/) specification, which introduced formal AI and Dataset profiles.** These profiles extend the traditional SBOM model to describe [machine learning](https://www.paloaltonetworks.com/cyberpedia/machine-learning-ml) components---models, datasets, training configurations, and provenance data---in a consistent, machine-readable format. SPDX provides the technical structure that makes an AI-BOM possible. **Beyond the standard itself, implementation work is already underway. Industry groups have published guidance on applying SPDX 3.0.1 in real AI environments.** This includes examples of JSON-LD serialization, schema validation, and best practices for aligning AI-BOM data with automation pipelines. Operationally, community drafts are testing how AI-BOMs work in practice. Current use cases focus on compliance, vulnerability response, third-party risk management, and model lifecycle tracking. They demonstrate how an AI-specific extension of an SBOM can close visibility gaps unique to machine learning systems. **Governance ties it all together. Recent international standards now reference AI asset documentation as part of responsible AI management.** Frameworks such as [ISO/IEC 42001:2023](https://www.iso.org/standard/42001) and the [NIST AI Risk Management Framework 1.0](https://www.nist.gov/itl/ai-risk-management-framework) both emphasize traceability, accountability, and lifecycle control. **And finally, research validation. Peer-reviewed publications have documented the process of evolving SBOMs into AI-BOMs.** The goal is to ensure the standard is practical, interoperable, and ready for broad adoption. Research validation continues to shape these standards, ensuring they remain practical and interoperable. Work is underway in the SPDX community to extend coverage for configuration and deployment metadata. Future releases are expected to expand into runtime and infrastructure details. Today, the terms SBOM for AI and AI-BOM are used alongside each other, but their usage is gradually aligning as guidance and standards mature. Over time, the focus is likely to shift from defining the schema to automating it within secure MLOps toolchains. | ***Further reading:*** * [*What Is AI Governance?*](https://www.paloaltonetworks.com/cyberpedia/ai-governance) * [*NIST AI Risk Management Framework (AI RMF)*](https://www.paloaltonetworks.com/cyberpedia/nist-ai-risk-management-framework) ![Icon of document with the Unit 42 logo](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/icon-unit-42-assessment.svg) ## UNIT 42 AI SECURITY ASSESSMENT FOR GENAI PROTECTION Learn how Unit 42 experts can help you create a threat-informed strategy for data, models, and applications [More info](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment) ## What is the difference between an SBOM and an AI-BOM? ![Chart titled 'Comparison: SBOM vs. AI-BOM'. A two-column comparison table displays SBOM in blue on the left and AI-BOM in orange on the right. The leftmost column lists four dimensions with corresponding icons: a magnifying glass for Scope, a circular gauge for Lifecycle, a warning triangle for Risk focus, and a document icon for Standard basis. Under Scope, the SBOM column contains the text 'Software dependencies and libraries', while the AI-BOM column contains 'Models, datasets, training data, and runtime artifacts'. Under Lifecycle, the SBOM column reads 'Static build and deployment', and the AI-BOM column reads 'Continuous training, fine-tuning, and monitoring'. Under Risk focus, the SBOM column shows 'Vulnerabilities and license compliance', and the AI-BOM column shows 'Data poisoning, model bias, and provenance gaps'. Under Standard basis, the SBOM column displays 'SPDX core and software profiles', and the AI-BOM column displays 'SPDX AI and dataset profiles'.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/Comparison-SBOM-vs-AI-BOM.png "Chart titled 'Comparison: SBOM vs. AI-BOM'. A two-column comparison table displays SBOM in blue on the left and AI-BOM in orange on the right. The leftmost column lists four dimensions with corresponding icons: a magnifying glass for Scope, a circular gauge for Lifecycle, a warning triangle for Risk focus, and a document icon for Standard basis. Under Scope, the SBOM column contains the text 'Software dependencies and libraries', while the AI-BOM column contains 'Models, datasets, training data, and runtime artifacts'. Under Lifecycle, the SBOM column reads 'Static build and deployment', and the AI-BOM column reads 'Continuous training, fine-tuning, and monitoring'. Under Risk focus, the SBOM column shows 'Vulnerabilities and license compliance', and the AI-BOM column shows 'Data poisoning, model bias, and provenance gaps'. Under Standard basis, the SBOM column displays 'SPDX core and software profiles', and the AI-BOM column displays 'SPDX AI and dataset profiles'.") AI-BOMs build on the same foundation as SBOMs but were created to address the unique dependencies and lifecycle of modern AI systems. Here's the difference between the two: * Traditional SBOMs track static software components. They describe what goes into an application at a single point in time. * AI-BOMs expand that idea to include everything that shapes how an AI system behaves: datasets, model architectures, training pipelines, and continuous retraining. Both use the same underlying tooling. The distinction lies in scope and schema. SBOMs capture code. AI-BOMs capture the data, model, and dependency context that define how AI systems are built and maintained. ![Icon of hand beneth the Prisma logo](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-an-ai-bom/icon-prisma-airs-demo.svg) ## INTERACTIVE DEMO: PRISMA AIRS See firsthand how Prisma AIRS secures models, data, and agents across the AI lifecycle. [Launch demo](https://start.paloaltonetworks.com/prisma-airs-demo.html) ## AI-BOM FAQs #### What exactly is an AI-BOM (Artificial Intelligence Bill of Materials)? An AI-BOM is a machine-readable inventory that documents every model, dataset, dependency, and configuration used in an AI system. It provides standardized traceability and provenance for how an AI model was built, trained, validated, and deployed. #### How is an AI-BOM different from a Software Bill of Materials (SBOM)? An SBOM tracks software components. An AI-BOM extends that concept to include datasets, model architectures, training parameters, and retraining events---elements unique to machine learning and generative systems that continuously evolve. #### Why are AI-BOMs needed now? AI systems depend on external data, pre-trained models, and opaque third-party components. AI-BOMs make these dependencies transparent, enabling reproducibility, accountability, and compliance with emerging AI governance and security frameworks. #### What are the key components listed in an AI-BOM? Model metadata (name, version, architecture, provenance), dataset metadata (source, licensing, preprocessing), configuration details, dependencies, environment context, and relationship fields linking models and datasets for traceability. #### What kind of data-related information does an AI-BOM track? It records dataset sources, structure, preprocessing, licensing, bias annotations, and update cadence. This ensures data lineage is clear and that retraining or drift can be traced to specific dataset versions. #### Does an AI-BOM cover Generative AI (GenAI) models and large language models (LLMs)? Yes. AI-BOMs apply to all AI systems, including GenAI and [LLMs](https://www.paloaltonetworks.com/cyberpedia/large-language-models-llm), by documenting datasets, fine-tuning steps, model versions, and prompt or output constraints relevant to transparency and reproducibility. #### When in the AI lifecycle should an AI-BOM be created and updated? An AI-BOM is generated during planning, updated after training and validation, and maintained through deployment and monitoring. It should evolve continuously with every retrain or dataset update. #### Who is responsible for maintaining the AI-BOM within an organization? Maintenance is shared among data science, MLOps, security, and compliance teams. Oversight typically rests with an AI security or ML governance lead who enforces versioning and update policies. #### What role does an AI-BOM play in regulatory compliance (e.g., EU AI Act, NIST AI RMF)? It provides the audit-ready evidence regulators require---proving data provenance, model lineage, and accountability. It aligns with NIST AI RMF, ISO/IEC 42001, and EU AI Act transparency obligations. #### Can AI-BOM generation be automated, and if so, how? Yes. Metadata can be automatically captured from ML pipelines and serialized using SPDX 3.0.1 or compatible schemas. Automation ensures AI-BOMs stay current as models and datasets evolve. #### Does the AI-BOM need to expose proprietary model weights or intellectual property? No. AI-BOMs describe structure, provenance, and relationships---not the underlying weights or proprietary algorithms. Sensitive elements can be redacted or referenced securely while maintaining compliance. #### How does an AI-BOM help with security risks like model poisoning or adversarial attacks? It identifies which datasets, dependencies, or model versions were affected, enabling rapid isolation and mitigation. The AI-BOM provides the traceability needed for forensics and secure retraining. #### What industry standards or frameworks exist for formatting an AI-BOM? SPDX 3.0.1 defines official AI and Dataset Profiles for schema structure. CISA's SBOM for AI use cases, ISO/IEC 42001, and NIST AI RMF provide governance alignment for AI-BOM adoption. Related content [Report: Unit 42 Threat Frontier: Prepare for Emerging AI Risks Get Unit 42's point of view on AI risks and how to defend your organization.](https://www.paloaltonetworks.com/resources/ebooks/unit42-threat-frontier-report?ts=markdown) [eBook: Is Your AI Ecosystem Secure? Discover the blueprint for protecting all your AI investments.](https://www.paloaltonetworks.com/resources/ebooks/is-your-ai-ecosystem-secure-old?ts=markdown) [Threat research: When AI Remembers Too Much -- Persistent Behaviors in Agents' Memory Check out a PoC that demonstrates how adversaries can use indirect prompt injection to silently poison an AI Agent.](https://unit42.paloaltonetworks.com/indirect-prompt-injection-poisons-ai-longterm-memory/) [Podcast: Threat Vector | Securing AI in the Enterprise Explore what it means to adopt a secure AI by design strategy,](https://www.paloaltonetworks.com/resources/podcasts/threat-vector-securing-ai-in-the-enterprise) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20an%20AI-BOM%20%28AI%20Bill%20of%20Materials%29%3F%20%26%20How%20to%20Build%20It&body=An%20AI-BOM%20is%20a%20machine-readable%20inventory%20that%20lists%20every%20dataset%2C%20model%2C%20and%20software%20component%20used%20to%20build%20and%20operate%20an%20AI%20system.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-an-ai-bom) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language