Safeguard.sh Documentation Center

AI-BOM Discovery

Inventory every AI asset in your environment — models, ML dependencies, notebooks, prompts, vector stores, agents, MCP servers, and inference endpoints — into one tenant-scoped AI bill of materials.

AI-BOM Discovery

You can't govern AI assets you don't know you have. AI-BOM discovery builds a continuously-updated inventory of every AI asset across your code, cloud, and connected SaaS — the bill of materials that AI-SPM's posture scoring, model scanning, and governance all build on.

What it inventories

Discovery runs across three surfaces and records each asset as a typed inventory entry:

SurfaceWhat is discoveredAsset kinds
CodeImports of AI SDKs (openai, anthropic, langchain, transformers, llama_index); model weight files (.pt, .safetensors, .gguf); prompt templates; notebooks; MCP server configuration (mcp.json)model, service, prompt, notebook, mcp_server
CloudManaged inference endpoints — SageMaker, Bedrock, Vertex AI — discovered through the existing cloud connectorsendpoint, model
SaaSConnected but unsanctioned AI tools surfaced through shadow-AI detectionservice

Vector databases (Pinecone, Weaviate, pgvector connection strings) are inventoried as vector_store assets, and agent definitions as agent assets. Discovery unifies AI signals that were previously scattered across separate checks into one place rather than duplicating them.

The AI-BOM

Every discovered asset becomes an AIAsset record — its kind, name, source, format, and metadata — and the assets for a product are assembled into an AIBOM: a tenant/org-scoped snapshot of your AI footprint at a point in time. The AI-BOM is the substrate the rest of AI-SPM operates over: model-artifact scanning attaches findings to the model assets it inventories, and the posture score reads the inventory to compute its ai_inventory_visibility factor (you can't have good posture over assets you can't see).

Findings it produces

Discovery itself is an inventory pass, so its primary output is the AI-BOM rather than findings. The assets it surfaces feed the engines that do emit findings:

  • Model assets are handed to AI-SPM model-artifact scanning, which produces aisec findings (unsafe pickle opcodes, ONNX code-execution operators, and so on) discriminated in the unified findings model.
  • Shadow-AI services surface unsanctioned tools for governance review.
  • Missing-visibility gaps lower the ai_inventory_visibility posture factor.

How to enable

AI-BOM discovery is part of the AI-SPM engine and is admin-toggleable via the ff.aispm feature flag, enforced server-side. Once enabled, discovery runs across connected repositories, cloud accounts, and SaaS integrations through the standard scan flow, and the AI-BOM is queryable in the app and through the API.

On this page