This paper introduces a way to make Software Bills of Materials (SBOMs) active and context-aware. The authors call the new artefacts Artificial Intelligence Bills of Materials (AIBOMs). Instead of just listing components, AIBOMs use small, policy-constrained software agents to reason about how code actually runs, how dependencies change at runtime, and whether a reported vulnerability is exploitable in a given environment.

The researchers built a multi-agent framework with three specialised agents. A baseline environment reconstruction agent (MCP) recreates the runtime picture. A runtime dependency and drift-monitoring agent (A2A) watches which libraries and files are used as the program runs and notes when the environment changes. A policy-aware vulnerability reasoning agent (AGNTCY) combines the runtime evidence with mitigation status to produce exploitability statements. These agents produce structured, auditable decisions rather than taking enforcement actions.

To keep work compatible with existing tooling, the paper proposes small, standards-aligned schema extensions to common SBOM formats such as CycloneDX and SPDX. The extensions record execution context, how dependencies evolved during a run, and the provenance of agent decisions. Agent outputs are mapped to ISO/IEC 20153:2025 Common Security Advisory Framework (CSAF) v2.0 semantics so that exploitability is expressed as machine-readable VEX-style assertions (VEX meaning exploitability assertions) and can be shared in a standard form.

Why this matters: traditional SBOMs are static inventories. They show which components are present, but not how or whether those components are used at runtime. The agentic AIBOM approach aims to bridge that gap. In the paper’s evaluation on heterogeneous analytical workloads, the framework reportedly improved runtime dependency capture, reproducibility fidelity, and the stability of vulnerability interpretation compared with established provenance systems, while adding low computational overhead. Ablation studies in the paper also indicate each agent contributes capabilities that deterministic automation could not provide.