Discover and govern the AI in your software supply chain
Gartner's 2026 SSCS Magic Quadrant flags AI components — hosted LLMs and especially MCP servers — as a fast-growing third-party attack surface. SBOMVault finds the AI your software actually pulls in and lets you govern it. You cannot control what you cannot see.
Four classes of AI supply-chain asset
We classify the AI/ML signals found in your SBOM dependencies — and in first-party source and config — into categories, each carrying a governance attention level. Hosted LLMs and MCP servers are the egress surface to watch.
Hosted LLM providers
SDKs that send prompts and data to a third-party model API — the highest-attention data-egress surface.
MCP servers
Model Context Protocol packages and configs that grant AI agents tool access — a new, fast-growing attack surface.
Agent & vector frameworks
Orchestration frameworks and vector stores that widen the AI surface — chains, tools, retrieval, embeddings.
Models & ML runtimes
Local ML frameworks, models pulled from registries, and committed weight files — inventoried for provenance and license.
The AI nobody declared
Most AI enters the supply chain quietly — an openai or @anthropic-ai/sdk dependency here, a LangChain agent there, an .mcp.json wiring up tool servers. None of it shows up in a producer-emitted ML-BOM.
SBOMVault surfaces it two ways: from your dependency graph, and from first-party source and config it scans during a repo scan — MCP server configurations (extracting the configured server names), AI-coding-assistant configs (Cursor, Copilot, Continue, Aider, Claude Code), and committed model files (with pickle-format weights flagged for code-execution-on-load risk).
Where it lives in the product
01
AI Supply Chain dashboard
Every AI asset discovered across your inventory — from dependencies and from source/config — classified by category, provider, and governance verdict (allowed, review, or denied).
02
AIBOM export (CycloneDX 1.6)
Generate an AI Bill of Materials: ML models as machine-learning-model components with model cards, hosted LLMs and MCP servers as external services across a trust boundary, and AI libraries as components.
03
AI governance policy
Deny named providers, block all external hosted LLMs, or deny MCP servers outright. Every discovered asset is re-evaluated against the policy and flagged allowed / review / denied.
04
AI Model Inventory
Producer-emitted ML-BOMs (CycloneDX 1.6 machine-learning-model) populate a model register with model cards, datasets, and risk scores for SR 11-7 / SR 23-4 review — complementing the discovery above.
What it is — and what it isn't
Discovery is heuristic inventory from what your software declares: dependency names and package URLs, plus AI signals in first-party source and config files scanned during a repo scan. It is not runtime instrumentation and does not intercept live model traffic.
It complements — does not replace — the AI Model Inventory, which records the models a producer formally emitted as a CycloneDX ML-BOM. Together they cover both the AI you declared and the AI you didn't.
That is a deliberate, honest boundary. For the AI your supply chain actually pulls in, you get a precise, governable inventory today — which is far more visibility than most organizations have into their AI.
See the AI in your supply chain
Start free and the AI Supply Chain dashboard surfaces the LLMs, MCP servers, and models your software pulls in — with an AIBOM export and a governance policy to lock down what you don't allow.
Frequently asked questions
- What is AI supply chain security?
- It is the discovery and governance of third-party AI in your software — hosted LLM provider SDKs, Model Context Protocol (MCP) servers, agent frameworks, vector stores, and models. SBOMVault inventories these from your dependencies and from first-party source/config, classifies them by risk, and lets you govern them with an allow/deny policy.
- Does SBOMVault detect MCP (Model Context Protocol) servers?
- Yes. It detects MCP packages in dependencies (e.g. @modelcontextprotocol/*, fastmcp) and MCP server configurations in source (.mcp.json and files containing an mcpServers block, extracting the configured server names). MCP is flagged as a high-attention egress surface.
- Can SBOMVault generate an AIBOM?
- Yes. It generates a CycloneDX 1.6 AI Bill of Materials: ML models become machine-learning-model components with model cards, hosted LLM providers and MCP servers become external services marked across a trust boundary, and other AI libraries become components tagged with their category.
- Is this runtime monitoring of AI calls?
- No. Detection is heuristic inventory from what your software declares — dependencies plus source/config scanned during a repo scan. It does not instrument runtime or intercept live model traffic. It complements the AI Model Inventory, which records producer-emitted ML-BOM models.