THE article discusses the evolving need for AI Bills of Materials (AI BOMs), which document not only the components of AI systems but also their operational behaviors, particularly in agentic AI where decisions are made autonomously. Current standards focus on artifact lineage, which captures the origins of system components, but do not address how decision-making authority is delegated and tracked during execution.
The author emphasizes the importance of capturing both artifact lineage and authority lineage to mitigate risks associated with unchecked AI agents, citing a recent real-world failure as an example. Recommendations for Chief Information Security Officers (CISOs) include treating AI systems like products, documenting permissions and behavioral baselines, and defining acceptable ranges of AI behavior to manage risks effectively.