You cannot govern AI you cannot see. Assistants, SDKs and autonomous agents spread through codebases faster than any policy tracks by hand. "Which assistants, which SDKs, which models touch our code?" is now a customer-questionnaire question — and vulnetix aibom answers it with evidence.
Four evidence passes
Environment
Known AI tool and provider env-var NAMES only — values are never read, so no secret leaks into the BOM.
Filesystem
Config and instruction files — CLAUDE.md, AGENTS.md, .cursorrules — plus skills, hooks, plugins and prompts.
Source code
AI SDK usage per language and the model-name literals passed to them, captured even for unknown models.
Commit history
AI agent authorship via Co-Authored-By trailers, session markers and bot authors like Devin, Jules and Copilot.
Standards-native output
The output is a CycloneDX 1.7 document: AI coding agents become application components, SDKs become libraries, and each model becomes a machine-learning-model component with a modelCard. All evidence — method, file, line and snippet — rides on properties under the vulnetix:ai namespace. The builtin catalog (version 2026.06.4) recognises 84 AI coding agents, 73 AI provider services, two conventions and 102 AI SDKs.
Catches the AI that left no files
The hard part of an AI inventory is the autonomous agent that opened a pull request and left only a commit trailer, or the SDK call invoking an undocumented model. Four independent passes mean a tool must evade all of them to stay hidden. A note on scope: AI-BOM today inventories AI tooling and usage — agents, SDKs and the model names they invoke — not model weights or training datasets.
No new workflow
AI-BOM runs inside vulnetix scan (disable with --no-aibom) and uploads to the AI Inventory console at /vdb-ai-inventory, alongside the SBOM, CBOM, VEX and SARIF the same scan produces.