Skip to content

Publications

Publications on AI Bill of Materials (AI BOM), AI transparency, and related SPDX and SBOM standards.

Key publications

In addition to the SPDX AI and Dataset profiles, the Working Group releases publications covering usage guidance and design rationale.

Presentations

Presentations and talks on SPDX AI and Dataset profiles and other works from the SPDX AI Working Group:

  • Software bill of materials for AI software by Gopi Krishnan Rajbahadur and King Gao at Open Source Summit Europe 2023, 18 September 2023.

    The idea behind SPDX 3.0 AI and Dataset profiles. Why model cards and datasheets are not enough?

  • How to make SPDX industry standard for AI/ML by Cheuk Ting Ho at FOSDEM 2024, 4 February 2024.

    Although this talk predates the SPDX 3.0 final release, it provides insights into the motivations for the SPDX AI BOM and the roadmap for community adoption.

  • Accountability taxonomy for AI software bill of materials by Arthit Suriyawongkul at Open Source Summit North America 2024, 16 April 2024.

    Provides an overview mapping of EU AI Act informational requirements (focused on the market-entry obligations) to SPDX 3.0 data model.

  • SPDX 3.0 now supports SBOMs for AI applications. Interview with Kate Stewart, TFIR podcast, 9 May 2024.

    “The challenge we were seeing with the supply chain is that it isn't just software and hardware anymore, it's now realistically data.”

  • From complexity to clarity: Addressing challenges in AI BOMs for compliance by Gopi Krishnan Rajbahadur and Kate Stewart at Open Source Summit Japan 2024, 29 October 2024.

    Best practices and strategies to improve AI BOM accuracy and utility, equipping professionals with the insights to ensure their AI applications are compliant and prepared for future regulations.

  • SPDX: Tackling system risk in modern supply chains by Kate Stewart and Gary O'Neall at PyTorch Conference 2025, 22 October 2025.

    Go through the key aspects in SPDX 3.0 that enable AI systems and the data used to train the systems to be made transparent, so proper system level risk analysis for licensing, security, and data biases in model training can be performed.

  • Trust, track, and verify: Securing AI pipelines end-to-end by Adolfo Garcia & Jun (Victor) Lu at Open Source SecurityCon 2025, 10 November 2025.

    Explores how to secure AI pipelines using bill of materials, such as SPDX, to capture complete lineage of code, data, and models; AI-specific controls from CoSAI’s supply chain framework; and Unified AI-Ops practices across MLOps, DataOps, SecOps, and AgentOps.

  • PSF adopts SPDX for Software Bill of Materials, will you? by Arthit Suriyawongkul at PyCon Ireland 2025, 15 November 2025.

    A lightning talk that quickly go through what is SBOM, how Python Software Foundation uses it, relevant PEPs, the minimum elements, the AI SBOM, and Python tools for SPDX.

See more SPDX presentations at SPDX Outreach resources.

Citations

When citing the SPDX AI Working Group or related standards, please reference:

  • The official SPDX specification documents
  • Working group publications and whitepapers
  • Community repositories and resources

Stay updated

For the latest publications and research:

The SPDX AI Working Group is not the only technical group working on AI BOM. There is a growing number of communities in this space, including:

For resources about SBOM in general, the SBOM-Everywhere Wiki the OpenSSF SBOM Everywhere SIG provides SBOM catalog and guidances on SBOM types, naming, and compliance.

Back to Home