AgentRiskBOM: A Risk-Scoping Security Bill of Materials for Agentic AI Systems

Researchers introduce AgentRiskBOM, a security framework that documents the capabilities and risk exposure of autonomous AI agents by tracking their access to tools, data, credentials, and external services. The framework significantly outperforms existing bill-of-materials standards (SBOM, AIBOM, MLBOM) in identifying agentic security risks, exposing 100% of risk-category visibility compared to 10.5% for traditional approaches.

AgentRiskBOM addresses a critical gap in AI security infrastructure as autonomous agents increasingly operate with minimal human oversight. Traditional bill-of-materials artifacts document dependencies and training provenance but fail to capture what deployed agents can actually do—access private data, invoke external tools, modify files, or coordinate with other systems. This transparency gap creates significant blind spots for organizations deploying agent-based systems.

The framework extends existing standards by adding runtime authority fields including autonomy levels, tool permissions, memory constraints, credential scope, approval gates, and audit signals. Researchers validated AgentRiskBOM across 13 open-source agents and 52 risk scenarios, demonstrating native-equivalent coverage of 14 capability dimensions versus 1-2 for legacy standards. The schema successfully detected all 33 structured deployment mutations, suggesting it can track how agent authority drifts over time.

For the AI and enterprise software sectors, AgentRiskBOM provides a foundational layer for responsible agent deployment. As organizations move toward multi-agent systems and autonomous workflows, the ability to machine-read security permissions and capability boundaries becomes essential for compliance, risk management, and incident investigation. The framework's JSON-schema design enables integration into existing DevSecOps pipelines.

The secondary scorer's 0.73 Spearman correlation with the primary scorer indicates that while the framework provides consistent rankings, human expertise remains necessary for calibrating risk thresholds. This hybrid approach—structured data capture plus human judgment—may become the standard for agentic AI governance. Organizations deploying autonomous agents should expect security frameworks like this to become compliance requirements.

• →AgentRiskBOM extends SBOM/AIBOM standards to specifically track agentic AI capabilities including tool access, memory, credentials, and autonomous decision-making authority.
• →The framework achieves 100% risk-category visibility across 14 categories, compared to 10.5% for SBOM-like approaches, directly addressing a transparency gap in autonomous agent deployment.
• →Validated on 13 open-source agents and 52 risk scenarios, AgentRiskBOM demonstrates the ability to detect all types of capability drift through structured deployment mutation testing.
• →The framework requires human calibration of risk thresholds despite providing machine-readable, consistent rankings, suggesting a hybrid governance model for agentic systems.
• →JSON-schema implementation enables integration with existing DevSecOps pipelines, positioning AgentRiskBOM as foundational infrastructure for future agent-based system compliance.