Execution-bound advisory automation for agentic AI: a reproducible AIBOM-driven CSAF-VEX framework

Researchers present a framework that combines software bill of materials (SBOM) and AI bill of materials (AIBOM) artifacts with runtime monitoring to generate cryptographically signed security advisories for AI systems. The approach evaluates vulnerability exploitability using static analysis and observed execution conditions across synthetic AI workloads, tested on approximately 10,000 component entries.

This research addresses a critical gap in AI system security by extending traditional software supply chain vulnerability management to agentic AI systems. The framework bridges SBOM (cataloging software dependencies) and AIBOM (cataloging AI model components) artifacts, creating a comprehensive visibility layer for security risk assessment. By binding vulnerability data to deterministic environment capture and runtime telemetry, the approach moves beyond static scanning toward evidence-based exploitability assessment.

The work responds to growing concerns about AI model supply chain risks, where dependencies extend beyond traditional code libraries to include pre-trained models, datasets, and inference components. Agentic AI systems—which make autonomous decisions—introduce additional attack surface requiring runtime validation. The integration of multiple threat intelligence sources (OSV, GitHub Advisory, KEV, EPSS datasets) provides comprehensive vulnerability coverage.

For developers and security teams, this framework offers reproducible security validation through deterministic replay and cryptographic signing, reducing false positives from traditional vulnerability scanning. Organizations deploying agentic AI systems gain programmatic assurance that declared components match observed runtime behavior and that security policies are enforced.

The research establishes foundational patterns for AI security posture management but requires broader adoption and standardization to achieve industry impact. Future development should focus on scaling beyond synthetic workloads to production environments and integrating with existing AI model governance platforms.

• →Framework combines SBOM and AIBOM artifacts with runtime telemetry to compute vulnerability exploitability in AI systems.
• →Generates cryptographically signed CSAF VEX advisories validated through deterministic replay for reproducible security assessment.
• →Tested across 10,000 components with varying AI workload complexity and multiple threat intelligence datasets.
• →Addresses supply chain security risks specific to agentic AI systems beyond traditional software dependency scanning.
• →Enables evidence-based vulnerability prioritization by correlating static declarations with observed execution conditions and policies.