All posts
AI Strategy

The AI Bill of Materials: Tracking Models, Prompts, and Dependencies in Production

Master AI-BOM: track models, prompts, datasets, and dependencies in production. Essential governance framework for compliance and auditability.

By Brightlume Team

What Is an AI Bill of Materials and Why It Matters

An AI Bill of Materials (AI-BOM) is a structured, machine-readable inventory of every component that makes your AI system work. It's the production equivalent of a software Bill of Materials (SBOM), but extended to capture the unique complexity of AI systems: the models themselves, the prompts that guide them, the datasets they learned from, the infrastructure they run on, and the dependencies that connect it all.

Think of it this way: when you deploy a Claude Opus 4 agent in production, you're not just running code. You're running a model trained on specific data, with specific prompt engineering decisions baked in, calling specific APIs, potentially fine-tuned on proprietary datasets, and depending on vector databases, model routers, and fallback systems. If something breaks—a model gets deprecated, a dataset has a compliance issue, a prompt injection vulnerability surfaces—you need to know instantly what's affected and what you need to change.

This is why an AI Bill of Materials is increasingly non-negotiable for organisations deploying production AI. Regulators are asking for it. Security teams demand it. And if you're running AI at scale across multiple teams and portfolio companies, you cannot maintain auditability without it.

The stakes are concrete: a model version goes out of support, and you have three weeks to migrate. A dataset used in training is discovered to contain PII, and you need to assess every agent downstream. A prompt vulnerability is disclosed, and you need to patch across your entire fleet. Without an AI-BOM, you're guessing. With one, you're moving.

The Core Components of an AI Bill of Materials

An effective AI-BOM tracks five primary categories of components. Each one matters for different reasons, and each one requires different governance approaches.

Models and Model Versions

The foundation of any AI-BOM is the model layer. This includes:

  • Base models: The foundational model you're using (Claude Opus, GPT-4, Gemini 2.0, Llama 3.1, or a custom fine-tuned variant). Document the exact version and release date.
  • Fine-tuned variants: If you've trained a custom model on proprietary data, track the training dataset version, the base model it was derived from, the training date, and the evaluation metrics that justified the deployment.
  • Model endpoints and routing: If you're using a model router that switches between Claude Opus 4 for complex reasoning and Claude Haiku for simple classification, document the routing logic and fallback chain.
  • Deprecation timelines: When is this model version going out of support? What's the migration path?

For a comprehensive understanding of how AI components fit together in a Bill of Materials, you need to treat models not as black boxes but as versioned, auditable artefacts. A production AI system running Claude Opus 4 in April 2025 is not the same system running it in December 2025 if the model has been updated.

Prompts and Prompt Chains

Prompts are code. They're instructions that shape model behaviour, and they change frequently. Your AI-BOM must track:

  • System prompts: The foundational instructions that define the agent's role, constraints, and reasoning process.
  • Prompt templates: Any parameterised prompts used across different contexts (e.g., "Extract {entity_type} from {document}").
  • Prompt versions: When did this prompt change? What was the business reason? What was the performance impact?
  • Prompt chains: If your agent uses sequential prompts (retrieve context, then reason, then generate), document the dependency graph.
  • Prompt injection mitigations: What guardrails are in place? Input validation rules? Output filtering logic?

Prompts drift. A marketing team tweaks a customer service agent's tone, and suddenly it's less compliant with regulatory language. A data scientist optimises a prompt for speed, and accuracy drops 3%. Your AI-BOM needs to capture this history and the rationale behind changes. This is where governance frameworks that document datasets, models, software dependencies, and deployment environments become essential for compliance teams.

Datasets and Training Data Lineage

Every model in your system was trained or fine-tuned on something. Your AI-BOM must capture:

  • Training datasets: What data was used? What's the schema? How much of it?
  • Data sources: Where did the training data come from? Internal databases? Third-party APIs? Synthetic data?
  • Data quality and bias assessments: What testing was done? What biases were identified and mitigated?
  • Data retention and deletion: If training data contained customer PII, has it been deleted post-training? Can you prove it?
  • Licensing and compliance: If you fine-tuned on proprietary customer data, is that documented? Are there contractual restrictions on how the model can be used?

Dataset lineage is critical for compliance. If a financial services institution uses a model trained partly on historical lending data, and that data is later found to contain discriminatory patterns, regulators will ask: what models were trained on this data? Where are they deployed? What decisions did they influence? Without an AI-BOM, you cannot answer these questions at scale.

Dependencies and Infrastructure

Your AI system doesn't run in isolation. It depends on:

  • API dependencies: Which LLM providers are you calling? What's the fallback if Claude is unavailable? Are you calling Anthropic, OpenAI, or Google APIs?
  • Vector databases and retrieval systems: If you're doing retrieval-augmented generation (RAG), what vector database are you using? What's the embedding model? When was the index last updated?
  • Orchestration frameworks: Are you using LangChain, CrewAI, AutoGen, or a custom agentic framework? What version?
  • Infrastructure and deployment: Is this running on Kubernetes? Lambda? A dedicated GPU cluster? What's the SLA?
  • Monitoring and observability tools: How are you tracking model performance, latency, and cost? What's your instrumentation layer?

For a practical guide to inventorying AI models, datasets, services, infrastructure, and dependencies using structured formats, you need to document not just what's running, but how it's connected and what breaks if any piece fails.

Evaluation Metrics and Performance Baselines

Finally, your AI-BOM should track:

  • Benchmark performance: What were the evaluation results when this model was deployed? BLEU scores? Accuracy? F1 scores? Latency?
  • Production performance: How is it actually performing in the field? Are real-world results matching evaluation results?
  • Drift detection: What metrics are you monitoring to catch model degradation?
  • Rollback criteria: If performance drops below X threshold, what triggers a rollback?

This is the feedback loop that keeps your AI-BOM useful. It's not a static inventory; it's a living record of what's deployed and how well it's working.

Why Compliance Teams Need AI-BOMs

Compliance is where AI-BOMs become non-negotiable. Here's why:

Regulatory Audit Trails

Regulators in financial services, healthcare, and insurance increasingly demand auditability. When a regulator asks, "What models are you using to make lending decisions?" or "How was that patient triage model trained?" you need to answer with specificity and documentation. An AI-BOM gives you that.

Moreover, standards and implementation guidance for AI Bills of Materials now extend to training data, model architecture, and deployment configurations, with formal standards emerging from bodies like NIST and OWASP. If you're regulated, you're likely to be asked about your AI-BOM within the next 18 months.

Model Deprecation and Forced Migration

OpenAI retires models. Anthropic updates Claude. If you're running GPT-3.5 in production, you have a deadline. Your AI-BOM tells you exactly which systems are affected, what needs to be retested, and what the migration path is. Without it, you're scrambling to find all the places where you're calling a deprecated API.

Data Breach and Compliance Investigations

If a dataset used in training is found to contain customer PII, or if a model is found to exhibit discriminatory bias, you need to know immediately:

  • Which models were trained on this data?
  • Which production systems use these models?
  • What decisions have these systems influenced?
  • How many customers are affected?

An AI-BOM answers these questions in minutes. Without one, you're in forensic mode, piecing together data lineage from logs and memory.

Third-Party Risk Management

If you're using a fine-tuned model from a vendor, or if you've licensed a pre-trained model with restrictions, your AI-BOM documents those constraints. When M&A happens or portfolio companies are consolidated, you know exactly what licensing issues you're inheriting.

Building Your AI-BOM: A Practical Framework

Building an AI-BOM isn't a one-time project; it's an operational discipline. Here's how to start:

Step 1: Inventory Your Current AI Systems

First, you need to know what you have. Create a simple spreadsheet or structured database capturing:

  • System name: What is this AI system called?
  • Owner: Who maintains it?
  • Base model: What LLM is it using?
  • Deployment date: When did it go to production?
  • Status: Is it actively used? Deprecated? In pilot?

This is your starting point. It's not comprehensive, but it's a baseline. If you're running 20+ AI systems across your organisation (common in mid-market and enterprise), this exercise alone often surfaces surprises: systems running on deprecated models, systems with unclear ownership, systems that were meant to be temporary but are still in production.

Step 2: Document Model and Prompt Versions

For each system, create a version history:

  • Model version: Exactly what model, what version, deployed when?
  • Prompt version: What were the system prompts at deployment? When did they change? Why?
  • Evaluation results: What were the performance metrics at deployment?

This doesn't need to be perfect initially. The goal is to establish a pattern of documentation going forward. When you deploy a new version of your customer service agent, you log the model version, the prompt changes, and the A/B test results. This becomes your audit trail.

Step 3: Establish Data Lineage

For fine-tuned models or RAG systems, document:

  • Training/indexing data sources: Where did the data come from?
  • Data refresh frequency: How often is the vector index updated? How often is the fine-tuned model retrained?
  • Data quality checks: What validation was done?

For guidance on building and implementing AI-BOMs with frameworks like NIST and CycloneDX, you'll find that structured formats (SPDX, CycloneDX) are emerging as standards. But don't wait for perfect standardisation; start with what works for your organisation.

Step 4: Map Dependencies and Infrastructure

Create a dependency graph:

  • External APIs: Which LLM providers? Fallback chains?
  • Internal services: Which databases, vector stores, or microservices does this system call?
  • Deployment infrastructure: Where is it running? What's the SLA?

This is particularly important for rollout sequencing and incident response. If your vector database goes down, which AI systems are affected? Your dependency map tells you instantly.

Step 5: Implement Continuous Monitoring

Your AI-BOM should be updated automatically where possible:

  • Model version tracking: Log every model deployment. If you're using a model router, log which models are in the routing table and their traffic split.
  • Prompt versioning: Integrate prompt versioning into your CI/CD pipeline. Every prompt change is a commit.
  • Dependency tracking: Use tools like SBOM generators (CycloneDX, SPDX) for software dependencies. Extend these to track model and data dependencies.
  • Performance monitoring: Log evaluation metrics and production performance metrics alongside deployment records.

The goal is to make AI-BOM updates a byproduct of your normal deployment process, not a separate compliance chore.

AI-BOM Governance in Practice

Once you have an AI-BOM, governance becomes actionable. Here's how:

Change Control and Approval Workflows

Every change to a production AI system (model update, prompt change, data refresh) should trigger a review:

  • What's changing? Document the change in your AI-BOM.
  • Why? What's the business justification? Performance improvement? Compliance requirement? Cost reduction?
  • Impact assessment: What systems are affected? What's the rollback plan?
  • Approval: Who needs to sign off? Security? Compliance? Product?

For a comprehensive guide covering inventory of models, datasets, prompts, dependencies, and governance best practices, this workflow is essential. It prevents ad-hoc changes that break auditability.

Compliance Reporting

Your AI-BOM becomes the source of truth for regulatory reporting:

  • Model inventory: "Here are all the models in production, their versions, and their deployment dates."
  • Data lineage: "Here's the training data for each model, including data quality assessments and bias testing."
  • Performance: "Here are the evaluation metrics and production performance metrics."
  • Incidents: "Here's the history of model updates, including the reason for each update."

When a regulator asks for this information, you export your AI-BOM. No scrambling. No guessing.

Risk Assessment and Prioritisation

Your AI-BOM enables risk-based prioritisation:

  • High-risk systems: Models used in lending decisions, clinical diagnostics, or fraud detection. These get the most scrutiny.
  • Deprecated models: Systems running on models going out of support get migration priority.
  • Data risk: Systems trained on sensitive data (PII, health records) get compliance review priority.

Without an AI-BOM, you're prioritising based on gut feel. With one, you're prioritising based on actual risk.

Incident Response

When something goes wrong—a model exhibits bias, a prompt injection vulnerability is discovered, a dataset is compromised—your AI-BOM is your incident response tool:

  • Blast radius: What systems are affected?
  • Rollback plan: What's the previous version? What's the fallback model?
  • Communication: Who needs to know? What do we tell regulators, customers, stakeholders?

For example, if a vulnerability is discovered in a specific version of Claude Opus, your AI-BOM tells you instantly which systems need patching. If a dataset is found to contain biased samples, you know which models need retraining. This is the difference between a 2-week incident and a 2-month forensic investigation.

Practical Implementation: Tools and Formats

You don't need to build an AI-BOM from scratch. Several tools and standards exist:

CycloneDX and OWASP Standards

The CycloneDX Authoritative Guide to AI/ML-BOM provides a formal specification for machine learning bills of materials. It defines a structured XML or JSON format that captures:

  • Models (base, fine-tuned, ensemble)
  • Datasets (training, validation, test)
  • Software components (frameworks, libraries)
  • Services (APIs, infrastructure)
  • Risks and vulnerabilities

If you're building a tool or integrating AI-BOM into your existing SBOM process, CycloneDX is the standard to follow.

SPDX and Software Supply Chain Standards

SPDX (Software Package Data Exchange) is a standard for documenting software components and licenses. It's being extended to cover AI components. If you're already using SPDX for software dependencies, extending it to AI components is a natural next step.

Custom Databases and Registries

Many organisations build internal AI-BOM registries using:

  • Git-based registries: Store AI-BOM records as YAML or JSON files in a Git repository. Version control is automatic. Integration with CI/CD is straightforward.
  • Relational databases: A PostgreSQL or similar database with tables for models, datasets, prompts, and dependencies. Query-friendly for compliance reporting.
  • Specialised tools: Emerging tools like model registries (MLflow, Hugging Face Model Hub) and prompt management platforms (Prompt Flow, LangSmith) can feed into your AI-BOM.

The key is that your AI-BOM is queryable, versionable, and integrated into your deployment process. The exact technology matters less than the discipline.

Real-World Example: Financial Services AI-BOM

Consider a mid-market financial services firm deploying AI agents for customer service, loan underwriting, and fraud detection. Here's what their AI-BOM might look like:

Customer Service Agent

  • Base model: Claude Opus 4 (updated March 2025)
  • Prompts: System prompt v3.2 (last updated February 2025), guardrails for PCI compliance
  • Dependencies: Anthropic API, internal customer database, Postgres for conversation history
  • Training data: None (zero-shot)
  • Performance: 94% customer satisfaction, 2.1s latency, $0.003 per interaction
  • Deployment: Kubernetes cluster, 3-instance redundancy, SLA 99.9%

Loan Underwriting Agent

  • Base model: Fine-tuned Claude Opus 4 (trained on 50K internal loan records, December 2024)
  • Prompts: System prompt v2.1, decision reasoning output, audit trail logging
  • Dependencies: Anthropic API, internal data warehouse, decision logging service
  • Training data: 50K historical loans (PII redacted, bias audit completed)
  • Performance: 87% approval rate match with human underwriters, 5.2s latency
  • Governance: Requires compliance review for model updates, bias monitoring weekly
  • Deployment: Lambda functions, auto-scaling, audit logging to CloudWatch

Fraud Detection Agent

  • Base model: GPT-4 (via OpenAI API, fallback to Claude Opus if OpenAI unavailable)
  • Prompts: Proprietary prompt chain (3 sequential prompts, v1.4)
  • Dependencies: OpenAI API, Anthropic API (fallback), internal transaction database, Redis cache
  • Training data: 2M historical transactions (labels from internal fraud team)
  • Performance: 92% precision, 87% recall, 340ms latency
  • Governance: Monthly bias audit, quarterly model retraining
  • Deployment: Kubernetes, GPU-backed inference, cost: $12K/month

Each system has clear ownership, clear performance baselines, and clear dependencies. When OpenAI announces a deprecation, you know which system is affected. When a data breach exposes transaction history, you know which models need retraining. When a regulator asks for bias assessments, you have the documentation.

Integration with Brightlume's 90-Day Production Approach

At Brightlume, we've built AI-BOM discipline into our 90-day production deployment process. Here's why it matters:

When you're shipping production AI in 90 days, you can't afford to discover governance gaps after deployment. Your AI-BOM is established from day one:

  • Week 1-2: Model selection and baseline evaluation. Document the chosen model, version, and evaluation metrics.
  • Week 3-4: Prompt engineering and testing. Version every prompt iteration. Log A/B test results.
  • Week 5-8: Data preparation and fine-tuning (if applicable). Document data lineage, quality checks, and bias assessments.
  • Week 9-12: Deployment and monitoring. Establish dependency mapping, performance monitoring, and incident response workflows.

By day 90, you're not just shipping an AI system; you're shipping an AI system with full auditability and governance. This is why our clients achieve 85%+ pilot-to-production rates: the governance is built in, not bolted on.

Moreover, our engineering-first approach means governance is treated as a technical requirement, not a compliance afterthought. Your AI-BOM is code. It's versioned. It's tested. It's deployed alongside your models.

Common Pitfalls and How to Avoid Them

Pitfall 1: AI-BOM as a Static Document

The worst approach is to treat your AI-BOM as a one-time compliance exercise: create a document, file it away, forget about it. Your AI-BOM must be living and dynamic, updated with every deployment.

Solution: Integrate AI-BOM updates into your CI/CD pipeline. When you deploy a new model version, the AI-BOM is updated automatically. When you change a prompt, it's logged. This should require zero manual effort.

Pitfall 2: Incomplete Data Lineage

Many organisations document their models but not the data those models depend on. This is a critical gap. If a dataset is later found to be problematic, you need to know which models are affected.

Solution: Treat data lineage as a first-class citizen in your AI-BOM. Every model has a training data record. Every RAG system has an indexing data record. Every fine-tuned model has a dataset version.

Pitfall 3: Over-Complexity

Some organisations try to build the perfect AI-BOM from the start, with perfect standardisation and perfect detail. This is slow and rarely succeeds.

Solution: Start simple. A spreadsheet with model name, version, deployment date, and owner is a valid starting point. Add detail incrementally as you operationalise the process. Use a standard format (CycloneDX, SPDX) but don't let standardisation block you from starting.

Pitfall 4: Siloed Ownership

If AI-BOM is owned by compliance alone, it becomes a paperwork exercise. If it's owned by engineering alone, it becomes a technical implementation detail that doesn't connect to governance.

Solution: AI-BOM ownership should be shared. Engineering owns the technical accuracy and automation. Compliance owns the governance requirements and audit trail. They work together.

The Future of AI Governance

AI-BOMs are becoming table stakes. In the next 18-24 months, expect:

  • Regulatory mandates: Financial regulators (ASIC in Australia, SEC in the US, FCA in the UK) will likely require AI-BOMs for models used in regulated decisions.
  • Standardisation: CycloneDX, SPDX, and other standards will mature and converge. Industry-specific standards (healthcare, finance) will emerge.
  • Tooling: Specialised AI-BOM tools will proliferate, integrating with model registries, prompt management platforms, and compliance systems.
  • Supply chain transparency: As AI supply chains become more complex (multi-vendor models, third-party fine-tuning, synthetic data), AI-BOMs will become essential for managing risk.

Organisations that establish AI-BOM discipline now will have a significant competitive advantage. They'll move faster, with more confidence, and with lower governance risk.

Conclusion: Auditability as a Feature

An AI Bill of Materials isn't a compliance burden; it's an operational necessity. It's the difference between running AI systems and running AI systems you understand, control, and can defend.

When you deploy production AI, you need to know:

  • What model is running? What version? When does it go out of support?
  • What data was it trained on? Is that data compliant? Is it still available if needed for audit?
  • What prompts guide its behaviour? When did they change? Why?
  • What does it depend on? What breaks if a dependency fails?
  • How well is it performing? Are real-world results matching expectations?

An AI-BOM answers all of these questions. It's your audit trail, your incident response tool, and your change control mechanism rolled into one.

Start building yours today. Begin with a simple inventory of your current systems. Document the models, prompts, and dependencies. Establish a versioning discipline. Integrate it into your deployment process. Over time, as your AI-BOM matures, you'll gain the visibility and control that production AI demands.

If you're deploying production AI across your organisation and need to establish governance discipline quickly, Brightlume specialises in shipping production-ready AI solutions with full governance and auditability built in. Our 90-day deployment process includes AI-BOM establishment from day one, ensuring your systems are auditable from the moment they go live.

Keep reading

AI Strategy

The 10 AI Use Cases Every Mid-Market Company Should Evaluate First

Prioritise AI investments with 10 high-impact use cases for mid-market companies. Production-ready frameworks, ROI metrics, and implementation sequencing.

Brightlume Team
AI Strategy

The 100-Day AI Plan: Value Creation Levers for New PE Acquisitions

Strategic playbook for PE operating partners: Deploy production AI in 100 days post-close. Specific levers, architecture decisions, and measurable ROI outcomes.

Brightlume Team