Proposal: Agent Bill of Materials (Agent BOM) for AI agent components

CycloneDX v1.6 added AI/ML BOM support for model components. AI agents introduce additional components that need tracking:

**Proposed Agent BOM components:**
- MCP servers the agent connects to (name, version, hash)
- Tools the agent has access to (tool definitions, capability scopes)
- Models the agent uses (model ID, version, provenance)
- Identity credentials (agent ID, trust level, signing key fingerprint)
- Sanctions screening status (last screened, list versions)
- Spend limits and financial authority

**Use case:** When an agent initiates a payment, the receiving system can verify the agent's BOM -- confirming it uses approved MCP servers, verified tools, and has been screened against current sanctions lists.

This extends CycloneDX from "what software components are in this system" to "what components make up this autonomous agent and what is it authorised to do."

Related standards:
- [IETF draft-sharif-agent-payment-trust-00](https://datatracker.ietf.org/doc/draft-sharif-agent-payment-trust/) -- Agent identity and trust
- [OWASP MCP Security Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/MCP_Security_Cheat_Sheet.html) Section 7 -- Tool definition pinning via cryptographic hashes
- SLSA for agent code provenance

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Proposal: Agent Bill of Materials (Agent BOM) for AI agent components #895

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Proposal: Agent Bill of Materials (Agent BOM) for AI agent components #895

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions