AI Bill of Materials (AIBOM) Vulnerabilities
AI Bill of Materials (AIBOM) tracks components in AI pipelines: foundation models, training sets, pipeline configurations, and agentic wrappers. Precogs AI scans AI supply chains to detect weights serialization hazards (e.g. unsafe pickle execution), dataset poisoning, and agentic tool authorization bypasses.
What is an AI Bill of Materials (AIBOM) vulnerability?
AIBOM vulnerabilities represent security flaws introduced through the AI supply chain. Because LLMs and AI applications rely on third-party foundation models, pre-trained weights, and training datasets, they are susceptible to supply chain attacks. These include importing models with hidden backdoors (model poisoning), loading unsafe serialized model files (such as PyTorch pickle executables), or utilizing orchestration libraries that permit arbitrary command execution (prompt injection). Mapping your AI assets via a secure AIBOM is critical to detecting and patching these vector points.
Vulnerability Types
CWE-1357
HIGHUse of a System Element with Insecure Security Configuration
AI applications often import foundation models, fine-tuning configurations, or datasets with insecure defaults or hidden...
CWE-502
HIGHDeserialization of Untrusted Data in AI Models
AI weights files (PyTorch .pt/.bin, Pickle files) execute arbitrary code during loading. If an application imports a pre...
CWE-94
HIGHCode Injection via Prompt Execution
When user prompts are passed to execution blocks or interpreters within AI orchestration libraries, attackers can bypass...
CWE-862
HIGHMissing Authorization in AI Agent Tooling
AI agents running with excessive permissions can execute destructive actions (like file deletion or API calls) on behalf...
Recently Discovered in AIBOM Security
Browse the latest vulnerabilities and exposures dynamically tracked to the AIBOM Security domain.