Research
AgentRiskBOM: A Risk-Scoping Security Bill of Materials for Agentic AI Systems
The paper introduces AgentRiskBOM, a security Bill of Materials designed to enhance transparency for agentic AI systems by addressing the gaps in existing BOM artifacts like SBOM, AIBOM, and MLBOM. It adds fields for runtime authority, including autonomy, tool permissions, and audit signals, and is implemented as a JSON-schema artifact that evaluates 13 open-source agents across 52 risk scenarios, achieving a native-equivalent score of 14 in capability coverage. This framework is crucial for practitioners as it provides a structured approach to assess and mitigate risks associated with the autonomous actions of AI agents, emphasizing the need for machine-readable authority and risk documentation in AI deployments.
mathematicsaievaluation