International Journal For Multidisciplinary Research

E-ISSN: 2582-2160     Impact Factor: 9.24

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 8, Issue 3 (May-June 2026) Submit your research before last 3 days of June to publish your research paper in the issue of May-June.
Submit Research Paper Join as a Reviewer

Plagiarism is checked by the leading plagiarism checker TurnItIn

Call for Paper

Volume 8 Issue 3
May-June 2026

Submit your research paper

Indexing Partners
Academia Advanced Sciences Index Bielefeld Academic Search Engine CiteSeer DRJI Google Scholar Independent Search Engine & Directory Network ISI (International Scientific Indexing) Issuu Mendeley Research Networks
RefSeek ResearcherId - Thomson Reuters ResearchGate Scirus Scribd Semantic Scholar UTeM - Universiti Teknikal Malaysia Melaka Wiki for Call for Papers WorldCat Zenodo

Enterprise AI Supply Chain Security Governance: A Framework for Secure Open-Source AI Model Adoption Using an Artificial Intelligence Bill of Materials (AI-BOM)

Author(s) Sandeep Kumar Anuguthala, Harish Namani
Country United States
Abstract The rapid availability of open-source AI models accelerates enterprise innovation but introduces supply-chain risks — malicious serialized artifacts, vulnerable dependencies, and licensing violations — that existing SBOM frameworks and emerging AI-specific schema standards (CycloneDX ML-BOM, SPDX 3.0 AI profile) address only at the data-format level, not at the operational governance level. This paper introduces the Artificial Intelligence Bill of Materials (AI-BOM), an eight-category schema, integrated within the Enterprise AI Supply Chain Security Architecture (E-AISCSA): a ten-layer governance framework with a semi-quantitative Weighted Risk Score (WRS = 0.35×AR + 0.30×SR + 0.25×DR + 0.10×PR). Evaluation across ten Hugging Face NLP models confirmed framework feasibility: all models used pickle-serialized weights, all carried CVE-2024-3568 (CVSS 9.6 Critical) in their transformers dependency, one model was rejected as High Risk (WRS 5.60), and nine received conditional Medium-Risk approval. The framework aligns with NIST AI RMF 1.0, ISO/IEC 42001:2023, and EU AI Act requirements. Raw experimental data are available from the authors upon request.
Keywords AI supply chain security; AI-BOM; model governance; MLOps; enterprise AI security; open-source AI models; serialization vulnerabilities; provenance risk; weighted risk scoring.
Field Engineering
Published In Volume 8, Issue 3, May-June 2026
Published On 2026-05-10
DOI https://doi.org/10.36948/ijfmr.2026.v08i03.78068
View / Download PDF File

Share this



E-ISSN 2582-2160
CrossRef

CrossRef DOI is assigned to each research paper published in our journal.

IJFMR DOI prefix is
10.36948/ijfmr

Downloads
Research Paper Format Copyright Permission Form and Undertaking Form Cover Page Vol 8 Isu 2Cover Page Vol 8 Isu 1Cover Page Vol 7 Isu 6

All research papers published on this website are licensed under Creative Commons Attribution-ShareAlike 4.0 International License, and all rights belong to their respective authors/researchers.

CC-BY-SA Open Access

About IJFMR
Fees & Payment
Current Issue
Publication Archive 		Submit Research Paper
Track Submission Status
Publication Guidelines
Publication Ethics
Peer Review & Plagiarism 		Join as a Reviewer
Editors & Reviewers
Reviewer Referral Program
Get Reviewer Membership Certi. 		Website/Journal Policies
Usage Policy
Content Policies
Privacy Policy
Contact Us +91-9687-828-838 editor@ijfmr.com
Powered by Sky Research Publication and Journals