Traditional Software Bill of Materials (SBOM) struggles to capture runtime behavior, environmental drift, and exploitability context, limiting reproducibility and risk assessment in dynamic scenarios. This work proposes an Active AI Bill of Materials (AIBOM), introducing a multi-agent architecture into SBOM for the first time. AIBOM employs three specialized agents—environment reconstruction, runtime dependency monitoring, and policy-aware vulnerability reasoning—to generate exploitability assertions that integrate execution evidence with security semantics. The approach maintains compatibility with CycloneDX and SPDX standards while extending CSAF v2.0 and VEX semantics. Experimental results demonstrate that AIBOM significantly improves dependency capture accuracy, reproduction fidelity, and vulnerability explanation stability under heterogeneous workloads, with low computational overhead. Ablation studies further confirm the essential contribution of each agent component.

Software supply-chain security requires provenance mechanisms that support reproducibility and vulnerability assessment under dynamic execution conditions. Conventional Software Bills of Materials (SBOMs) provide static dependency inventories but cannot capture runtime behaviour, environment drift, or exploitability context. This paper introduces agentic Artificial Intelligence Bills of Materials (AIBOMs), extending SBOMs into active provenance artefacts through autonomous, policy-constrained reasoning. We present an agentic AIBOM framework based on a multi-agent architecture comprising (i) a baseline environment reconstruction agent (MCP), (ii) a runtime dependency and drift-monitoring agent (A2A), and (iii) a policy-aware vulnerability and VEX reasoning agent (AGNTCY). These agents generate contextual exploitability assertions by combining runtime execution evidence, dependency usage, and environmental mitigations with ISO/IEC 20153:2025 Common Security Advisory Framework (CSAF) v2.0 semantics. Exploitability is expressed via structured VEX assertions rather than enforcement actions. The framework introduces minimal, standards-aligned schema extensions to CycloneDX and SPDX, capturing execution context, dependency evolution, and agent decision provenance while preserving interoperability. Evaluation across heterogeneous analytical workloads demonstrates improved runtime dependency capture, reproducibility fidelity, and stability of vulnerability interpretation compared with established provenance systems, with low computational overhead. Ablation studies confirm that each agent contributes distinct capabilities unavailable through deterministic automation.