How do I install Ai Bom?

Ai Bom is a local plugin. Install it using PyPI package: ai-bom-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Ai Bom?

Ai Bom uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Ai Bom MCP Server

by CSOAI ORG

Developer ToolsUse Caution3.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

AI Bill of Materials (AI-BOM) generator + auditor MCP — CycloneDX ML-BOM, SPDX 3.0 AI profil...

About

AI Bill of Materials (AI-BOM) generator + auditor MCP — CycloneDX ML-BOM, SPDX 3.0 AI profil...

Security Report

3.2

Use Caution3.2High Risk

The MCP server implements basic authentication and rate-limiting for a legitimate compliance tool, but has several security concerns that require attention. The server reads API keys from environment variables and implements access control, however the authentication check can be bypassed by uncommenting a local development path, there is insufficient input validation on JSON parsing, and the rate-limiting mechanism is easily bypassed. The permissions are appropriate for the stated purpose (compliance documentation generation), but the code quality issues around auth and input handling present moderate risk. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

3 files analyzed · 10 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-csoai-org-ai-bom-mcp": {
      "args": [
        "ai-bom-mcp"
      ],
      "command": "uvx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

AI Bill of Materials MCP

Generate and audit AI Bills of Materials for EU AI Act Annex IV, US EO 14028, NIST AI RMF, and ISO 42001. CycloneDX-compatible output.

Install · Tools · Pricing · Attestation API

Why This Exists

AI Bills of Materials (AI-BOMs) are becoming mandatory. EU AI Act Annex IV requires high-risk AI providers to document training data, model architecture, evaluation metrics, and deployment constraints. US Executive Order 14028 requires software supply chain transparency for federal procurement. NIST and ISO 42001 both reference BOM-style documentation.

No standard format exists yet. CycloneDX has proposed an ML-BOM extension, SPDX is exploring AI metadata, and the EU AI Office is developing Annex IV templates. This MCP generates structured AI-BOMs that satisfy all four frameworks, audits existing BOMs for completeness, and maps required fields to specific regulatory articles.

Install

pip install ai-bom-mcp

Tools

Tool	Regulation Reference	What it does
`generate_ai_bom`	Annex IV, EO 14028, NIST, ISO 42001	Generate a structured AI Bill of Materials
`audit_ai_bom_completeness`	All frameworks	Audit an existing AI-BOM for missing required fields
`map_to_regulation`	EU AI Act / EO 14028 / NIST / ISO 42001	Map AI-BOM fields to specific regulatory requirements
`required_fields`	All frameworks	List all required BOM fields per regulation

Example

Prompt: "Generate an AI-BOM for our fraud detection model. It uses
XGBoost trained on 2M transactions from our data warehouse, deployed
as a REST API in AWS eu-west-1, with weekly retraining."

Result: Structured AI-BOM with: model card (XGBoost, version, hyperparams),
training data provenance (2M records, internal data warehouse, no PII
confirmed), deployment spec (REST API, eu-west-1, auto-scaling),
monitoring (weekly retrain, drift detection status), regulatory mapping
(Annex IV sections covered, EO 14028 SBOM requirements met, NIST AI RMF
MAP subcategories addressed). Completeness score with gaps flagged.

Pricing

Tier	Price	What you get
Free	£0	10 calls/day — BOM generation + field listing
Pro	£199/mo	Unlimited + HMAC-signed attestations + verify URLs
Enterprise	£1,499/mo	Multi-tenant + co-branded reports + webhooks

Subscribe to Pro · Enterprise

Attestation API

Every Pro/Enterprise audit produces a cryptographically signed certificate:

POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}

Zero-dep verifier: pip install meok-attestation-verify

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Ai Bom MCP Server

About

Security Report

Findings (10)Action required

Permissions Required

How to Install

Documentation

AI Bill of Materials MCP

Why This Exists

Install

Tools

Example

Pricing

Attestation API

Links

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

Google Workspace MCP