# sbom

3 articlestagged with “sbom”

Agent Supply Chain Attacks

Compromising AI agents through poisoned packages, backdoored MCP servers, malicious model registries, and weaponized agent frameworks -- including the Postmark MCP breach and NullBulge campaigns.

agentssupply-chainmcpnpmpoisoningsbomdependencies

Intermediate

Capstone: Build an AI Supply Chain Security Tool

Build a tool that scans, audits, and monitors the security of AI/ML supply chains including model provenance, dependency integrity, and artifact verification.

capstonesupply-chainsecurityprovenancesbom

Advanced

Model Signing and Verification

Defense-focused guide to implementing cryptographic model signing and verification, covering Sigstore for ML, certificate management, SBOM generation for AI systems, and deployment-time verification workflows.

supply-chainsigningverificationsigstoresbomprovenancenistdefense

Intermediate