Why Every CISO Needs an AIBOM in 2026 — And What Vendors Miss (opens in new tab)

A friend of mine runs security at a mid-sized fintech. About six weeks ago she called me, mildly furious, because her board had asked a question she couldn't answer: "How many AI models are running in production, and what data do they touch?" She did what any reasonable CISO would do. Pulled the SBOM exports out of her SCA tool. Cross-referenced with the cloud asset inventory. Asked the platform team. Asked the ML team. Three different answers. The SCA tool said they had four models because i...