Only 19% of Companies Can See All Their AI Systems. Here's Why That's a Problem.
An AI inventory is a continuously updated catalog of every AI system running across your organization, from language models to autonomous agents to coding assistants, together with the risks and owners connected to each one. As artificial intelligence spreads across software development, the question is no longer whether AI is present in your environment. It is whether you can see it.
Why Can't Most Companies See Their AI Systems?
The visibility problem is severe. In a 2026 survey of more than 400 security leaders, only 19% reported full visibility into where and how AI is used across their organization. This gap exists because AI systems hide in places traditional security tools do not look. A developer might enable a copilot without telling IT. An autonomous agent quietly opens pull requests in your CI/CD pipeline. An MCP server, which connects AI assistants to external tools and data sources, runs on someone's laptop. These systems rarely show up in a cloud console.
The problem is compounded by what security experts call "shadow AI," which is any AI system adopted without formal approval or governance. Shadow AI is not an edge case anymore. It is the norm. Most organizations are already using or piloting AI coding assistants, yet the majority lack visibility into those tools.
What Exactly Should Be Included in an AI Inventory?
A complete AI inventory should answer three questions for every asset: what is it, where does it run, and what can it access. The scope is broader than most teams expect. Here are the key categories that need to be tracked:
- Models: Every large language model and foundation model in use across development and production, including version, location, and detection confidence.
- Datasets: Training data, retrieval datasets, and vector stores, including exposure to poisoned context and data leakage.
- Autonomous agents: Systems that take actions in your environment, such as opening pull requests, installing dependencies, or touching infrastructure.
- MCP servers: Model Context Protocol servers that connect AI assistants to external tools, APIs, and data sources.
- AI coding tools: Copilots and IDE integrations that generate code, suggest dependencies, and interact with repositories.
- AI frameworks: Tools like LangChain and LangGraph that orchestrate how models connect to tools and data.
- Relationships between assets: The connections between models, agents, servers, datasets, and the secrets tied to them.
Traditional security tools stop at the repository and do not understand what a model is. Endpoint tools watch the operating system but do not understand packages, MCP servers, or AI assistants. The gap between them is where AI risk accumulates.
How to Build an AI Inventory for Your Organization
Creating an effective AI inventory requires a systematic approach that goes beyond cloud-only discovery. Here are the key steps:
- Reach into code and build environments: A genuinely complete AI inventory has to look into the developer's laptop, the repository, and the pipeline, not just the production cloud.
- Document every asset with metadata: For each AI system, record its type, location, detection confidence, provenance, dependencies, and risk level based on AI-specific attack vectors.
- Create an audit-ready AI Bill of Materials: An AI-BOM is the exportable artifact that turns your inventory into something you can prove to auditors and enterprise customers, similar to how a software bill of materials (SBOM) works for open-source code.
- Map to regulatory frameworks: Align your inventory to the EU AI Act, NIST AI RMF (Risk Management Framework), and ISO/IEC 42001 standards, which increasingly require organizations to know what AI they operate.
- Score and prioritize risk: An inventory is only the starting point; the real value comes from scoring risk and acting on the small number of assets that genuinely matter.
Why Three Major Security Threats Are Forcing Action Now
Three forces have turned AI inventory from a nice-to-have into an urgent priority. First, AI is writing insecure code at scale. Independent research consistently finds that a large share of AI-generated code ships with vulnerabilities. Veracode's 2025 analysis across more than 100 models found that only 55% of AI-generated code was secure. If you do not know which assistants are generating code in your pipelines, you cannot govern that risk.
Second, the software supply chain has become an AI attack surface. In September 2025, Shai-Hulud, the first self-propagating npm worm, turned developer machines into a distribution mechanism, spreading across hundreds of packages. In March 2026, attackers compromised axios, a package with roughly 100 million weekly downloads, publishing poisoned versions that dropped a remote-access trojan. Attacks like these land in exactly the layer between traditional application security and endpoint tooling, the layer an AI inventory is built to illuminate.
Third, secrets and credentials are leaking through AI at an alarming rate. GitGuardian's State of Secrets Sprawl 2026 reported that leaks of AI-service secrets rose 81% year over year, and that AI-assisted commits leak secrets at roughly twice the baseline rate. Every undocumented model, agent, or MCP server is a potential path to a credential breach.
What Is an AI-BOM and How Does It Differ From a Software Bill of Materials?
An AI-BOM, or AI Bill of Materials, is the audit-ready output of an AI inventory. It is the AI-era successor to the SBOM (software bill of materials). While an SBOM catalogs open-source and third-party software dependencies and their CVE (Common Vulnerabilities and Exposures) severity, an AI-BOM catalogs AI-specific assets like models, datasets, agents, and MCP servers, and assesses them for AI-specific attack vectors such as prompt injection, insecure MCP configuration, and excessive agency.
The AI-BOM is becoming as foundational as the SBOM. Security leaders are increasingly receiving requests from auditors and enterprise procurement teams for exactly this artifact. Organizations that can generate an AI-BOM on demand will have a real compliance and trust advantage as AI audit obligations mature.
Are Regulations Requiring AI Inventory?
None of the major regulatory frameworks explicitly names "AI inventory" as a line item, but each one is effectively impossible to satisfy without it. The EU AI Act, NIST AI RMF, and ISO/IEC 42001 all require organizations to document, classify, and govern AI systems. You cannot do any of those things if you cannot see the AI systems you operate.
As AI audit obligations mature, the ability to demonstrate a complete, continuously updated AI inventory will become a competitive advantage. Organizations that start building visibility now will be better positioned to meet regulatory requirements and respond to security incidents when they occur.