Google Open-Sources k8s-aibom to Expose Shadow AI and Strengthen Kubernetes AI Supply Chain Security
Google has unveiled k8s-aibom, an open-source Kubernetes controller that automatically generates AI Bills of Materials from live workloads, helping organizations detect shadow AI, improve compliance, and secure AI supply chains without disrupting developers.
Xcademia Team
Xcademia Research Team

Google Introduces k8s-aibom to Bring Visibility to AI Workloads in Kubernetes
As enterprises rapidly deploy artificial intelligence applications, security teams are facing a growing challenge: shadow AI. These are AI workloads launched by developers outside formal governance processes, often making them invisible to traditional security tools and compliance programs.
To address this challenge, Google has announced k8s-aibom, a new open-source Kubernetes controller designed to automatically discover AI workloads running in Kubernetes environments and generate standardized Machine Learning Bills of Materials (ML-BOMs).
The solution aims to provide security, compliance, and platform engineering teams with real-time visibility into AI systems without requiring developers to modify applications, install sidecars, or make changes that could impact performance and stability.
The Growing Security Challenge of Shadow AI
Organizations are under increasing pressure to adopt AI technologies while maintaining security, governance, and regulatory compliance. However, AI projects often begin as small experiments and quickly evolve into production workloads without being formally registered.
This creates blind spots for security teams.
Traditional scanning tools frequently rely on privileged access, kernel-level monitoring, or manual integration requirements that many development teams resist because of operational risks and deployment complexity.
Google developed k8s-aibom to eliminate this trade-off by offering visibility into AI environments while preserving developer autonomy and cluster stability.
Shadow AI has become one of the most significant governance challenges facing enterprises as AI adoption accelerates across industries.

What Is k8s-aibom?
k8s-aibom is a lightweight Kubernetes controller that continuously monitors cluster activity and container environments to identify active AI technologies.
Once detected, it automatically generates CycloneDX 1.6 Machine Learning Bill of Materials (ML-BOM) documents.
A Bill of Materials in cybersecurity functions similarly to a manufacturing parts list. It provides a detailed inventory of software components, AI models, frameworks, runtimes, and dependencies that make up a system.
For AI systems, this visibility is increasingly important for risk management, incident response, regulatory compliance, and software supply chain security.
Key Design Principles
Google built k8s-aibom around several core principles:
Zero developer friction
No sidecar containers
No privileged DaemonSets
No kernel-level eBPF modules
No manual pod modifications
No CI/CD pipeline changes
Minimal operational overhead
The controller operates as a single unprivileged deployment inside the Kubernetes cluster.
How the Discovery Pipeline Works
The k8s-aibom architecture follows a four-stage discovery and reporting workflow.
1. Scraping Cluster Workloads
The controller continuously monitors Kubernetes resources, including:
KServe deployments
Deployments
StatefulSets
DaemonSets
Jobs
This enables ongoing visibility into AI infrastructure as workloads are created, updated, or removed.
2. Identifying AI Technologies
The platform uses advanced pattern matching to discover AI-related technologies through inspection of:
Container images
Environment variables
Command-line arguments
Supported detections include:
AI Inference Runtimes
vLLM
Triton Inference Server
Text Generation Inference (TGI)
Ollama
Agent Frameworks
LangChain
AutoGen
CrewAI
Vector Databases and RAG Components
Milvus
Qdrant
pgvector
AI Development Infrastructure
Distributed training jobs
Evaluation frameworks
AI benchmarking systems
3. Generating Standardized ML-BOMs
After discovering AI components, the controller creates standardized OWASP CycloneDX 1.6 ML-BOM documents.
Using an industry-recognized format allows integration with broader software supply chain security programs and governance initiatives.
4. Exporting Audit Data
Generated ML-BOMs can be:
Attached directly to Kubernetes custom resources
Exported to Google Cloud Storage
Sent to external webhook endpoints
This enables integration with security operations, governance platforms, and compliance reporting workflows.

Why Existing AI BOM Solutions Are Not Enough
Many existing AI security products focus primarily on build-time analysis.
These tools inspect source code, container images, or deployment artifacts before systems reach production. While useful, they only reveal what organizations intended to deploy.
Google argues that organizations also need visibility into what is actually running at runtime.
According to the company, many commercial AI security tools depend on proprietary formats and external scanning approaches, making it difficult for security teams to independently validate findings.
k8s-aibom takes a different approach by:
Observing live cluster activity
Generating open standards-based ML-BOMs
Running directly within Kubernetes
Remaining vendor-neutral
Complementing existing security platforms rather than replacing them
The Confidence Model: Understanding AI Asset Discovery
One of the most innovative features of k8s-aibom is its Confidence Model.
Security teams frequently struggle to determine whether detected AI assets were intentionally deployed or inferred from runtime behavior.
To address this issue, Google created three confidence categories.
Declared
Assets explicitly configured by developers.
Example:
--model meta-llama/Llama-2-7bDeclared detections represent clear human intent.
Inferred
Assets discovered through pattern matching and runtime inspection.
Example:
Container image signatures
Runtime behaviors
Environment configurations
These findings indicate likely AI components but are not explicitly declared.
Unresolved
Used when AI activity is detected but exact model versions or parameters cannot be conclusively identified.
These detections are automatically flagged for additional review.
This framework helps auditors and security analysts distinguish between documented configurations and machine-generated observations.
Building an Audit-Grade Security Model
A common challenge in security monitoring is trust.
Logs and monitoring systems can potentially be altered by compromised systems or privileged users.
Google designed k8s-aibom to provide stronger evidentiary integrity through:
Least Privilege Architecture
The controller operates with:
Dedicated Kubernetes service accounts
Minimal IAM permissions
Restricted write access
Immutable Storage Records
When exporting BOMs to Google Cloud Storage, the controller uses DoesNotExist preconditions during object creation.
As a result:
Existing BOMs cannot be overwritten
Historical records remain unchanged
Audit evidence becomes tamper-resistant
This approach helps create a verifiable record of AI workload activity over time.

Supporting Global AI Governance and Compliance
Beyond security visibility, Google positions k8s-aibom as a governance readiness tool.
The generated ML-BOMs can support organizations seeking alignment with emerging AI regulations and standards.
EU AI Act
The platform can assist with:
Article 12 logging requirements
Continuous traceability
Technical documentation collection
Transparency obligations under Article 50
NIST AI Risk Management Framework
The solution contributes to:
Govern
Map
Measure
Manage
functions by providing ongoing AI asset inventory visibility.
ISO/IEC 42001
Organizations pursuing AI management system certification can use automated AI asset discovery to improve inventory tracking and governance processes.
What This Means for the Cybersecurity Industry
The launch of k8s-aibom reflects a broader shift in cybersecurity.
As AI workloads become core enterprise infrastructure, organizations need visibility not only into software components but also into AI models, agent frameworks, vector databases, and inference runtimes.
Traditional Software Bills of Materials (SBOMs) are no longer sufficient on their own.
Machine Learning Bills of Materials are emerging as a critical capability for:
AI governance
Supply chain security
Regulatory compliance
Risk management
Incident response
Third-party assessments
Google's decision to open-source k8s-aibom may accelerate industry adoption of standardized AI inventory practices and encourage broader use of CycloneDX ML-BOM frameworks.
Looking Ahead
AI governance is quickly becoming a strategic priority for organizations worldwide. As regulators introduce new requirements and enterprises expand AI deployments, maintaining visibility into operational AI systems will become increasingly important.
With k8s-aibom, Google is attempting to solve one of the most persistent challenges in enterprise AI security: understanding exactly what AI technologies are running inside production environments without slowing innovation.
By combining runtime observation, standards-based reporting, deterministic outputs, and audit-grade immutability, k8s-aibom provides a practical framework for bringing shadow AI into the light while helping organizations strengthen their AI supply chain security posture.
Source: Google Cloud Blog
About the Author