Snyk the leader in secure AI software development, empowers organizations to build fast and stay secure by unleashing developer productivity and reducing business risk. The company’s AI Security Platform seamlessly integrates into developer and security workflows to accelerate secure software delivery in the AI Era. Snyk delivers trusted, actionable insights and automated remediation, enabling modern organizations to innovate without limits and secure AI-driven software for over 4,500 customers.
This is the 8th launch from Snyk. View more
AIBOM Toolkit
Launching today
The AI-BOM Toolkit is an open-source project that turns complex CycloneDX AI-BOM JSON into an interactive constellation graph you can explore and filter. Pipe output from any AI-BOM generator (like Snyk CLI) into the `aibom` npm package and instantly see every AI model, dataset, library, MCP server, MCP client, agent, and service your application depends on. Use it as a CLI (npx aibom --view) or with the online webapp aibom.vercel.app to upload your AI BOMs on the fly.
Free
Launch Team / Built With
Snyk
Why we built the AI-BOM Toolkit
AI Bills of Materials are becoming essential for understanding what's inside your AI-powered applications such as which models, datasets, MCP servers, agents, and libraries your code actually depends on. Tools like Snyk CLI can generate these AI-BOMs as CycloneDX JSON, but a wall of JSON isn't something you can hand to your team and say "here's what our AI stack looks like." We needed a way to make that data instantly explorable, so we built the AI-BOM Toolkit.
What it does
The toolkit takes any CycloneDX AI-BOM JSON and renders it as an interactive constellation graph, giving you a radial map where each ring represents a component type (MCP clients, MCP servers, agents, models, libraries, services, data, and more). You can filter by type, search with fuzzy matching, zoom into dependency relationships, and inspect the raw JSON - all from a single self-contained HTML file with zero external dependencies.
There are three ways to use it:
- CLI: Pipe any AI-BOM JSON and open the visualization instantly - `cat bom.json | npx aibom --view`
- Local server: Spin up a local viewer with `npx aibom --serve`
- Web app: Head to https://aibom.vercel.app and upload your AI-BOM JSON directly, no install needed
It pairs naturally with the Snyk CLI: `snyk aibom --experimental --json | npx aibom --view ` gives you a full visual map of your AI supply chain in one command.
Why open source and vendor-neutral
AI-BOMs shouldn't be locked to any single vendor's ecosystem. The CycloneDX standard exists precisely so that different tools can produce and consume these inventories interchangeably. The AI-BOM Toolkit works with any tool that outputs CycloneDX AI-BOM JSON - Snyk, or anything else. We wanted developers, security teams, and engineering leaders to have a free, open way to actually see and explore what's in their AI-BOMs, regardless of how they were generated.
What to try today
1. If you use the Snyk CLI, run `snyk aibom --experimental --json | npx aibom --view` on one of your AI/ML projects and explore the constellation graph.
2. If you already have a CycloneDX AI-BOM JSON file, pipe it in with `cat your-bom.json | npx aibom --view` or upload it at https://aibom.vercel.app.
3. Look at how MCP servers, models, and libraries are mapped across the rings, and try the search and filter controls to drill into specific component types.
We'd love your feedback on the visualization, whether the constellation layout makes the relationships clear, which component types matter most to you, and what you'd want to see next. The project is fully open source at https://github.com/lirantal/aibom.
Thanks for checking out the AI-BOM Toolkit, excited to help make AI supply chains visible and explorable for everyone!