A friend of mine runs security at a mid-sized fintech. Last month her board asked a question that should have been simple: "How many AI models are in production, and where did they come from?" She had a vendor-provided AIBOM. It listed seventeen "AI components" — which turned out to be seventeen pip packages with names like transformers and langchain . That was the entire inventory. No mention of the three fine-tuned Llama variants her ML team had pushed to a Triton server two quarters earlier. No mention of the embedding model running inside their support chatbot. No mention of the GPT-4o calls their underwriting workflow had been making since January. No mention of the system prompts, which contained — she found out later, the hard way — a hardcoded admin override phrase a contractor had added during a hackathon. She called me at nine on a Tuesday. "I paid six figures for this, Anand. It's an SBOM with a model column." She wasn't wrong. And she wasn't alone.…