CycloneDX is an open bill of materials (BOM) standard for describing software, firmware, and other supply-chain components in a machine-readable format. It is often used for SBOMs and related inventories because it can capture dependencies, versions, relationships, and metadata in a structured way that tools can parse automatically.
In cyber security, that matters because modern systems are built from many third-party and internally developed parts. When a vulnerability, malicious package, or configuration flaw appears, a CycloneDX document helps defenders quickly identify what is affected and where to patch, replace, or isolate components. Attackers also exploit complex supply chains, so having a consistent BOM format supports software audits, procurement checks, incident response, and compliance workflows. In AI systems, the same idea is used to inventory models, datasets, and dependencies so teams can track changes and reduce hidden risk.