Free browser-only screen. No login. No saved answers. Built to diagnose the gap, not replace the implementation work.
Home / Guides and tools / AI Supply Chain / AIBOM Readiness Check
AI dependency and AIBOM readiness lead magnet

AI Supply Chain / AIBOM Readiness Check

Assess in under 5 minutes whether the organization can explain what models, datasets, tools, connectors, and suppliers sit inside its AI stack.

4–5 minutes Browser-only scoring No stored answers AI supply chain and AIBOM readiness

This screen is for teams using third-party models, APIs, datasets, open-source packages, agents, or MCP servers who need a governance answer before procurement or deployment sprawl outruns control.

  • Checks dependency inventory, provenance, supplier diligence, re-vetting, ownership, traceability, and governance linkage.
  • Flags whether the AI supply chain is traceable, partially traceable, materially blind, or not governable for enterprise scale.
  • Routes to ACT Tier 2 when the missing layer is vendor diligence, MCP governance, evidence, and lifecycle documentation.
Start the assessment See ACT Tier 2 Professional
Enterprise AI dependency-governance illustration showing inventories, provenance links, vendor diligence, version control, and evidence-backed dependency traceability.
Enterprise AI dependency-governance illustration showing inventories, provenance links, vendor diligence, version control, and evidence-backed dependency traceability.
OWASP-aligned supply-chain screen

What this screen is for

This page exists to classify the current posture quickly, surface the biggest gaps, and route the buyer to the correct paid implementation path without giving away the workbook or document layer.

What this tool evaluates

It evaluates whether the organization can inventory, trace, review, and re-vet the third-party models, tools, data sources, and connectors inside its AI stack.

What a review-debt result does not mean

It does not mean the stack is unusable. It means dependency and review debt is accumulating faster than the governance model can defend.

Why ACT Tier 2 is the bridge

The missing value is vendor diligence, MCP governance, evidence discipline, and lifecycle ownership. That sits in ACT Tier 2.

Question 1 of 120% complete
Question 1 of 12

What this result should change

The purpose of this screen is to classify posture quickly, highlight the biggest gaps, and route the organization to the correct next step without giving away the paid implementation layer.

What this tool evaluates

It evaluates whether the organization can inventory, trace, review, and re-vet the third-party models, tools, data sources, and connectors inside its AI stack.

What a review-debt result does not mean

It does not mean the stack is unusable. It means dependency and review debt is accumulating faster than the governance model can defend.

Why ACT Tier 2 is the bridge

The missing value is vendor diligence, MCP governance, evidence discipline, and lifecycle ownership. That sits in ACT Tier 2.

Where to go next

Use the paid bridge when the screening result shows structural control gaps that need policy, procedure, evidence, lifecycle discipline, or implementation ownership rather than another free quiz.

ACT Tier 2 Professional

Get the implementation documents, procedures, evidence assets, and governance pack this free screen intentionally does not generate.

AI Vendor Due Diligence For Smes 25 Questions Before You Buy An AI Tool

Use the supplier-governance guide to strengthen review criteria before approval.

MCP Server Approval Gate

Read the related guide page: MCP Server Approval Gate.

OWASP Top 10 Agentic AI

Read the OWASP Top 10 Agentic AI guide to understand the underlying control themes and risk categories.

This page is informational only. It does not provide legal advice, compliance certification, or an audit conclusion.

Frequently asked questions

Practical answers about AI supply-chain visibility, AIBOM readiness, and how to interpret the result.

What does this tool check?
It checks whether your organization can explain what models, datasets, tools, connectors, dependencies, and external suppliers sit inside the AI stack and who governs them.
Who should use this screen?
Use it if you rely on third-party models, APIs, packages, embeddings, datasets, MCP servers, connectors, or other external components that materially affect AI behavior and risk.
What is an AIBOM?
An AIBOM is an AI bill of materials: a structured view of the components, dependencies, suppliers, and supporting artifacts that make up an AI system and affect its risk and governance posture.
Does this tool generate an AIBOM for me?
No. It does not create a bill of materials. It tells you whether your current governance posture is mature enough to build, maintain, and defend one.
Why are connectors and MCP servers included in supply-chain governance?
Because they extend what the system can reach, influence, and depend on. Even if the model is unchanged, a weak connector or MCP dependency can materially change risk, exposure, and ownership.
Does this tool store or transmit my answers?
No. This tool runs entirely in your browser. Your selections are not stored, synced, exported, or transmitted by the page itself.