AIsbom: Security Tool for Detecting PyTorch Model Pickle Bombs

AIsbom is a specialized security and compliance scanning tool for machine learning models, designed to deeply detect hidden security risks and license issues in PyTorch and other model files. Unlike traditional SBOM tools, AIsbom utilizes deep binary inspection technology to analyze .pt, .pkl, and .safetensors files without loading model weights. The tool can detect malicious code execution risks (such as RCE attacks) and license violations hidden in model headers. Users can quickly scan project directories through a simple command-line interface to receive intuitive security risk ratings and compliance reports. AIsbom also provides a visual report viewer and supports generating SBOM data in CycloneDX v1.6 standard format for easy enterprise integration. As an open-source project, AIsbom includes testing features that allow users to verify scanning effectiveness. This tool is particularly suitable for AI developers and enterprises to secure AI model supply chains and prevent malicious models and license violations from entering production environments.