AI Asset Inventory

Expanded Definition

An AI asset inventory is the operational record that tells security, risk, and engineering teams what AI exists, where it runs, who owns it, what data it touches, and how it changes over time. In practice, it spans foundation models, fine-tuned models, AI agents, notebooks, inference endpoints, plugins, datasets, vector stores, and embedded AI services. The inventory is not a one-time spreadsheet; it is a governance control surface that must stay current as models are retrained, copied, or exposed through new interfaces.

Definitions vary across vendors, but the common purpose is consistent: make AI discoverable enough to apply controls, review exposure, and assign accountability. That differs from a simple CMDB entry because AI assets often have hidden dependencies, rapid version churn, and indirect access to secrets, tools, and sensitive training data. The NIST Cybersecurity Framework 2.0 frames this kind of visibility as a prerequisite to effective governance and risk response, especially when AI is embedded across business units rather than centralised in one platform.

The most common misapplication is treating an AI asset inventory as a static catalog, which occurs when teams stop at initial registration and never reconcile shadow deployments, notebook sprawl, or model version drift.

Examples and Use Cases

Implementing an AI asset inventory rigorously often introduces discovery and maintenance overhead, requiring organisations to weigh governance accuracy against the cost of continuous reconciliation.

• A security team catalogs every model endpoint and AI agent before enabling production access, then links each asset to a business owner, data source, and approved runtime.
• An engineering group inventories notebooks and experimental models so a forgotten prototype does not become an unmanaged production dependency.
• A risk team maps datasets and vector stores to identify which AI assets can surface regulated or sensitive data, then prioritises review of the highest-exposure systems.
• A platform team uses inventory records to find duplicated models and stale API integrations after reviewing findings from the LLMjacking research.
• A governance team cross-checks inventory entries against the NIST Cybersecurity Framework 2.0 to ensure assets are covered by monitoring, access control, and incident response processes.

For example, the DeepSeek breach illustrates why inventories must cover not only sanctioned production services but also exposed databases, training artifacts, and duplicated credentials that may sit outside normal application registers.

Why It Matters in NHI Security

An AI asset inventory is foundational in NHI security because attackers rarely need to compromise the most visible AI system first. They often find an overlooked notebook, an orphaned model endpoint, or a service account attached to a forgotten integration. Once an AI asset is missing from inventory, it is also likely to be missing from review cycles, key rotation plans, monitoring rules, and decommissioning workflows.

That gap matters because AI systems frequently depend on secrets, tokens, and external tool access. NHIMG research shows how quickly exposed credentials can be abused, and why unmanaged AI assets increase blast radius when access control is incomplete. The same pattern appears in the LLMjacking report, where compromised identities become a route into AI services. In operational terms, the inventory is the place where ownership, exposure, and lifecycle status become auditable facts rather than assumptions.

Organisations typically encounter the real value of an AI asset inventory only after an incident reveals an unknown model, exposed secret, or unreviewed agent, at which point inventory accuracy becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• Asset Inventory
• What breaks when shadow AI is not part of the asset inventory?
• Secrets Inventory
• What is the difference between AI discovery and AI inventory?