Big Cranium Logo White.png
TrainingHelp Center
Find the insights and best practices about our product.
General
FAQs
System & Network Requirements
Getting Started
My AI Dashboard Overview
Release Notes
2026.4.2 Release Notes
2026.4.1 Release Notes
2026.3.1 Release Notes
2026.2.2 Release Notes
2026.2.1 Release Notes
2026.1.1 Release Notes
2025.12.1 Release Notes
2025.11.1 Release Notes
2025.10.3 Release Notes
2025.10.1 Release Notes
2025.9.1 Release Notes
2025.8.1 Release Notes
2025.7.1 Release Notes
2025.4.1 Release Notes
2025.3.1 Release Notes
2025.1.1 Release Notes
2024.12.1 Release Notes
AI Manager
My AI Systems
My AI Systems Overview
AI System Details Overview
Adding a New AI System
Self-Attesting to a Compliance Framework
Compliance Scoring
Compliance Agent [Beta]
My AI Supply Chain
Supply Chain Overview
Managing Outgoing AI Card Requests
Responding to an AI Card Request
Publishing an AI Card Without a Request
My Vendors Overview
Artifacts
Bill of Materials
Bill of Materials Overview
Creating a Bill of Materials with CodeSensor
Self-Attest to a Bill of Materials
AgentSensor Overview
Technology Search Overview
Document Library
Document Library Overview
Vulnerability Management
Arena Shield
Arena Shield Overview
Shield YAML Implementation Guide
Arena
AI Arena Overview
Vulnerability Assessment
Vulnerability Management
Vulnerability Assessment Overview
Accessing a Vulnerability Assessment
Adversarial Inputs Detector
Vulnerabilities Overview
Settings
User Manager Overview
Detect AI
Integrations
Accessing a Private VCS
Registering SSH for CodeSensor
Integrating Bitbucket with Cranium
Integrating GitHub with Cranium
Integrating GitLab with Cranium
Integrating Azure DevOps with Cranium
Continuous Monitoring Overview
VCS Service Rate Limits
CloudSensor
CloudSensor Overview
Public API
Public API Overview
Authentication & Generating Credentials
Pagination & Incremental Sync
Rate Limits & Error Handling
Endpoint Reference
Bills of Materials
Technology Vulnerabilities
Arena Models
Arena Model Vulnerabilities
Home
AI Manager
My AI Supply Chain
Supply Chain Overvie...
Supply Chain Overview

Introduction

The Supply Chain functionality in the Cranium platform provides a powerful way to manage and share AI System artifacts with other organizations. By utilizing AI Cards—exportable collections of artifacts—you can easily exchange critical documentation such as AI Bills of Materials, Vulnerability Reports, and Compliance Frameworks. The platform allows you to choose specific artifacts to include when publishing your AI System and request AI Cards with customized artifact requirements. You can also define the Compliance Frameworks (e.g., EU AI Act or NIST AI RMF) and indicate whether sharing a Bill of Materials or Vulnerability Report is required.

These features facilitate seamless collaboration across organizations and simplify compliance practices, allowing you to demonstrate transparency and showcase your AI systems' security posture. The Supply Chain features are organized into five tabs within the AI Manager section: My AI Systems, My Vendors, Incoming Requests, Outgoing Requests, and Published AI Cards.

Note: For information about publishing AI Cards from your AI Systems, see the My AI Systems section of the knowledge base. Published AI Cards are representations of AI Systems and are managed through the My AI Systems tab.

Quick Actions

All three Supply Chain tabs include Quick Actions buttons at the top of the page:

  • Create AI System: Initiate the development of a secure AI system to enable system-level tracking
  • Request AI Card: Acquire an AI Card from third-party vendors, ensuring it complies with predefined criteria
  • Publish AI Card: Distribute an AI Card to various organizations to effectively communicate the system's specifications and capabilities

These actions provide quick access to common supply chain workflows regardless of which tab you're viewing.

My Vendors

The My Vendors tab provides an aggregated view of the AI Cards you have received from external organizations. For full documentation of this tab, see the My Vendors Overview article.

Review AI Card

When an AI Card has a status of Pending or Changes Requested, a Review AI Card button appears in place of the standard View Details button. Click Review AI Card to open the Review AI Card drawer. The drawer is organized into two sections:

Requested Section:

  • Request Details
  • Compliance Frameworks requested
  • Bill of Materials requirements
  • Additional Documentation requirements
  • Vulnerability Reports requirements

AI Card Response Section:

  • AI Card Name
  • Bill of Materials included
  • Vulnerability Reports included
  • Additional Documentation included

At the bottom of the review panel, you have three action options:

  • Decline: Reject the AI Card
  • Request Changes: Send feedback requesting modifications to the AI Card
  • Accept AI Card: Accept the AI Card as provided

Incoming Requests

The Incoming Requests tab displays all pending requests from other organizations for your AI Cards. This table view shows requests you've received asking you to provide AI transparency documentation.

Incoming Requests Table

The Incoming Requests table displays:

  • Name: The AI System name being requested
  • From: Requesting organization name and user email
  • Due Date: The deadline for responding to the request
  • Details: Brief description or notes about the request
  • Status: Current status of the request (e.g., Pending, Completed, Approved)
  • Action: "Review Request" button to respond to the request

Responding to Requests

Click the "Review Request" button in the Action column to respond to an incoming request. This opens the request review interface where you can view the specific artifacts being requested and prepare an appropriate AI Card response. For detailed information about responding to requests, see the "Responding to an AI Card Request" article.

Outgoing Requests

The Outgoing Requests tab displays all requests you've sent to other organizations asking them to provide AI Cards. This table view tracks the status of your outbound requests for AI transparency documentation.

Outgoing Requests Table

The Outgoing Requests table displays:

  • Name: The AI System name you're requesting information about
  • To: The organization name and user email receiving the request
  • Date Sent: When you sent the request
  • Due Date: The deadline you set for the response
  • Details: Brief description or notes about your request
  • Status: Current status (e.g., Pending, Completed)

This table allows you to track which organizations have received your requests, monitor response deadlines, and see the current status of each request. You can sort by any column to organize your outgoing requests by date, recipient, or status.

Managing Outgoing Requests

Use the table to monitor the progress of your requests and identify which organizations still need to respond. The status column provides quick visibility into whether your requests are pending, have been completed, or require follow-up action.

Published AI Cards

The Published AI Cards tab displays a searchable, filterable grid of all AI Cards you have published to other organizations. Each card shows:

  • AI Card Name: The name of the published AI Card
  • AI System: The AI System the card represents
  • Date Sent: When the AI Card was published
  • Recipient: The organization the card was sent to
  • Status: Current status of the published AI Card
  • Artifacts: Visual breakdown of included artifacts with counts for BOMs, Compliance Frameworks, Vulnerability Reports, and Documents.

Published AI Card Statuses

Published AI Cards can carry the following statuses: Accepted, Up-to-Date, Outdated, Pending, Deactivated, Rejected, and Deleted. Cards with an Outdated status display as "Out of sync" with an Update button, prompting you to republish when your AI System's content has changed since the card was last sent.

Viewing Published AI Card Details

Click View Details on any card to open the AI Card detail view. This view displays the card's description, purpose, last-updated date, initial deployment date, next scheduled update, and individual artifact cards for each included artifact.

Did this answer your question?
Related Articles
Responding to an AI Card Request
My AI Systems Overview
Managing Outgoing AI Card Requests
Publishing an AI Card Without a Request
Self-Attesting to a Compliance Framework
AI System Details Overview
My AI Dashboard Overview
Detect AI