Organizations deploying agentic AI systems face a documented governance gap: existing software inventory frameworks cannot track the dynamic, multi-component nature of autonomous AI agents across foundation models, fine-tuned layers, plugins, and runtime tool permissions. AI Bill of Materials (AI BOM) frameworks are emerging as the primary control response. Without AI BOMs, security teams cannot scope incidents involving agent actions, cannot detect compromised upstream model components, and cannot demonstrate compliance with emerging AI governance obligations. No CVE or patch applies — remediation requires process, documentation, and access control changes.