Integration combines SBOM management with vulnerability monitoring and AI model traceability to help manufacturers meet FDA requirements.
Enlil Inc and Interlynk Inc have formed a partnership to deliver an integrated cybersecurity solution for Software-as-a-Medical Device (SaMD) developers and medical device manufacturers facing increased regulatory scrutiny.
The collaboration addresses growing challenges as regulators demand greater cybersecurity transparency and post-market risk management. While Software Bill of Materials (SBOM) documentation serves as a foundation, manufacturers need continuous monitoring of software vulnerabilities, threat exposure, and AI model integrity throughout the product lifecycle.
“SBOMs shouldn’t live as static documents created just to pass a submission gate,” says Surendra Pathak, CEO of Interlynk, in a release. “By partnering with Enlil, we’re turning SBOMs into living, actionable intelligence, helping device teams continuously understand risk, respond faster, and stand up to regulatory scrutiny throughout the product lifecycle.”
Integrated Platform Features
The partnership combines Enlil’s cloud-native product lifecycle platform with Interlynk’s SBOM-, VEX-, and AI-BOM-powered cybersecurity solutions. The integrated system provides manufacturers with visibility into software and AI components, relevant vulnerabilities and exposures, risk assessment and mitigation documentation, and audit-ready evidence.
The solution also identifies open-source components and their dependencies, tracks software product revisions affected by threats, and monitors downstream manufacturing lots and shipments impacted by vulnerabilities.
For AI-enabled medical devices, the platform supports emerging FDA expectations around training data provenance and AI model supply chain security. This includes traceability of training, validation, and test datasets, along with version-controlled, cryptographically verifiable AI models.
Using Interlynk’s AI Bill of Materials (AIBOM), teams can track AI models, datasets, and dependencies through the same SBOM-driven infrastructure used for traditional software components.
Regulatory Compliance Focus
The partnership addresses current FDA Refuse to Accept policies, EU MDR expectations, and other regulatory initiatives requiring manufacturers to demonstrate software transparency and continuous cybersecurity risk management.
“For modern medical devices, software risk is product risk,” says Charu Roy, chief product officer at Enlil, in a release. “This partnership brings cybersecurity directly into the product lifecycle, so teams can manage software and AI risk with the same rigor as quality and regulatory requirements, from design through post-market.”
The solution generates and maintains machine-readable SBOMs and AIBOMs using industry formats including CycloneDX and SPDX, providing ongoing monitoring and actionable context for software and AI components.
ID 188247649 © Chatree Bamrung | Dreamstime.com
