U.S. metal fabricators are moving AI-powered machine vision systems from controlled pilots into full production lines, driven by measurable quality gains and tightening software supply chain compliance requirements. The convergence of new federal Software Bill of Materials (SBOM) guidance and rising operational technology (OT) cyberattacks is reshaping how fabricators evaluate, procure, and govern every networked inspection node on the shop floor.
Background
Regulatory pressure behind these deployments intensified in August 2025 when CISA released a draft of its updated "2025 Minimum Elements for a Software Bill of Materials," with a public comment period that closed on October 3, 2025. According to CISA, the draft introduces required data fields including component hash, license information, tool name, and generation context-expanding SBOMs beyond simple inventory into verifiable security records. The foundational mandate traces to U.S. Executive Order 14028, signed in 2021, which required SBOMs for software sold to federal agencies, while a second executive order, EO 14144, issued in January 2025, expanded compliance requirements and clarified the standards software companies must follow.
On the international side, the EU Cyber Resilience Act entered into force in December 2024 and will be fully enforced starting in 2026, requiring manufacturers to generate mandatory SBOMs covering all software components, including firmware, down to the smallest embedded module. CISA and NSA jointly published guidance on SBOM adoption endorsed by 19 international cybersecurity organizations, calling for SBOMs to function as operational decision-support tools linked to vulnerability exploitability exchange (VEX) data, rather than static compliance documents.
Details
Compliance pressure is landing directly on fabrication shop floors. Procurement teams at larger manufacturers now require Software Bills of Materials from vision platform vendors, according to industry reporting, as AI inspection cameras and defect detection nodes are classified as networked OT assets subject to cybersecurity governance. OT-targeted cyberattacks have become a persistent trend in 2025, with attackers exploiting unpatched vulnerabilities in exposed industrial devices.
The performance data driving adoption is substantial. AI-powered vision systems now detect surface and weld defects with 97% accuracy, compared to 85-90% from traditional rule-based methods, and machine vision systems running continuously are documented to reduce rework by 30 to 50%. Most machine vision deployments achieve ROI within 6 to 18 months through reduced labor costs, improved quality, and decreased scrap rates. In steel production, Voestalpine deployed AI-driven computer vision for quality control using high-resolution cameras inspecting surfaces for micro-cracks and anomalies, which reduced defect rates in final products by over 20%.
AI vision detects weld defects including porosity, cracks, undercut, and incomplete fusion, while deep learning systems process thermal profiles during cooling to flag issues such as insufficient heat input or excessive heat-induced warping. Data governance presents a distinct challenge at scale. Deploying AI quality control requires sufficient high-quality labeled data, significant upfront integration effort, skill gaps and training, and cybersecurity controls given the volume of sensitive production data generated. Manufacturers typically mitigate these challenges by improving data governance, starting with high-impact pilot lines, upskilling teams, and enforcing strong security controls. Machine learning models for rare defect types face a specific obstacle: gathering sufficient training examples for defects that rarely occur takes time, with some companies addressing this through synthetic data generation or transfer learning from similar processes.
ERP and MES integration has become a prerequisite for production-scale deployments. The global machine vision market is expected to grow from USD 15.83 billion in 2025 to USD 23.63 billion by 2030, at a CAGR of 8.3%, according to MarketsandMarkets, with AI-based software identified as the fastest-growing segment. The World Economic Forum reports that manufacturing industries face difficulty filling 87% of skilled positions, with quality control and precision assembly roles most affected-a structural labor shortage accelerating machine vision adoption beyond a simple productivity play.
Outlook
CISA is expected to publish a finalized revision of the SBOM minimum elements following the close of the public comment period, while CISA is also working to finalize CIRCIA reporting rules by May 2026, further tightening incident disclosure obligations for critical infrastructure operators. Alignment with IEC 62443, NIST CSF 2.0, and NIST SP 800-161 supply chain risk management controls will offer the clearest compliance pathway for OT vendors and systems integrators in critical manufacturing environments as enforcement dates approach. Fabricators targeting full production rollouts should prioritize SBOM documentation in new vision platform acquisitions before extending compliance audits to legacy installed equipment.
