Enlil Inc. is partnering with Interlynk Inc. to develop an integrated solution that embeds cybersecurity compliance and traceability for Software-as-a-Medical Device (SaMD) developers and medical device manufacturers.

As regulators raise the bar on cybersecurity transparency and post-market risk management, medical device teams are being challenged to provide an accurate Software Bill of Materials (SBOM). Missing, however, is continuous insight into software vulnerabilities, threat exposure, artificial intelligence (AI) model integrity, and product lifecycle readiness validation. The Enlil–Interlynk partnership directly addresses this gap.

Why This Partnership Matters Now

Cybersecurity is now central to patient safety and market success. U.S. Food and Drug Administration (FDA) Refuse to Accept (RTA) policies, EU MDR expectations, and regulatory initiatives increasingly demand manufacturers demonstrate software transparency and continuous cybersecurity risk management throughout their products’ lifecycle.

SBOMs, comprehensive lists of software components, are essential, but without automated monitoring, clear context, and connection to the product lifecycle, they risk becoming static artifacts rather than useful tools for day-to-day operations. 

“SBOMs shouldn’t live as static documents created just to pass a submission gate,” Interlynk CEO Surendra Pathak said. “By partnering with Enlil, we’re turning SBOMs into living, actionable intelligence, helping device teams continuously understand risk, respond faster, and stand up to regulatory scrutiny throughout the product lifecycle.”

Through this partnership, Enlil’s cloud-native product lifecycle and traceability platform integrates with Interlynk’s SBOM-, VEX-, and AI-BOM-powered cybersecurity solutions, giving medtech teams a single, connected view of:

• The software and AI components that are built into the product.
• The vulnerabilities and exposures that matter.
• The ways in which risks are assessed, mitigated, validated, and documented.
• How evidence remains continuously audit-ready.
• Identified open-source components (publicly available software) and their dependencies, posing a risk to the overall product.
• The software product revisions impacted by threats and vulnerabilities, and downstream manufacturing lots and shipments that are affected.

For SaMD and AI-enabled medical devices, the integrated solution also supports emerging FDA expectations around training data provenance, data integrity, and AI model supply chain security. This includes traceability of training, validation, and test datasets; protection against unauthorized modification or data poisoning; and version-controlled, cryptographically verifiable AI models treated as regulated software artifacts.

With Interlynk’s AI Bill of Materials (AIBOM, a list of all components in an AI solution), teams can track AI models, datasets (collections of related data), and dependencies using the same SBOM-driven infrastructure, seamlessly extending cybersecurity and regulatory rigor to AI-powered systems.

The integrated solution delivers a shift-left approach to cybersecurity, enabling executive teams to proactively embed security, quality, and compliance from early development to post-market. When issues arise, leadership will have the tools to contain them rapidly, implement focused remediation, and regain control of impacted assets.

“For modern medical devices, software risk is product risk,” Enlil Chief Product Officer Charu Roy stated. “This partnership brings cybersecurity directly into the product lifecycle so teams can manage software and AI risk with the same rigor as quality and regulatory requirements, from design through post-market.”

Key benefits for SaMD and Software-Driven Medical Devices:

Cybersecurity Built In—Not Bolted On: Embed SBOM, AIBOM, and vulnerability intelligence early to reduce remediation and regulatory challenges.

Automated, Living Bills of Materials: Generate and maintain machine-readable SBOMs and AIBOMs using industry formats like CycloneDX and SPDX. These documents provide ongoing monitoring and actionable context for software and AI components.

End-to-End Traceability: Link cybersecurity risks, mitigation efforts, verification activities, and regulatory evidence directly within Enlil’s unified single source for tracking all product data.

Always-On Regulatory Readiness: Stay aligned with evolving FDA cybersecurity guidance and global requirements through structured workflows, audit trails, and real-time visibility.

Enlil is a cloud-native development traceability platform built for medical device and life sciences organizations. Designed to support regulatory readiness across the product lifecycle, Enlil connects quality, regulatory, R&D, manufacturing, and operations teams around a unified system of record. By structuring data for traceability, auditability, and real-time visibility, Enlil helps medtech innovators manage complexity, maintain inspection readiness, and scale compliance from concept through commercialization.

Interlynk is an enterprise product security platform that helps organizations build, secure, and maintain regulatory-compliant software and AI products at scale. Interlynk enables teams to generate, manage, and analyze software, AI, and cryptographic Bills of Materials (SBOM, AIBOM, and CBOM), providing continuous visibility into product and AI dependencies, third-party risk, and software supply chain exposure. Designed for security, engineering, and compliance teams, Interlynk simplifies adherence to global regulatory requirements while improving operational efficiency. It delivers the trust, transparency, and control enterprises need to secure their digital products.