About this episode
As RSAC 2026 approaches, Daniel Bardenstein, CEO and Co-Founder of Manifest, joins hosts Sean Martin and Marco Ciappelli to unpack the growing disconnect between how security leaders perceive their AI and software supply chain posture and what practitioners on the ground actually experience. Drawing from Manifest's new research report — Beyond the Black Box — Bardenstein connects the dots between shadow AI, SBOM adoption gaps, and a dangerous pattern: history is repeating itself as organizations rush to adopt AI with the same disregard for security that characterized the early cloud era.
In a wide-ranging pre-event conversation ahead of RSAC 2026, Daniel Bardenstein, CEO and Co-Founder of Manifest, explores what it means to truly secure the software and AI supply chain — not just check the compliance box. Manifest's new research report, Beyond the Black Box, surveyed more than 300 security and AI leaders globally to understand the reality of AI adoption and software supply chain risk. One of the most striking findings was not a statistic, but a structural problem: a significant perception gap exists between how confident executive security leadership feels about their AI security posture and how unprepared frontline practitioners actually are. Where there is misalignment, Bardenstein notes, there is risk.
The conversation draws a vivid parallel to the cloud adoption wave of a decade ago, when organizations rushed to SaaS and cloud infrastructure without thinking through security implications — and gave birth to entire new industries to clean up the mess. Today, the same dynamic is playing out with AI. Nearly two-thirds of the survey respondents reported encountering shadow AI within their organizations, as employees freely use tools like ChatGPT, DeepSeek, or locally downloaded models without centralized governance. When that AI eventually gets embedded into software that organizations build, deploy, and sell, the blind spots compound.
SBOMs — software bills of materials — represent a promising step toward supply chain transparency, and Bardenstein credits the US government's regulatory nudging for driving adoption. Manifest's research shows that roughly 60% of organizations are now generating SBOMs, a meaningful milestone. But generation is not governance. Too many organizations treat an SBOM as a compliance artifact — a JSON file on a hard drive — rather than an operational tool that could dramatically accelerate vulnerability response, regulatory compliance, and incident management. The prescription has been filled; it's just not being taken.
To reframe the urgency, Bardenstein introduces the concept of the "transparency tax" — the hidden cost organizations pay in time, money, and risk when they build or buy opaque technology. Just as consumers demand ingredient labels on food, Carfax reports on used cars, and active ingredient disclosures on prescriptions, the technology secto
