In this episode, I sit down with Daniel Bardenstein, CTO & Co-Founder of Manifest Cyber.

We discussed the AI supply chain security, including open source risks, AIBOMs, best practices for CISOs, and regulatory approaches in the U.S. and EU.

We dove into:

• What is the same and different between the risks AI introduces across the enterprise compared to open source software, and where and how the two converge.
• The rise of an “AIBOM” and why it is becoming a critical part of enterprise risk management in the AI Era
• The work Daniel and others are doing as part of a Tiger Team defining “SBOM-for-AI-Use Cases”.
• Why is it so difficult for organizations to gain visibility into their AI models' internals, especially training data, model provenance, and pipeline dependencies?
• Where CISOs and security teams can get started when it comes to understanding where and how AI is being used and avoiding some mistakes.
• Gaps among the current waves of AI security startups and how they contrast with the approach Manifest is taking when managing AI supply chain risks.
• Real-world insights and examples of how organizations operationalize SBOM for risk reduction.
• Key differences between the U.S. and EU regarding regulatory approaches to AI and supply chain security risks.