In this episode, I sit down with Daniel Bardenstein, CTO & Co-Founder of Manifest Cyber.

We discussed the AI supply chain security, including open source risks, AIBOMs, best practices for CISOs, and regulatory approaches in the U.S. and EU.

We dove into:

• What is the same and different between the risks AI introduces across the enterprise compared to open source software, and where and how the two converge.
• The rise of an “AIBOM” and why it is becoming a critical part of enterprise risk management in the AI Era
• The work Daniel and others are doing as part of a Tiger Team defining “SBOM-for-AI-Use Cases”.
• Why is it so difficult for organizations to gain visibility into their AI models' internals, especially training data, model provenance, and pipeline dependencies?
• Where CISOs and security teams can get started when it comes to understanding where and how AI is being used and avoiding some mistakes.
• Gaps among the current waves of AI security startups and how they contrast with the approach Manifest is taking when managing AI supply chain risks.
• Real-world insights and examples of how organizations operationalize SBOM for risk reduction.
• Key differences between the U.S. and EU regarding regulatory approaches to AI and supply chain security risks.

In this episode, we sit down with Christian Posta, the Field CTO at Solo.io and an industry author and leader on topics such as Microservices, AI, and IAM.

We will explore the rise of Agentic AI and its supporting protocols, such as MCP and A2A, and the broader challenges and considerations of Identity security in the age of LLMs.

In this episode, we sit down with Jim Manico, a longtime industry AppSec Leader, Educator, and Innovator, to discuss enhancing software security in the era of AI.

This includes covering recent talks Jim has given about using AI as a force multiplier for software development, the importance of security-centric prompting, and the overall impact of AI on the field of AppSec.

We discussed:

• A recent talk Jim gave where he discussed transforming secure software creation with AI, doing the work of teams of people on his own, and what used to take tens of thousands of hours through the use of agents and various frontier models and offerings.
• The importance of security-centric prompting and guidance for models to produce secure code and the impact on vulnerability velocity by doing so.
• The risks of the broader developer community leaning into these tools without adding security-centric prompts and guidance, but the opportunity for prompt libraries and enterprise controls to lead to systemic secure software development within the enterprise.
• The workforce implications of AI-driven development and the need to upskill to stay relevant (and employable).
• Where Jim sees opportunity beyond just AppSec when it comes to AI and Cybersecurity, in other areas such as GRC and SecOps as well.