The Illusion of Transparency: What Most Organizations Don't Know About Their Software and AI Supply Chains | A Brand Spotlight at RSAC Conference 2026 with Daniel Bardenstein, CEO and Co-Founder of Manifest Cyber

Daniel Bardenstein, CEO and co-founder of Manifest Cyber, opens with a candid assessment: the fundamental problem hasn't changed since Log4Shell. Organizations still don't understand what's inside the software and AI they build and buy. A recent Manifest Cyber study found a 40-50% gap between how well CISOs believed their security posture was managed and how their own AppSec teams rated the reality. Traditional SCA tools bury analysts in alerts without enabling response. Third-party tools hand out letter grades without reflecting actual empirical risk. The result is what Bardenstein calls the illusion of transparency -- confidence in visibility that doesn't actually exist.

The hidden sources of risk go deeper than most teams realize. C/C++ code underpins critical infrastructure across medical devices, automotive, defense, and financial services -- yet most scanning tools can't effectively analyze it. Third-party binaries carry serious risk that vendors rarely disclose. Open source libraries that haven't been updated in years represent quiet exposure. And AI adoption is adding a new layer of opacity: datasets of unknown provenance, open-weight models with untested risk profiles, and AI-embedded applications where organizations have no visibility into what models or agents are operating underneath.

Bardenstein frames the path forward in three dimensions: rapid response when a new issue emerges, proactive inventory and monitoring of critical dependencies, and supply chain risk stopped at the procurement gate before it enters the enterprise. When customers demand SBOMs as a condition of doing business, vendors improve -- and those improvements flow to all their other customers as well. Manifest Cyber sees this market dynamic as one of the most powerful forces for making the software ecosystem more secure.

The conversation also takes on accountability. Drawing on his time leading technology strategy at CISA, Bardenstein argues that the burden of transparency must fall on the people who write software, not those who buy and use it. The "transparency tax" -- the hidden cost of cheap or opaque technology -- only surfaces after something goes wrong, in the form of incident response, people-hours, and exposure. Compliance drivers like the EU Cyber Resilience Act are reinforcing this shift, but market pressure from major banks, pharmaceutical companies, and government is already moving faster than regulation.

Manifest Cyber automates the hard work: generating SBOMs, analyzing binaries, surfacing risk in C/C++ and third-party dependencies, and enabling fast, owner-assigned remediation. One customer went from zero to generating SBOMs across their entire fleet in 90 seconds -- without touching a command line. The platform is built to keep engineer velocity high, surface risk in plain language for procurement and risk teams, and make supply chain security accessible to the entire organization, not just the AppSec team.

This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight

GUEST

Daniel Bardenstein, CEO and Co-Founder, Manifest Cyber
LinkedIn: https://www.linkedin.com/in/bardenstein/

RESOURCES

Manifest Cyber: https://www.manifestcyber.com

Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight

KEYWORDS

Daniel Bardenstein, Manifest Cyber, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, software supply chain security, SBOM, Software Bill of Materials, AIBOM, AI supply chain, Log4Shell, software transparency, SCA tools, C/C++ security, open source risk, Secure by Design, EU Cyber Resilience Act, supply chain risk management, third-party risk, RSAC Conference 2026, cybersecurity

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.