Manifest unveils AI Risk module to boost enterprise AI security

Manifest has launched Manifest AI Risk, a module designed to address risk transparency in AI models and datasets for enterprise security teams struggling to manage rapidly expanding AI supply chains.

The new module, part of the Manifest Platform, aims to automate and bring real-time governance to the management of AI risks. Manifest states that the module directly addresses the challenges posed by the pace of AI adoption and gaps left by traditional security tools and specialist AI startups. According to the company, these existing solutions often treat AI risks separately from broader software risks or focus on niche threat vectors.

Enterprise organisations face difficulties in tracking vulnerabilities, provenance, dependencies, and legal risks associated with the use of AI models and datasets. The complexity is heightened by the scale at which models are deployed, especially as security and compliance teams are often required to manually review each model - a process that can take six to eight weeks per model. This manual approach becomes unsustainable as businesses scale their AI deployments.

An official from Manifest explained the current state of industry tooling, noting that it often falls short in providing the level of transparency and risk assessment required by enterprises. The Manifest Platform, now including the AI Risk module, is currently used by several Fortune 500 firms and key government agencies.

Challenges in AI supply chain security

The speed of AI adoption is outpacing the capacity of organisations to secure it, creating governance issues. Security, compliance, and legal teams have been forced into a position where they either accept risk or significantly slow down development to vet AI models manually. This is a particular issue for organisations handling dozens or hundreds of models, where manual processes can lead to strategic delays and reduced competitiveness.

Manifest says its AI Risk module concept arose from working directly with six Fortune 500 companies to ensure the solution addresses challenges encountered at enterprise scale. The platform now oversees more than USD $100 billion in annual defence contracts and supports customers in the automotive, healthcare, and aerospace sectors.

Automation and governance features

The new capabilities include an AI Bill of Materials (AIBOM) engine for automatic discovery and inventory of generative AI models, custom machine learning models, and AI-enabled applications across both development and production environments. The AIBOM scans source code for embedded models and provides continual discovery and real-time vulnerability monitoring. According to Manifest, this feature reduces assessment times from weeks to minutes.

The suite also includes an AI Governance Policy Engine, which enforces organisational policies regarding the deployment of open-source and custom models. It can restrict the use of outdated models, models from high-risk countries, or those that lack transparency around licences and training data. Integration with DevSecOps workflows and source code notebook detection enables automated alerts for policy violations.

For executives, Manifest has introduced an AI Risk Dashboard offering business-focused reporting and visibility into supply chain risks. The dashboard is designed to help organisations appraise models - from sources such as Hugging Face - for training data provenance, policy alignment, and licensing. Automated vulnerability prioritisation assists in strategic reporting and decision-making at the board level.

Industry perspectives

"While everyone's been focused on AI ethics and compliance checkboxes, the real challenge is operational – knowing exactly what AI models you're running, where they're deployed, and what happens when something goes wrong. I have watched organizations spend months painstakingly and manually assessing AI model risks. Manifest AI Risk compresses that timeline to minutes, with just two clicks, by extracting and processing massive amounts of AI data. That's the difference between surviving an AI incident and being crushed by it."

said Daniel Bardenstein, Chief Technology Officer and Co-founder of Manifest.

Industry observers have noted that existing code scanning platforms and AI security solutions fail to provide comprehensive visibility into the deployment and risk profile of AI systems. Most of these solutions either miss AI-specific issues, concentrate on narrow attack vectors, or lack deployment transparency, resulting in what Manifest describes as dangerous risk blind spots. The company asserts that immediate impact assessment, rather than prolonged analysis, is critical in the event of new vulnerabilities affecting AI systems.

"Every executive asks me the same question: 'How do we know what's actually in our AI systems?' The answer has been 'you don't' - until now. This isn't just applying our SBOM expertise to AI, it's recognizing that AI transparency requires an entirely different approach. The companies that gain visibility into their AI supply chains today will have the competitive edge tomorrow."

said Marc Frankel, Chief Executive Officer and Co-founder of Manifest Cyber.

The launch of Manifest AI Risk reflects increasing demand among large enterprises for automated, scalable approaches to AI risk management and transparency. The company emphasises the need for governance tools that enable organisations to make timely, business-informed decisions as AI technology becomes further integrated into critical infrastructure and operations.