Manifold Security launched Manifest, a supply chain intelligence platform designed to map and analyze how AI agent components interact with each other and external systems. The platform helps enterprises understand dependencies behind agent behavior, including connections to external services—a critical blind spot as companies rush to deploy autonomous agents in production environments.
This addresses a real problem that's been brewing under the surface. As AI agents become more sophisticated and start calling APIs, accessing databases, and integrating with third-party services, traditional security models break down. You can't just scan a Docker container and call it secure when your agent might dynamically connect to dozens of external services based on user prompts. The supply chain attack surface explodes when agents start autonomously deciding what tools to use.
The timing aligns with broader infrastructure efforts around agent security. Projects like nono (from the Sigstore creator) are building capability-based sandboxes specifically for AI agents, while OWASP's GenAI Security Project is expanding frameworks for agentic AI security. These aren't isolated efforts—they're responses to the same fundamental challenge: traditional application security doesn't work when your "application" can rewrite itself and call arbitrary external services.
For developers building agent systems, this means security can't be an afterthought anymore. If you're integrating agents into production workflows, you need visibility into what they're actually connecting to and when. The alternative is deploying black boxes into your infrastructure and hoping for the best—which is exactly how supply chain attacks succeed.