Manifest and NetRise Unite to Illuminate Firmware’s Blind Spot in Supply Chain Security

For years, even the most mature software supply chain security programs have had a glaring blind spot — firmware. The low-level code running beneath operating systems on routers, MRI machines, industrial controllers, and countless other devices has remained largely opaque to security teams. That changes with a new partnership between Manifest and NetRise, promising what the companies call the first unified, end-to-end view of software and firmware risk.

Closing the Loop Between Code and Hardware

Manifest, a fast-rising leader in AI and software supply chain security, has built its reputation helping enterprises and agencies understand what’s in the software they build, buy, and deploy — mapping components, dependencies, and AI models through a dynamic software bill of materials (SBOM).But that visibility has historically stopped at the operating system boundary.

Firmware, supplied by device manufacturers and often compiled without accessible source code, has become a favorite target for attackers exploiting trusted hardware foundations. In critical sectors — from healthcare to energy — that’s not a theoretical risk; it’s a patient safety and national resilience issue.

That’s where NetRise comes in. The Austin-based firm has built a platform that analyzes binary and compiled code directly, reconstructing SBOMs from firmware images to expose hidden vulnerabilities, misconfigurations, hard-coded secrets, and exploitable keys.

“NetRise was built to end blind trust in software forever,” said Robbie Robbins, vice president of partnerships at NetRise. “Our strategic partnership with Manifest enables thought-leading agencies and enterprises to move from reactive risk management to proactive, full-stack transparency.”

From Source to Silicon: The Integration

Under the new partnership, NetRise’s firmware intelligence will be embedded directly into the Manifest Platform. Customers can now generate and analyze SBOMs for embedded systems alongside traditional software and AI assets — without needing the original source code.

That means, for the first time, organizations can see precisely what’s running on their devices and how it connects to the rest of their digital ecosystem. It also offers a practical path toward compliance with emerging firmware-transparency and SBOM mandates taking shape across defense, healthcare, and critical infrastructure sectors.

Manifest CEO Daniel Bardenstein emphasized the step-change in visibility this represents:“For years, organizations have been able to analyze the code they write and the containers they deploy, but not the firmware embedded on their devices. By incorporating NetRise’s compiled code and firmware analysis capabilities, we’re giving our customers the ability to see deeper into their supply chain than ever before.”

Why It Matters

Firmware attacks are notoriously hard to detect and even harder to remediate once devices are in production. As enterprises deploy fleets of AI-enabled edge devices, medical scanners, industrial sensors, and smart infrastructure, understanding firmware risk becomes a non-negotiable part of operational security.

The Manifest-NetRise integration gives CISOs and compliance leaders a consolidated dashboard spanning source code, containers, third-party software, AI models, and now the firmware layer — bridging a gap that’s long left defenders in the dark.

A Broader Trend Toward “Full-Stack Trust”

The partnership reflects a broader movement in cybersecurity toward “root-of-trust” transparency — a concept extending Zero Trust principles beyond networks and identities to the software and hardware that power modern systems.

By unifying insights across development and deployment layers, Manifest and NetRise are effectively building the connective tissue for the next generation of supply chain governance — one where no binary, from cloud function to chip firmware, goes unexamined.

As regulators tighten SBOM disclosure rules and adversaries continue burrowing deeper into the stack, this collaboration could mark the moment firmware finally comes into focus — turning a historic blind spot into a new frontier of visibility.