A Partnership Against Modern Cyber Threats
When Marc Frankel arrived at The Fletcher School at Tufts University as a Januarian in 2010, he hoped to pivot from his career in asset management to one in national security.
“Fletcher enabled me to make that transition,” Frankel said. He earned a Master of Arts in Law and Diplomacy in International Relations and National Security Studies. After graduation, he followed a fellow Fletcher alumnus to what was then a little-known company called Palantir.
Frankel’s entrance into the fast-growing and dynamic field of cybersecurity meant work with the U.S. intelligence community, multiple technology startups, and even a stint in Australia. Today he is the co-founder and CEO of Manifest, a cutting-edge cybersecurity company that helps organizations secure their software supply chains.
This work is critical to clients in healthcare, aerospace, and the U.S. government. Software supply chain attacks are on the rise by 700% year-over-year. The biggest catalyst for the rising risk is artificial intelligence. Threat actors can now automate the process of utilizing and spreading exploits and attack vulnerabilities that had previously gone undiscovered.
“The internet used to be like a big forest,” said Frankel. “Now, there’s no hiding.”
A transformative partnership with the U.S. Air Force
Manifest’s work on software supply chains led to an opportunity with the U.S. Air Force, which had recently begun requiring software vendors and developers to provide Software Bills of Materials. Also known as “SBOMs,” these are lists of the ingredients that make up software.
“When you buy a box of cereal, it says wheat sugar, raisins, corn syrup.” Frankel explained. “Similarly, the Air Force needs to know what’s in the applications they bring into their environment, because those applications safeguard defense infrastructure.”
Since software lists of ingredients can be enormous, requiring SBOMs meant that the Air Force needed a simple way to digest the reams of data.
Frankel recognized that Manifest’s ability to monitor software assets could be valuable to the Air Force. He developed a proposal to apply the Manifest SBOM management platform to the Air Force use case, providing proactive notifications of any new vulnerability. The grant application required a partnership with a non-profit research institution, and Frankel knew just who to call.
A role for Fletcher’s expertise
Frankel’s ties to Fletcher were deep – he had even met his wife Sarah at the school. Now, he needed a research partner with unparalleled expertise in cybersecurity.
“My first phone call was to Fletcher,” he said. He reached out directly to Professor Josephine Wolff. “Her background and the school's pedigree opened a lot of doors for us.”
Professor Wolff offered renown in the field and connections to the Department of Defense ecosystem. She collaborated with Frankel on product development and secured letters of support for their proposal. These steps helped Manifest and Fletcher win two Small Business Technology Transfer Program (STTR) research grants.
Throughout the partnership, Frankel appreciated Fletcher’s flexibility and dexterity.
“There are certainly some academic institutions where there'd be a lot of red tape getting a proposal like this together,” he explained. “That just wasn't the case with Fletcher. I think it took two phone calls to get to a ‘yes’ on the partnership.”
“The speed of execution has been fantastic,” he added.
The work ahead
With the grants in hand, Manifest and Fletcher are working on projects to secure the Air Force’s mission-critical software. The latter of these grants, awarded in December of 2023, concerns artificial intelligence supply chains. This project lasts until March, after which the team will submit a proposal for a second phase.
“Artificial intelligence has the potential to transform our military and civilian infrastructure,” said Professor Wolff. “We’re just beginning to explore the supply chain security challenges around AI.” Given the importance of these challenges for the entire U.S. public sector, the team expressed interest in collaborating with others in the broader Fletcher community.
“We would love to coordinate and collaborate with anybody in the AI security industry who's working on these sorts of problems, particularly on the public sector side,” said Marc.
Read more on Manifest and Fletcher's work for the Air Force here.