





















Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
In this edition of The AI Exchange, Toast, Inc. Senior Director, Technical Compliance, Mahmoud Sultan, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security. All opinions expressed are his own and do not represent the opinions of Toast, Inc.
How have you most recently incorporated artificial intelligence within your organization?
At Toast, we’re incorporating AI in a variety of ways, including two complementary ways: customer-facing capabilities for restaurants and retailers, and internal productivity enablement.
On the product side, Toast IQ has expanded from a set of “smart features” into a more conversational, task-oriented AI assistant built directly into the Toast ecosystem—helping answer operators’ questions and surface insights. Toast IQ can flag top-selling items by daypart, add a menu item with a single prompt, automatically update menus across every service channel, and quickly answer questions like, “Who’s working Friday night?"
Internally, we’re applying and exploring many AI use cases including to accelerate the engineering lifecycle. We’re also exploring AI-enabled approaches to support GRC operations—such as summarizing evidence, highlighting exceptions, and generating first-pass narratives that assist (not replace) human review at this time.
What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent?
The biggest change is that AI has shifted from being “a tool” to becoming a workflow layer—compressing the time between question → insight → action. For our customers, this can potentially mean faster decisions inside a system that spans orders, operations, and payments. For internal teams, it can mean moving faster while still meeting a high bar for assurance, audit readiness, and control discipline.
How do you see AI evolving or impacting payment security in the future?
AI will likely be a force multiplier for payment security in a variety of ways including:
For payments ecosystems, the goal is higher confidence with less friction: security that’s not only strong, but also more scalable and more integrated into how teams build and operate.
What potential risks should organizations consider as AI becomes more integrated into payment security?
In the future, as AI becomes embedded into payment security, organizations should plan for risks across security, integrity, privacy, and governance, including:
What advice would you provide for an organization just starting their journey into using AI?
Start with high-value, low-risk use cases, and build the governance foundations early:
This approach helps organizations move quickly while keeping trust, safety, and compliance as first-order requirements.
What AI trend (not limited to payments) are you most excited about?
I’m most excited about AI that reduces operational toil while increasing assurance—especially agentic workflows that can gather context, propose actions, and prepare evidence packages, while keeping humans in control for approval and final judgment (for now).
In practical terms, that includes AI-assisted engineering workflows, AI-augmented investigations, and AI-enabled compliance operations (e.g., evidence summarization, exception detection, and control effectiveness signals). Done well, these capabilities can help make security and compliance more seamless and integrated into day-to-day operations—less of a late-stage blocker, and more of an enabling mechanism for trusted innovation.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。