惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Project Zero
Project Zero
S
Security @ Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
A
Arctic Wolf
Webroot Blog
Webroot Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Security Latest
Security Latest
H
Heimdal Security Blog
N
News and Events Feed by Topic
N
News | PayPal Newsroom
T
Tor Project blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
GbyAI
GbyAI
The Last Watchdog
The Last Watchdog
Y
Y Combinator Blog
宝玉的分享
宝玉的分享
Scott Helme
Scott Helme
A
About on SuperTechFans
M
MIT News - Artificial intelligence
V
V2EX
V
Visual Studio Blog
Recorded Future
Recorded Future
博客园 - 叶小钗
F
Fortinet All Blogs
L
Lohrmann on Cybersecurity
The GitHub Blog
The GitHub Blog
博客园 - Franky
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Secure Thoughts
D
DataBreaches.Net
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 三生石上(FineUI控件)
I
InfoQ
SecWiki News
SecWiki News
Blog — PlanetScale
Blog — PlanetScale
Engineering at Meta
Engineering at Meta
J
Java Code Geeks
B
Blog RSS Feed
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
V
Vulnerabilities – Threatpost
H
Help Net Security

PCI Perspectives

Meet the Council’s New Head of Business Operations and Risk Management The AI Exchange: Innovators in Payment Security Featuring PCA Cyber Security Enhance Your Community Meeting Experience with Interactive Workshops The AI Exchange: Innovators in Payment Security Featuring PROSA Bring PCI SSC Training to Your Organization with the New Training Venue Host Program The AI Exchange: Innovators in Payment Security Featuring Utimaco Coffee with the Council Podcast: Meet This Year’s North America Community Meeting Keynote Speaker, Sharon Gai Welcome Our Newest Associate Participating Organizations The AI Exchange: Innovators in Payment Security Featuring SecurityMetrics PCI SSC Publishes New Guidance on Compensating Controls and the Customized Approach Spotlight On: Dreamplug Technologies Private Limited (CRED), a New Principal Participating Organization Request for Comments: PCI Data Security Standard (PCI DSS) v4.0.1 The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd Coffee with the Council Podcast: Nominate Now for the Global Executive Assessor Roundtable (GEAR) PCI SSC Publishes PCI PTS HSM v5.0 Request for Comments: PCI Secure Software Lifecycle Standard v2.0 Spotlight On: Worldline, a New Principal Participating Organization Coffee with the Council Podcast: Stronger Together – The Value of Participating with PCI SSC The AI Exchange: Innovators in Payment Security Featuring Dreamplug Technologies Private Limited (CRED) Level Up Your Payment Security Expertise with PCI SSC Knowledge Training PCI SSC Launches Enhanced Language Microsites for Global Audience Exhibit at or Sponsor the 2026 Community Meetings Spotlight On: Stripe, a New Principal Participating Organization Coffee with the Council Podcast: A Panel Discussion on Cryptography The AI Exchange: Innovators in Payment Security Featuring Flywire Spotlight On: Amazon, a New Principal Participating Organization Welcome Our Newest Associate Participating Organizations The AI Exchange: Innovators in Payment Security Featuring Checkout.com Coffee with the Council Podcast: PCI SSC Publishes First-Ever Annual Report The AI Exchange: Innovators in Payment Security Featuring Bank of America Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1 Spotlight On: Futurex, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Soft Space PCI Security Standards Council Publishes First-Ever Annual Report Coffee with the Council Podcast: PCI SSC Releases Version 2.0 of the PCI Secure Software Standard PCI SSC 2025 Community Meetings Now Available on Global Content Library PCI SSC Releases Version 2.0 of the PCI Secure Software Standard 2026 PCI SSC Training Schedule Announced Spotlight On: Reflectiz, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Jscrambler Meet the Council’s New Client Engagement Operations Director The AI Exchange: Innovators in Payment Security Featuring SISA Meet the Council’s New Director, Training Programs Request for Comments: PCI Key Management Operations (KMO) v1.0 Standard PCI SSC Publishes Mobile Payments on COTS (MPoC) Guidance Document The AI Exchange: Innovators in Payment Security Featuring Block, Inc. Request for Comments: PCI PTS HSM v5.0 Coffee with the Council Podcast: Nominate Your Company for the Council’s Next Brazil Regional Engagement Board 2025 Asia-Pacific Community Meeting Agenda Highlights The AI Exchange: Innovators in Payment Security Featuring Elavon Inc. Coffee with the Council Podcast: Meet the New Regional Director of Japan and South Korea, Junichi Tsuboi Internal Security Assessor (ISA) Training Case Study: WestJet Sneak Peek: 2025 Europe Community Meeting Speakers AI Principles: Securing the Use of AI in Payment Environments The AI Exchange: Innovators in Payment Security Featuring Cloud Security Alliance Beware of PCI DSS Compliance Certificates Meet the Council’s New Regional Director, Europe PCI SSC Releases New Guidance on Authentication and Cryptography Welcome Our Newest Associate Participating Organizations Sneak Peek: 2025 North America Community Meeting Speakers Coffee with the Council Podcast: Meet This Year’s Asia-Pacific Community Meeting Keynote Speaker, Sharon Gai The AI Exchange: Innovators in Payment Security Featuring Salesforce
The AI Exchange: Innovators in Payment Security Featuring Toast, Inc.
Alicia Malone · 2026-04-03 · via PCI Perspectives

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.  

In this edition of The AI Exchange, Toast, Inc. Senior Director, Technical Compliance, Mahmoud Sultan, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security. All opinions expressed are his own and do not represent the opinions of Toast, Inc. 

How have you most recently incorporated artificial intelligence within your organization? 

At Toast, we’re incorporating AI in a variety of ways, including two complementary ways: customer-facing capabilities for restaurants and retailers, and internal productivity enablement.

On the product side, Toast IQ has expanded from a set of “smart features” into a more conversational, task-oriented AI assistant built directly into the Toast ecosystem—helping answer operators’ questions and surface insights. Toast IQ can flag top-selling items by daypart, add a menu item with a single prompt, automatically update menus across every service channel, and quickly answer questions like, “Who’s working Friday night?"

Internally, we’re applying and exploring many AI use cases including to accelerate the engineering lifecycle. We’re also exploring AI-enabled approaches to support GRC operations—such as summarizing evidence, highlighting exceptions, and generating first-pass narratives that assist (not replace) human review at this time. 

What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent? 

The biggest change is that AI has shifted from being “a tool” to becoming a workflow layer—compressing the time between question → insight → action. For our customers, this can potentially mean faster decisions inside a system that spans orders, operations, and payments. For internal teams, it can mean moving faster while still meeting a high bar for assurance, audit readiness, and control discipline.

How do you see AI evolving or impacting payment security in the future? 

AI will likely be a force multiplier for payment security in a variety of ways including: 

  1. Detection at machine speed: AI-driven anomaly detection and behavioral analytics can help identify fraud patterns, account takeover attempts, and operational signals that humans would struggle to catch—especially as attackers automate and scale.
  2. Adaptive controls: We’ll likely see more dynamic risk-based decisioning (e.g., step-up verification, transaction friction, or routing decisions) based on contextual signals rather than static rules—improving both protection and user experience.
  3. Continuous assurance: AI can help shift compliance from periodic snapshots to more continuous monitoring by triaging evidence, flagging exceptions, and accelerating remediation cycles—while preserving strong human oversight and traceability. 

For payments ecosystems, the goal is higher confidence with less friction: security that’s not only strong, but also more scalable and more integrated into how teams build and operate. 

What potential risks should organizations consider as AI becomes more integrated into payment security? 

In the future, as AI becomes embedded into payment security, organizations should plan for risks across security, integrity, privacy, and governance, including: 

  • Adversarial use of AI: automated phishing/social engineering, synthetic identities, and accelerated vulnerability exploitation.
  • Model risk: data poisoning, prompt injection (for LLM-based workflows), and evasion techniques that can reduce detection effectiveness.
  • Data governance: ensuring payment-related and other sensitive data is properly scoped, minimized, protected, and not inappropriately exposed to third parties—especially when using external models/services.
  • Explainability and accountability: if AI influences security outcomes (e.g., blocking, routing, step-up actions), organizations must be able to justify decisions, monitor quality and bias, and maintain human override paths.
  • Over-reliance: At least for now AI should augment—not replace—core security fundamentals and expert judgment, particularly for high-impact determinations, realizing that this pendulum will likely swing further over time.

What advice would you provide for an organization just starting their journey into using AI? 

Start with high-value, low-risk use cases, and build the governance foundations early: 

  • Pick the right first use cases: prioritize productivity and decision support before automated enforcement (e.g., summarization, triage, investigation acceleration, policy mapping).
  • Define guardrails upfront: data classification, acceptable use, human-in-the-loop requirements, auditability, and retention boundaries.
  • Threat model AI features: treat AI like any other production capability—secure SDLC, abuse cases, logging/monitoring, and red-team approaches where appropriate.
  • Measure outcomes: track accuracy, false positives/negatives, drift, and operational impact—not just novelty.
  • Don’t skip vendor diligence: understand model boundaries, data handling/retention, training usage, and security controls when using third-party AI.

This approach helps organizations move quickly while keeping trust, safety, and compliance as first-order requirements. 

What AI trend (not limited to payments) are you most excited about? 

I’m most excited about AI that reduces operational toil while increasing assurance—especially agentic workflows that can gather context, propose actions, and prepare evidence packages, while keeping humans in control for approval and final judgment (for now).

In practical terms, that includes AI-assisted engineering workflows, AI-augmented investigations, and AI-enabled compliance operations (e.g., evidence summarization, exception detection, and control effectiveness signals). Done well, these capabilities can help make security and compliance more seamless and integrated into day-to-day operations—less of a late-stage blocker, and more of an enabling mechanism for trusted innovation. 

View More Content on Artificial Intelligence

Learn More About Toast, Inc.