























Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
In this edition of The AI Exchange, Soft Space CTO, Nicholas Lim, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security.
How have you most recently incorporated artificial intelligence within your organization?
We are still in the experimental phase, but we have started pilots that use AI to support engineering, operations, and compliance workflows. We rely on both local and public LLM models depending on data sensitivity. AI assists with documentation, code analysis, operational insights, and interpreting security and compliance requirements. The focus is on building a safe foundation that respects data boundaries and regulatory expectations.
What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent?
The biggest shift is behavioral. Teams are becoming more automation-first, more proactive, and more deliberate in how they plan their work. AI has accelerated knowledge acquisition, helping individuals understand complex systems faster before execution. It hasn’t replaced thinking; it has improved the quality of it.
How do you see AI evolving or impacting payment security in the future?
AI will magnify both defense and attack capabilities. While it can help detect weaknesses or misconfigurations earlier, it also enables attackers to exploit inherent weaknesses faster or create entirely new vectors. This increases the importance of strong payment security fundamentals, continuous monitoring, and disciplined control implementation.
What potential risks should organizations consider as AI becomes more integrated into payment security?
AI introduces new risk surfaces, including governance gaps, model integrity issues, privacy considerations, and the possibility of overreliance on automated outputs. Payment environments must ensure AI operates within strict data boundaries, is auditable, and does not become an uncontrolled component of the ecosystem.
Equally important, organizations must retain strong human verification and the skills needed to assess and challenge AI-generated outputs. These verification checkpoints should be intentionally built into processes, especially in security-sensitive or regulated payment environments.
What advice would you provide for an organization just starting their journey into using AI?
Always start with experiments and keep it simple:
What AI trend (not limited to payments) are you most excited about?
Agentic AI. The capability to observe, reason, and take actions within defined boundaries can enhance team performance. With proper safeguards, this enables rapid transformation of an organization in areas such as operational resilience, elevate overall organization performance, and improve cross team communication (reduce communication discrepancies) without compromising security or compliance principles.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。