惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
N
News | PayPal Newsroom
S
Security Affairs
T
Tor Project blog
P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Help Net Security
Help Net Security
U
Unit 42
云风的 BLOG
云风的 BLOG
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
量子位
F
Full Disclosure
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
有赞技术团队
有赞技术团队
T
Troy Hunt's Blog
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
人人都是产品经理
人人都是产品经理
L
Lohrmann on Cybersecurity
Apple Machine Learning Research
Apple Machine Learning Research
Microsoft Security Blog
Microsoft Security Blog
博客园 - Franky
腾讯CDC
AI
AI
Last Week in AI
Last Week in AI
Latest news
Latest news
Google Online Security Blog
Google Online Security Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
IT之家
IT之家
Martin Fowler
Martin Fowler
Blog — PlanetScale
Blog — PlanetScale
V2EX - 技术
V2EX - 技术
酷 壳 – CoolShell
酷 壳 – CoolShell

PCI Perspectives

Meet the Council’s New Head of Business Operations and Risk Management The AI Exchange: Innovators in Payment Security Featuring PCA Cyber Security Enhance Your Community Meeting Experience with Interactive Workshops The AI Exchange: Innovators in Payment Security Featuring PROSA Bring PCI SSC Training to Your Organization with the New Training Venue Host Program Coffee with the Council Podcast: Meet This Year’s North America Community Meeting Keynote Speaker, Sharon Gai Welcome Our Newest Associate Participating Organizations The AI Exchange: Innovators in Payment Security Featuring SecurityMetrics PCI SSC Publishes New Guidance on Compensating Controls and the Customized Approach Spotlight On: Dreamplug Technologies Private Limited (CRED), a New Principal Participating Organization Request for Comments: PCI Data Security Standard (PCI DSS) v4.0.1 The AI Exchange: Innovators in Payment Security Featuring In-Solutions Global Ltd Coffee with the Council Podcast: Nominate Now for the Global Executive Assessor Roundtable (GEAR) PCI SSC Publishes PCI PTS HSM v5.0 Request for Comments: PCI Secure Software Lifecycle Standard v2.0 Spotlight On: Worldline, a New Principal Participating Organization Coffee with the Council Podcast: Stronger Together – The Value of Participating with PCI SSC The AI Exchange: Innovators in Payment Security Featuring Dreamplug Technologies Private Limited (CRED) Level Up Your Payment Security Expertise with PCI SSC Knowledge Training PCI SSC Launches Enhanced Language Microsites for Global Audience Exhibit at or Sponsor the 2026 Community Meetings Spotlight On: Stripe, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Toast, Inc. Coffee with the Council Podcast: A Panel Discussion on Cryptography The AI Exchange: Innovators in Payment Security Featuring Flywire Spotlight On: Amazon, a New Principal Participating Organization Welcome Our Newest Associate Participating Organizations The AI Exchange: Innovators in Payment Security Featuring Checkout.com Coffee with the Council Podcast: PCI SSC Publishes First-Ever Annual Report The AI Exchange: Innovators in Payment Security Featuring Bank of America Request for Comments: PCI Card Production and Provisioning Physical and Logical Security Standards v3.0.1 Spotlight On: Futurex, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Soft Space PCI Security Standards Council Publishes First-Ever Annual Report Coffee with the Council Podcast: PCI SSC Releases Version 2.0 of the PCI Secure Software Standard PCI SSC 2025 Community Meetings Now Available on Global Content Library PCI SSC Releases Version 2.0 of the PCI Secure Software Standard 2026 PCI SSC Training Schedule Announced Spotlight On: Reflectiz, a New Principal Participating Organization The AI Exchange: Innovators in Payment Security Featuring Jscrambler Meet the Council’s New Client Engagement Operations Director The AI Exchange: Innovators in Payment Security Featuring SISA Meet the Council’s New Director, Training Programs Request for Comments: PCI Key Management Operations (KMO) v1.0 Standard PCI SSC Publishes Mobile Payments on COTS (MPoC) Guidance Document The AI Exchange: Innovators in Payment Security Featuring Block, Inc. Request for Comments: PCI PTS HSM v5.0 Coffee with the Council Podcast: Nominate Your Company for the Council’s Next Brazil Regional Engagement Board 2025 Asia-Pacific Community Meeting Agenda Highlights The AI Exchange: Innovators in Payment Security Featuring Elavon Inc. Coffee with the Council Podcast: Meet the New Regional Director of Japan and South Korea, Junichi Tsuboi Internal Security Assessor (ISA) Training Case Study: WestJet Sneak Peek: 2025 Europe Community Meeting Speakers AI Principles: Securing the Use of AI in Payment Environments The AI Exchange: Innovators in Payment Security Featuring Cloud Security Alliance Beware of PCI DSS Compliance Certificates Meet the Council’s New Regional Director, Europe PCI SSC Releases New Guidance on Authentication and Cryptography Welcome Our Newest Associate Participating Organizations Sneak Peek: 2025 North America Community Meeting Speakers Coffee with the Council Podcast: Meet This Year’s Asia-Pacific Community Meeting Keynote Speaker, Sharon Gai The AI Exchange: Innovators in Payment Security Featuring Salesforce
The AI Exchange: Innovators in Payment Security Featuring Utimaco
Alicia Malone · 2026-06-29 · via PCI Perspectives

Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.  

In this edition of The AI Exchange, Utimaco Inc. Vice President of Products and Strategy, Manish Upasani, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security. 

How has your AI strategy evolved over the past 12–18 months? 

Following the recent growth of AI, Utimaco has transitioned from merely observing AI to actively safeguarding it. As a provider of foundational cryptographic infrastructure, Utimaco is strategically positioning this infrastructure as the security layer beneath AI workloads on-prem and in the cloud.

Our approach has evolved from being AI-adjacent to AI-foundational. While our HSMs and key management solutions have consistently secured sensitive data, we have recognized over the past 12–18 months that AI pipelines now constitute some of the most sensitive data environments within any enterprise. Consequently, we have explicitly repositioned our portfolio to address this reality.

We have established our AI-era partner ecosystem. We announced a technology alliance with key players in the AI space, including the VAST Cosmos community, as a technology partner. This alliance integrates our enterprise secure key manager with VAST’s AI operating system to protect sensitive data powering modern AI platforms.

In addition to securing AI workloads for our customers, we are actively exploring the utilization of AI for internal use cases and quality assurance processes. The inherent challenges associated with employing AI in highly regulated industries and products, such as HSMs, are being addressed in collaboration with compliance laboratories and internal auditors. We are exploring an airgapped AI infrastructure to mitigate the risk of intellectual property leakage.

What is one AI initiative that has already delivered a measurable impact, and what made it successful? 

Typically, we do not develop AI products; instead, we secure the infrastructure on which AI operates. We are collaborating with our partners who develop AI products to enhance the protection of AI datasets, models, and workloads through secure lifecycle management of encryption keys. This approach involves centralized key control across distributed AI infrastructure, providing a single pane of glass for management.

We adhere to our core principle of not reinventing the wheel. Rather than developing an AI platform, we leveraged our proven cryptographic expertise to integrate with AI workloads, thereby reducing customer deployment risk and accelerating time-to-value.

In addition, we are utilizing AI to augment our documentation, particularly for integration guides, to enhance customer value. The AI-generated and validated integration guides enable us to remain current and validate processes, ensuring an error-free experience for our customers.  

How are you approaching AI governance, particularly around data privacy and security? 

Utimaco’s governance approach is firmly grounded in its hardware-anchored trust. We firmly believe that AI governance without cryptographic enforcement at the hardware level is not governance at all.

Our governance philosophy begins at the root of trust. You cannot govern what you cannot control, and leveraging encryption, you cannot exhibit control without controlling the keys. Our HSMs provide the hardware-anchored root of trust that makes AI governance enforceable, including the proven encryption technologies.

We have been closely engaged with the EU AI Act since early 2024, recognizing that it establishes proposed safety mechanisms to effectively control and regulate AI. For privacy specifically, our FIPS 140-3 Level 3 certified HSMs and key management solutions ensure that cryptographic keys never leave a tamper-resistant hardware boundary. In an AI world where models and agents can access vast amounts of enterprise data, this becomes a critical governance control.

We have structured our AI-era partnerships to provide a comprehensive security framework across on-premises, cloud, and hybrid infrastructures because AI workloads do not respect infrastructure boundaries, and neither should your governance framework. 

What challenges have become more apparent as AI capabilities have matured? 

AI has significantly expanded the attack surface for sensitive data, and the rapid advancement of AI capabilities has outpaced the security architectures of most organizations.

The most pressing challenge we observe is the expanding cryptographic attack surface. All enterprise data, whether public or classified, is now accessible to AI frameworks and more to AI agents, enabling them to make autonomous decisions. This creates an even larger volume of data, which is more lucrative and susceptible to various attack vectors. This ever-expanding AI-generated data landscape presents escalating complexity and manageability challenges. Keys that previously protected data accessed by humans now safeguard data accessed by autonomous systems, resulting in a significantly larger governance surface.

Harvest-now, decrypt-later attacks are a compounding threat. As AI capabilities accelerate, so does progress toward quantum computing. Adversaries are already collecting encrypted data today with the intention of decrypting it once quantum systems mature. NIST has standardized quantum-secure algorithms and established a timeline of 2030 for their implementation and the obsolescence of current cryptographic algorithms such as RSA and Elliptic Curve. Organizations that delay migration are accumulating risk they may not even be aware of.

Crypto agility is no longer a desirable feature. The pace of algorithm standardization and regulatory changes means that hard-coded cryptographic implementations become liabilities. Our Quantum Protect solution is designed to be field-activatable, allowing customers to add post-quantum cryptography (PQC) support without replacing hardware. This is because we anticipated that organizations would need to adapt without the need for forklift upgrades.

The skills gap remains acute. AI tools can help fill some of that gap, but they also introduce new risks if not properly governed. 

What advice would you provide for an organization moving from early AI adoption to broader implementation? 

We would like to emphasize the importance of establishing a robust cryptographic foundation before implementing and scaling your AI system. Governance debt, similar to technical debt, accumulates over time and can be significantly more costly to address retroactively.

We would like to highlight a few key points:  

  • Prioritize Security: Many organizations are replicating the mistakes of early cloud adoption: moving rapidly, acquiring capabilities, and inadvertently discovering security vulnerabilities at scale. Establish your key management, data protection, and access governance architecture before expanding AI deployment.
  • Consider AI as Critical Infrastructure: The data that feeds AI models, training sets, inference inputs, model weights, is among the most sensitive and strategically valuable data your organization possesses. It warrants HSM-grade protection, not merely software-layer controls.
  • Embrace Crypto Agility: In the rapidly evolving AI and post-quantum cryptography (PQC) landscape, it is crucial to select assets that offer the flexibility to adapt your implementations. We are currently in the early stages of AI and PQC 1.0, and it is possible that we may soon encounter PQC 2.0 and additional algorithms.
  • Lead with CBOM: Centralized key management cannot be retrofitted once AI workloads are distributed across numerous data stores and cloud providers. A single pane of glass for cryptographic keys serves as the governance foundation and start with a Cryptographic Bill of Material (CBOM). 

What AI trend are you most excited about? 

In the wake of the heightened risk surface introduced by AI, new opportunities have emerged. Utimaco is actively monitoring the convergence of AI and post-quantum cryptography, particularly by utilizing AI to expedite the migration of PQC. Several emerging topics at Utimaco include: 

  • AI-Accelerated Cryptographic Migration: Utilizing AI to assist organizations in inventorying, assessing, and migrating their cryptographic implementations on a large scale. PQC migration fundamentally involves data and dependency mapping at an enterprise level, and AI is increasingly capable of conducting this discovery work that would otherwise require years of manual effort.
  • Agentic AI for Security Operations: The concept of autonomous agents continuously monitoring cryptographic posture, detecting anomalies, and triggering remediation workflows. Organizations can now achieve centralized key control across distributed AI infrastructure, managing encryption keys through a single interface. The next step involves automating the monitoring and response layer on top of this.
  • Privacy-Preserving AI: Expanding beyond our existing portfolio, techniques such as confidential computing, homomorphic encryption, and secure enclaves enable AI models to operate on encrypted data without decrypting it. This represents the genuine transformative potential of the long-term convergence of AI and cryptography, and it is a domain where Utimaco’s HSM expertise is directly applicable. 

View More Content on Artificial Intelligence

Learn More About Ultimaco Inc.