Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
In this edition of The AI Exchange, Salesforce’s Director, Security Compliance, James Huang, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security.
How have you most recently incorporated artificial intelligence within your organization?
In the era of agentic AI, our focus is on deploying Agentforce, Salesforce’s digital labor platform, and including intelligent AI agents as a fundamental part of the customer and employee experience.
For instance, we are leveraging Agentforce and AI to streamline our own operations, especially in areas around policy review and compliance obligations. AI agents are instrumental in automating the analysis of vast regulatory documents, identifying relevant changes, and even drafting initial policy updates to stay up to date and align with PCI compliance and adherence to other security standards.
This allows our internal teams to rapidly assess the impact of new regulations, accelerate policy review cycles, and proactively identify compliance gaps, thereby enhancing our security posture and reducing the manual effort associated with maintaining strict regulatory alignment. Additionally, it also enables real-time feedback and analysis of our control effectiveness, allowing us to assess risk more accurately and respond swiftly. It's all about making our internal operations more efficient, while making our environments more secure.
What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent?
The most impactful shift we are witnessing is the rise of digital labor. AI agents are evolving from tools into strategic collaborators, fundamentally changing how work is done. AI agents can now take on rote, manual tasks—enabling our teams to redirect their focus toward higher-value work that demands creativity, critical thinking, and human judgment.
This isn't about replacing people with AI; it’s about augmenting human capability and freeing people to do high-impact, high-stakes work.
How do you see AI evolving or impacting payment security in the future?
AI agents are set to redefine payment security by dramatically improving our ability to detect and respond to fraud and incident response. At Salesforce, we view AI agents with Agentforce as integral to strengthening our overall security posture. We’re applying AI agents to conduct real-time security and architecture reviews, enable continuous control testing, and identify areas of potential control failure before they become risks.
AI agents proactively monitor system activity, analyze security logs, and can even simulate attack scenarios to surface hidden vulnerabilities. This allows us to be proactive and provide continuous security assurance — ensuring we stay ahead of threats and uphold the highest standards of data integrity and compliance, especially for critical frameworks like PCI.
What potential risks should organizations consider as AI becomes more integrated into payment security?
As AI becomes increasingly embedded in payment security, organizations must proactively evolve their security strategies to fully enable and trust its capabilities. Priority should be building the foundational infrastructure that allows for its secure, responsible, and effective deployment.
A critical part of this foundation is the creation of a high-quality, reliable trust data layer—ensuring that the data feeding AI systems is accurate, governed, and complete. Trusted data underscores trusted AI — trusted data is especially critical when handling sensitive financial or payment information. Strong data governance, classification, and lineage tracking are essential to maintain the integrity of AI-driven decisions.
At the same time, organizations must secure the underlying data, carefully scope access for intelligent agents, and continuously monitor their activity. This, combined with a culture of platform hardening, real-time assessments, and continuous security vigilance, allows organizations to harness the full potential of AI without compromising trust, compliance, or resilience.
What advice would you provide for an organization just starting their journey into using AI?
For any organization embarking on its AI and Agentic journey, here's my straightforward advice:
- Dive In and Experiment
Don’t hesitate to get hands-on with AI agents. Start by mastering the fundamentals —understanding how precise prompts influence large language model outputs. The more accurate and context-rich your inputs, the better the results. - Pinpoint High-Impact Use Cases
Identify where AI agents can create real value. AI excels at content generation, translation, summarization, and similar tasks. Focus on specific pain points within sales, service, or marketing to maximize impact. - Prepare Your Data for Success
AI agents’ effectiveness depends on the quality of data it consumes. Build a unified customer view by connecting and harmonizing data sources to establish a “single source of truth.” This foundation ensures AI models deliver relevant and actionable insights. - Proactively Manage Risks
Stay vigilant about risks—particularly around data privacy and security. Implement safeguards such as data masking for personally identifiable information (PII), monitor AI agents’ outputs for bias or inaccuracies, and maintain human oversight throughout. - Integrate AI and Iterate Continuously
Drive measurable business value by embedding AI insights into existing workflows. Continuously evaluate outcomes, refine models, and evolve strategies to optimize performance over time.
What AI trend (not limited to payments) are you most excited about?
The rise of agentic AI and its potential to deliver personalized customer experiences at scale, while simultaneously strengthening security and compliance. AI agents that not only understand customer needs but also take proactive actions—ranging from generating customized content to automating complex service requests—are truly game-changing.
At Salesforce, Agentforce enables these digital agents to continuously monitor and evaluate our security posture. They process vast volumes of data in real time to detect anomalies, uncover vulnerabilities, and even simulate attack scenarios. This proactive, scalable approach allows us to identify and respond to threats faster than ever before. Moreover, agentic AI accelerates Salesforce’s ability to adapt to evolving regulatory landscapes by automating policy reviews, compliance checks, and ensuring strict adherence to standards like PCI.
Ultimately, it’s about creating seamless, personalized interactions while maintaining a robust, secure, and compliant environment across all systems.
Interested in learning more? Register now to see James Huang speak at the 2025 North America Community Meeting where he will deliver his AI-themed presentation, The Future of Governance: Leveraging Automation to Enhance Security.
