Visa CISO Subra Kumaraswamy Discusses Securing Commerce and Combating Fraud in an AI-Driven World
The landscape of global payments is undergoing a seismic shift as artificial intelligence (AI) reshapes both cybersecurity and commerce. Subra Kumaraswamy, the Chief Information Security Officer (CISO) at Visa, emphasized the critical importance of trust in securing transactions while adapting to a rapidly evolving threat environment. In a recent dialogue at the RSAC Conference 2026, Kumaraswamy dissected the dual-edged nature of AI, portraying it as a powerful tool for both attackers and defenders.
Evolving Threats in the Age of AI
Historically, AI has been instrumental in various facets of cybersecurity, particularly in fraud detection. However, the emergence of generative AI has revolutionized the threat landscape dramatically. Kumaraswamy noted that attackers are now able to operate at an unprecedented scale, automating the discovery of vulnerabilities and executing exploits with an alarming speed. This evolution includes the use of autonomous agents—intelligent algorithms that can carry out attacks without human intervention, further complicating the efforts of cybersecurity professionals.
"What has changed in the last three years since the advent of ChatGPT is the emergence of generative AI, which has created an entirely different dynamic for both attackers and defenders. AI is enabling bad actors to operate at scale," Kumaraswamy stated, encapsulating the new reality faced by organizations worldwide. This disturbing trend requires that defenders evolve their strategies, leveraging AI’s capabilities to match or exceed the pace and complexity of threats.
A Shift in Defensive Tactics
To combat the enhanced capabilities of cybercriminals, Kumaraswamy emphasizes the need for organizations to utilize AI-driven security measures. These advanced systems can enhance threat detection, automate responses, and facilitate a shift toward proactive threat hunting. By harnessing AI, organizations can empower their security teams to focus on identifying potential threats before they escalate into serious breaches.
Furthermore, Kumaraswamy pointed out the necessity of fostering trust in AI-driven commerce, where intelligent agents operate on behalf of users within established parameters. This need for trust is paramount as organizations seek to integrate AI into their operations without compromising security or user confidence.
Building Trust in AI and Transaction Security
In a world where transactions are increasingly managed by AI, Kumaraswamy remarked on the dual challenges that organizations face: the need to promote innovation while ensuring secure and trustworthy systems. He articulated a future where AI not only contributes to operational efficiency but also fortifies the integrity of transactions.
For this vision to convert into reality, organizations must prioritize establishing a foundation of trust, which involves creating transparent systems that users can rely upon. This is particularly crucial in financial services, where the stakes are high, and breaches can lead to significant financial and reputational damage.
Key Takeaways from the Discussion
During the information-rich interview with Information Security Media Group, several critical points emerged:
-
The Accelerated Scaling of Fraud: AI’s role in enabling attackers to quickly exploit vulnerabilities has significantly changed the cybersecurity landscape.
-
Expansion of Risk through Autonomous Agents: The implementation of autonomous agents within systems broadens potential attack vectors, requiring a reevaluation of risk management strategies.
- Advantages of AI in Security Operations: AI can greatly enhance capabilities in threat detection, adaptive responses, and the development of proactive defenses.
As the conversation around cybersecurity continues, Kumaraswamy’s insights offer a roadmap for navigating the complexities of an AI-driven future. His extensive experience—spanning over 30 years in security leadership across renowned organizations like Apigee, Intuit, eBay, and Sun Microsystems—underscores his credibility in addressing these pressing challenges. His expertise in areas such as zero trust, authentication, and cloud security further enriches the dialogue surrounding the necessary adaptations organizations must undertake in order to secure their digital environments effectively.
As we move deeper into an era increasingly accentuated by AI, the public and private sectors must unite in their commitment to evolve cybersecurity measures. Fostering collaboration among technological innovators, financial institutions, and regulatory bodies will be essential to address the sophisticated threats posed by cybercriminals while ensuring trust remains central to global commerce.