Bayer’s Strategic Transformation: AI at the Heart of Workforce Security
The life sciences company Bayer is rapidly redefining its security strategy amidst the burgeoning influence of artificial intelligence (AI). The firm has set its sights on becoming one of Europe’s foremost agentic deployment organizations within the pharmaceutical sector, and AI is at the forefront of that transformation. Speaking at Infosecurity Europe 2026, Kevin Jones, Bayer’s Chief Information Security Officer (CISO), elaborated on the groundbreaking approaches the company is implementing to safeguard its workforce against AI-driven threats.
In his address, Jones emphasized a significant departure from traditional security training methods. The conventional approach, heavily reliant on checklist-style guidelines that instruct employees to detect spelling errors, suspicious URLs, or unusual attachments, is no longer adequate. This is primarily due to the evolution of cybercriminal tactics; attackers have now mastered linguistic nuances across multiple languages and employ AI tools to craft convincing communications. Jones articulated this issue succinctly, stating, “Attackers have learnt to spell, in five different languages, all in real time, and it’s all generated with AI at scale.”
To combat these increasingly sophisticated threats, Jones and his team have shifted their focus to the human element of security, emphasizing a psychology-first approach. Employees are now being trained to recognize psychological manipulation techniques used by adversaries. This training encourages them to be vigilant—asking whether they are being pressured or whether the purported authority is legitimate. “Stop and pause and think,” he urged, highlighting the importance of critical thinking before succumbing to operational pressure.
One illustrative example highlighted by Jones involved the Chief Financial Officer (CFO) of Bayer’s Europe, Middle East, and Africa region, who received a convincingly deceptive phone call from an individual posing as their global CFO. Due to the effective new training that emphasized psychological awareness, the incident was reported, leading to zero financial loss for the company. This incident underscored the efficacy of reframing security awareness to focus on adversary psychology, demonstrating how such training can empower employees to act as a robust first line of defense against realistic social engineering attempts.
Integrating AI Competence into Employee Training Regimens
Bayer’s commitment to preparing its workforce for the AI revolution extends beyond simply enhancing awareness about threats. Jones explained that the company has implemented a tiered access model that ties AI competence directly to training completion. Employees must engage with role-specific training modules before gaining access to internal AI platforms such as myGenAssist—Bayer’s proprietary response to commercial generative AI tools. This model not only incentivizes completion of training but also allows the security team to monitor usage and data more effectively.
In merging AI capabilities with security operations, Jones envisions a future where Security Operations Center (SOC) analysts transition from manual triage processes to a state of supervised automation. Acknowledging the speed at which AI agents can operate, he suggests that SOC teams will evolve from being merely human-in-the-loop operators to becoming human-on-the-loop managers within the next two to three years. This shift necessitates the development of new operational playbooks and additional training protocols aimed at empowering analysts to effectively manage AI agents rather than solely relying on them as co-pilots.
“Think of SOCs less as security operations centers and more as cyber resilience centers,” Jones urged. He highlighted the future need for these centers to adapt dynamically, ensuring resilience in cybersecurity measures by implementing proactive changes within organizational frameworks.
Strengthening Third-Party Relationships and Contractual Obligations
Bayer’s security overhaul also underscores the necessity of strong external partnerships rooted in AI competence and ethical practices. Jones indicated that stringent obligations now accompany third-party relationships, requiring all suppliers to complete AI training before gaining tiered access to systems like myGenAssist. The establishment of an internal AI Governance Council further accentuates Bayer’s commitment to purposeful and strategic AI deployment, setting standards suppliers must meet to integrate with Bayer’s ecosystem.
Moreover, procurement contracts have been revised to include security annexes specific to AI operations. These amendments mandate suppliers to disclose their usage of Bayer’s data, the AI tools employed, and any incidents that may arise. Each of these contractual stipulations is aimed at enhancing transparency and ensuring a secure collaboration framework, reflecting a non-negotiable stance on accountability.
In conclusion, Bayer’s comprehensive approach to integrating AI into its workforce and security strategies reflects a clear commitment to both innovation and security. As the organization strides towards becoming a leader in the pharmaceutical industry, its efforts to empower employees and fortify external partnerships demonstrate a robust framework poised to navigate the complexities of the modern digital landscape. With a focus on psychology, structured training, and stringent governance, Bayer is setting a precedent for how organizations can effectively adapt to the challenges posed by the AI revolution.