Latest news with #RickCaccia
Techday NZ
05-05-2025
- Business
- Techday NZ
WitnessAI 2.0 boosts PCI DSS compliance & AI risk controls
WitnessAI has announced the release of WitnessAI 2.0, offering new tools to help enterprises meet PCI DSS 4.0.1 compliance requirements while integrating AI technologies. The updated platform introduces five significant features: PCI-specific AI controls with measures to prevent payment data loss, agentless and proxy-less policy enforcement for remote employees, risk analytics for AI usage, detection of insider threats across AI platforms, and a privacy mode tailored for applications such as Microsoft Copilot. The release of WitnessAI 2.0 comes as organisations face increased obligations under revised PCI DSS standards to address risks presented by artificial intelligence tools. The PCI Security Standards Council recently issued new guidelines outlining how AI should factor into PCI assessments, highlighting the need to control and monitor all technologies with access to cardholder data environments. The company's new update features PCI DSS-specific controls and reporting, which align AI activity with the 4.0.1 standard and incorporate focused protections against payment card data loss. Additionally, the platform's remote employee controls support compliance for staff working in hybrid, remote, or travelling situations without requiring software installation or changes to network architecture. Behavioural and runtime analytics form part of the regulatory risk analytics tools, offering organisations detailed insights to identify and remedy potential compliance gaps as they expand their use of AI. Insider threat detection capabilities use analysis of user interactions over time and across AI systems to flag compromised or malicious accounts that could lead to breaches. Privacy controls have also been enhanced, with an executive privacy mode designed to protect confidential internal discussions on AI platforms, specifically catering to tools like Microsoft Copilot. Rick Caccia, Chief Executive Officer and Co-founder of WitnessAI, commented on the regulatory compliance landscape with artificial intelligence: "Too often, AI regulatory compliance focuses on future-facing regulations such as the EU AI Act. But employee AI usage brings significant risk to the regulations, such as PCI DSS, that companies face today. With WitnessAI 2.0, any organisation subject to PCI DSS can ensure complete compliance and easy reporting of control effectiveness." David Neuman, Senior Analyst at TAG Infosphere, highlighted organisations' shifting work environment and compliance issues. He said, "The ability to enforce AI use policies regardless of where employees work is critical for PCI compliance. The new guidelines around AI use in PCI assessments will become an increasingly significant concern for organisations, even as they continue to adapt to PCI DSS 4.0.1 requirements." Jonathan Kennedy, Chief Information Security Officer at InComm Payments, shared his organisation's experience using WitnessAI. "We're focused on ensuring intellectual property and sensitive information isn't accidentally leaked. WitnessAI helps us achieve security and compliance with our diverse portfolio, reducing risk while maximising productivity." WitnessAI's platform is designed to help regulated industries manage compliance and security as they introduce AI into their workflows. Its recognition as a finalist in the Best Compliance Solution category at the 2025 SC Awards underscores its position in supporting organisations navigating established and emerging artificial intelligence regulations.
Business Wire
30-04-2025
- Business
- Business Wire
WitnessAI 2.0 Delivers New Regulatory Compliance Capabilities to Support Safe AI Adoption
MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)-- WitnessAI, creator of the first enablement platform for safe AI use, and a finalist for the SC Awards for Best Compliance Solution, today announced the release of WitnessAI 2.0, offering five key updates for organizations looking to remain compliant with regulations such as the Payment Card Industry Data Security Standard (PCI DSS) while adopting enterprise AI tools. PCI DSS-Specific Controls and Reports: AI activity controls mapped directly to PCI DSS 4.0.1, including payment card data loss prevention. Remote Employee Controls: The industry's first and only zero-install, agentless and proxy-less capability for AI observability and policy control. This feature ensures compliance in remote, traveling, or hybrid environments. Regulatory Risk Analytics: Behavioral and runtime analytics can provide insight into best practices, potential risks, and areas for improvement as organizations develop their AI strategies and put them into practice. AI Insider Threat Detection: By analyzing conversations over time and across AI applications, WitnessAI can detect compromised or malicious user accounts likely to cause data breach or theft. Executive Privacy Mode: Applications like Microsoft Copilot can share data in unexpected and insecure ways. Executives can now leverage Copilot and other AI tools with enhanced privacy controls, keeping internal AI conversations private. 'Too often, AI regulatory compliance focuses on future-facing regulations such as the EU AI Act," said Rick Caccia, CEO and Co-founder at WitnessAI. 'But employee AI usage brings significant risk to the regulations, such as PCI DSS, that companies face today. With WitnessAI 2.0, any organization subject to PCI DSS can ensure complete compliance and easy reporting of control effectiveness.' The PCI Security Standards Council recently released guidelines for ' Integrating Artificial Intelligence in PCI Assessments,' demonstrating growing recognition of AI's role in payment security ecosystems. Under PCI DSS 4.0.1, organizations must carefully scope and secure all systems that 'could impact the security of the CDE' (Cardholder Data Environment) - a criterion that implicitly includes AI tools with access to sensitive environments. WitnessAI provides the visibility, control, and protection needed to ensure that these AI interactions comply with PCI requirements, helping organizations maintain regulatory compliance while safely leveraging AI capabilities. "The ability to enforce AI use policies regardless of where employees work is critical for PCI compliance," stated David Neuman, Senior Analyst, TAG Infosphere. "The new guidelines around AI use in PCI assessments will become an increasingly significant concern for organizations, even as they continue to adapt to PCI DSS 4.0.1 requirements. Organizations face real challenges in ensuring compliance when employees work away from the corporate network, like during travel or just working from home. Maintaining flexibility while having complete confidence in compliance posture isn't just desirable, it's a business necessity." As more organizations grapple with the complexities of maintaining compliance and preventing data loss, innovative solutions become paramount. This is precisely why FinTech provider InComm Payments turned to WitnessAI. "We're focused on ensuring intellectual property and sensitive information isn't accidentally leaked,' said Jonathan Kennedy, CISO at InComm Payments. 'We knew we needed a way to maintain security and compliance while encouraging our teams to leverage modern approaches with GenAI applications. We chose WitnessAI because they help us achieve just that with our diverse portfolio. Our compliance, data-loss prevention, and privacy teams now have total visibility and confidence in our AI security. We're reducing risk while maximizing our productivity because of WitnessAI.' WitnessAI is designed to address unique and ongoing compliance challenges of AI in regulated environments, offering a platform that will evolve with AI regulations as they emerge. The WitnessAI Secure AI Enablement Platform was recognized as a 2025 SC Awards finalist in the 'Best Compliance Solution' category, showing a proven dedication to helping businesses navigate the intersection between AI innovation and compliance. View the full list of 2025 SC Awards finalists here: WitnessAI is in use by global organizations today, detecting shadow AI, providing full visibility into user activity, and protecting users and data from loss and harm. Security and privacy leaders interested in a demonstration of the WitnessAI platform can contact the company at demo@ WitnessAI enables safe and effective adoption of enterprise AI, through security and governance guardrails for public and private LLMs. The WitnessAI Secure AI Enablement Platform provides visibility of employee AI use, control of that use via AI-oriented policy, and protection of that use via data and topic security. Learn more at
