The importance of staying ahead of adversarial AI threats in the travel, software, and services industry cannot be overstated. CISOs, like David Levin from American Express Global Business Travel (Amex GBT), are leading the charge in implementing innovative cybersecurity measures to combat these evolving threats.
Amex GBT’s approach to AI governance and security is a model for organizations looking to navigate the complex intersection of AI and cybersecurity. By embedding security into every phase of AI deployment and managing shadow AI effectively, Levin and his team are setting a high standard for proactive cybersecurity measures.
In a recent interview with VentureBeat, Levin shared insights on how Amex GBT is leveraging AI to enhance threat detection and SOC operations. By integrating AI into their workflows, they are able to detect malicious behavior faster and prioritize high-risk alerts for their analysts. This approach not only improves efficiency but also enables faster response to threats.
Additionally, Levin highlighted the importance of working with managed security partners like CrowdStrike OverWatch to augment their internal SOC capabilities. AI serves as a force multiplier for both in-house and external teams, enabling them to detect and respond to threats more effectively.
When it comes to AI governance, Amex GBT follows the NIST AI Risk Management Framework and has established a cross-functional governance committee to ensure that AI projects meet their security standards. By systematically assessing and mitigating AI-related risks, they are able to deploy AI solutions that are secure and compliant.
Handling shadow AI and ensuring employee compliance with security policies is another key focus for Levin and his team. By implementing clear policies, leveraging technical controls, and providing training, they are able to prevent unauthorized AI usage while still encouraging innovation.
In deploying AI for security, Amex GBT faces technical challenges such as data security, model drift, and adversarial testing. By encrypting sensitive data, monitoring for model drift, and conducting adversarial testing, they are able to ensure the effectiveness and reliability of their AI systems.
AI is changing the role of the CISO, making them more of a strategic business enabler than just a compliance gatekeeper. By actively guiding innovation and working closely with executives and product teams, CISOs like Levin are driving responsible AI adoption within their organizations.
Looking ahead, Levin sees AI playing a crucial role in the future of cybersecurity. He envisions autonomous SOC workflows, predictive security models, and enhanced vendor solutions driven by AI. As AI continues to evolve, strong governance and continuous improvement will be essential for staying ahead of emerging threats.
Overall, the integration of AI into cybersecurity practices is a paradigm shift that promises stronger defenses and faster innovation for organizations like Amex GBT. By embracing AI thoughtfully and responsibly, security leaders can gain a competitive edge in protecting their enterprises at scale.
