The AI Exchange: Innovators in Payment Security Featuring Soft Space
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
In this edition of The AI Exchange, Soft Space CTO, Nicholas Lim, offers insight into how his company is using AI, and how this rapidly growing technology is shaping the future of payment security.
How have you most recently incorporated artificial intelligence within your organization?
We are still in the experimental phase, but we have started pilots that use AI to support engineering, operations, and compliance workflows. We rely on both local and public LLM models depending on data sensitivity. AI assists with documentation, code analysis, operational insights, and interpreting security and compliance requirements. The focus is on building a safe foundation that respects data boundaries and regulatory expectations.
What is the most significant change you’ve seen in your organization since AI-use has become so much more prevalent?
The biggest shift is behavioral. Teams are becoming more automation-first, more proactive, and more deliberate in how they plan their work. AI has accelerated knowledge acquisition, helping individuals understand complex systems faster before execution. It hasn’t replaced thinking; it has improved the quality of it.
How do you see AI evolving or impacting payment security in the future?
AI will magnify both defense and attack capabilities. While it can help detect weaknesses or misconfigurations earlier, it also enables attackers to exploit inherent weaknesses faster or create entirely new vectors. This increases the importance of strong payment security fundamentals, continuous monitoring, and disciplined control implementation.
What potential risks should organizations consider as AI becomes more integrated into payment security?
AI introduces new risk surfaces, including governance gaps, model integrity issues, privacy considerations, and the possibility of overreliance on automated outputs. Payment environments must ensure AI operates within strict data boundaries, is auditable, and does not become an uncontrolled component of the ecosystem.
Equally important, organizations must retain strong human verification and the skills needed to assess and challenge AI-generated outputs. These verification checkpoints should be intentionally built into processes, especially in security-sensitive or regulated payment environments.
What advice would you provide for an organization just starting their journey into using AI?
Always start with experiments and keep it simple:
- Start with one clear, meaningful use case.
- Identify internal champions to drive adoption responsibly.
- Establish guardrails early. Do not reinvent the view – instead refer to existing publications such as ISO 38507, ISO 42001 and other related guidance.
- Frame AI as augmentation, not replacement.
- Explicitly maintain human verification checkpoints.
What AI trend (not limited to payments) are you most excited about?
Agentic AI. The capability to observe, reason, and take actions within defined boundaries can enhance team performance. With proper safeguards, this enables rapid transformation of an organization in areas such as operational resilience, elevate overall organization performance, and improve cross team communication (reduce communication discrepancies) without compromising security or compliance principles.
About Author
