SC Awards Finalist provides new privacy and risk management controls to enforce PCI DSS 4.0.1 compliance for first- and third-party AI applications

MOUNTAIN VIEW, Calif.: WitnessAI, creator of the first enablement platform for safe AI use, and a finalist for the SC Awards for Best Compliance Solution, today announced the release of WitnessAI 2.0, offering five key updates for organizations looking to remain compliant with regulations such as the Payment Card Industry Data Security Standard (PCI DSS) while adopting enterprise AI tools.

• PCI DSS-Specific Controls and Reports: AI activity controls mapped directly to PCI DSS 4.0.1, including payment card data loss prevention.
• Remote Employee Controls: The industry’s first and only zero-install, agentless and proxy-less capability for AI observability and policy control. This feature ensures compliance in remote, traveling, or hybrid environments.
• Regulatory Risk Analytics: Behavioral and runtime analytics can provide insight into best practices, potential risks, and areas for improvement as organizations develop their AI strategies and put them into practice.
• AI Insider Threat Detection: By analyzing conversations over time and across AI applications, WitnessAI can detect compromised or malicious user accounts likely to cause data breach or theft.
• Executive Privacy Mode: Applications like Microsoft Copilot can share data in unexpected and insecure ways. Executives can now leverage Copilot and other AI tools with enhanced privacy controls, keeping internal AI conversations private.

“Too often, AI regulatory compliance focuses on future-facing regulations such as the EU AI Act," said Rick Caccia, CEO and Co-founder at WitnessAI. “But employee AI usage brings significant risk to the regulations, such as PCI DSS, that companies face today. With WitnessAI 2.0, any organization subject to PCI DSS can ensure complete compliance and easy reporting of control effectiveness.”

The PCI Security Standards Council recently released guidelines for 'Integrating Artificial Intelligence in PCI Assessments,' demonstrating growing recognition of AI's role in payment security ecosystems. Under PCI DSS 4.0.1, organizations must carefully scope and secure all systems that 'could impact the security of the CDE' (Cardholder Data Environment) - a criterion that implicitly includes AI tools with access to sensitive environments. WitnessAI provides the visibility, control, and protection needed to ensure that these AI interactions comply with PCI requirements, helping organizations maintain regulatory compliance while safely leveraging AI capabilities.

"The ability to enforce AI use policies regardless of where employees work is critical for PCI compliance," stated David Neuman, Senior Analyst, TAG Infosphere. "The new guidelines around AI use in PCI assessments will become an increasingly significant concern for organizations, even as they continue to adapt to PCI DSS 4.0.1 requirements. Organizations face real challenges in ensuring compliance when employees work away from the corporate network, like during travel or just working from home. Maintaining flexibility while having complete confidence in compliance posture isn't just desirable, it's a business necessity."

As more organizations grapple with the complexities of maintaining compliance and preventing data loss, innovative solutions become paramount. This is precisely why FinTech provider InComm Payments turned to WitnessAI.

"We’re focused on ensuring intellectual property and sensitive information isn’t accidentally leaked,” said Jonathan Kennedy, CISO at InComm Payments. “We knew we needed a way to maintain security and compliance while encouraging our teams to leverage modern approaches with GenAI applications. We chose WitnessAI because they help us achieve just that with our diverse portfolio. Our compliance, data-loss prevention, and privacy teams now have total visibility and confidence in our AI security. We’re reducing risk while maximizing our productivity because of WitnessAI.”

WitnessAI is designed to address unique and ongoing compliance challenges of AI in regulated environments, offering a platform that will evolve with AI regulations as they emerge. The WitnessAI Secure AI Enablement Platform was recognized as a 2025 SC Awards finalist in the “Best Compliance Solution” category, showing a proven dedication to helping businesses navigate the intersection between AI innovation and compliance.

View the full list of 2025 SC Awards finalists here: https://www.scworld.com/news/2025-sc-awards-finalists-best-compliance-solution

WitnessAI is in use by global organizations today, detecting shadow AI, providing full visibility into user activity, and protecting users and data from loss and harm. Security and privacy leaders interested in a demonstration of the WitnessAI platform can contact the company at demo@witness.ai.

About WitnessAI

WitnessAI enables safe and effective adoption of enterprise AI, through security and governance guardrails for public and private LLMs. The WitnessAI Secure AI Enablement Platform provides visibility of employee AI use, control of that use via AI-oriented policy, and protection of that use via data and topic security. Learn more at https://witness.ai.

Fonte: Business Wire