WitnessAI 2.0 boosts PCI DSS compliance & AI risk controls

WitnessAI has announced the release of WitnessAI 2.0, offering new tools to help enterprises meet PCI DSS 4.0.1 compliance requirements while integrating AI technologies.

The updated platform introduces five significant features: PCI-specific AI controls with measures to prevent payment data loss, agentless and proxy-less policy enforcement for remote employees, risk analytics for AI usage, detection of insider threats across AI platforms, and a privacy mode tailored for applications such as Microsoft Copilot.

The release of WitnessAI 2.0 comes as organisations face increased obligations under revised PCI DSS standards to address risks presented by artificial intelligence tools. The PCI Security Standards Council recently issued new guidelines outlining how AI should factor into PCI assessments, highlighting the need to control and monitor all technologies with access to cardholder data environments.

The company's new update features PCI DSS-specific controls and reporting, which align AI activity with the 4.0.1 standard and incorporate focused protections against payment card data loss. Additionally, the platform's remote employee controls support compliance for staff working in hybrid, remote, or travelling situations without requiring software installation or changes to network architecture.

Behavioural and runtime analytics form part of the regulatory risk analytics tools, offering organisations detailed insights to identify and remedy potential compliance gaps as they expand their use of AI. Insider threat detection capabilities use analysis of user interactions over time and across AI systems to flag compromised or malicious accounts that could lead to breaches.

Privacy controls have also been enhanced, with an executive privacy mode designed to protect confidential internal discussions on AI platforms, specifically catering to tools like Microsoft Copilot.

Rick Caccia, Chief Executive Officer and Co-founder of WitnessAI, commented on the regulatory compliance landscape with artificial intelligence: "Too often, AI regulatory compliance focuses on future-facing regulations such as the EU AI Act. But employee AI usage brings significant risk to the regulations, such as PCI DSS, that companies face today. With WitnessAI 2.0, any organisation subject to PCI DSS can ensure complete compliance and easy reporting of control effectiveness."

David Neuman, Senior Analyst at TAG Infosphere, highlighted organisations' shifting work environment and compliance issues. He said, "The ability to enforce AI use policies regardless of where employees work is critical for PCI compliance. The new guidelines around AI use in PCI assessments will become an increasingly significant concern for organisations, even as they continue to adapt to PCI DSS 4.0.1 requirements."

Jonathan Kennedy, Chief Information Security Officer at InComm Payments, shared his organisation's experience using WitnessAI. "We're focused on ensuring intellectual property and sensitive information isn't accidentally leaked. WitnessAI helps us achieve security and compliance with our diverse portfolio, reducing risk while maximising productivity."

WitnessAI's platform is designed to help regulated industries manage compliance and security as they introduce AI into their workflows. Its recognition as a finalist in the Best Compliance Solution category at the 2025 SC Awards underscores its position in supporting organisations navigating established and emerging artificial intelligence regulations.