AI & Data Companies
AI and data companies face risks that standard control sets often miss: prompt injection, sensitive information disclosure, model and data poisoning, supply-chain vulnerabilities, and excessive agent autonomy.
Our approach: Standard PCI DSS v4.0.1 readiness first. AI and data-specific hardening second. The advisory modules below are optional enhancements on top of mandatory controls.
Standard Controls vs. AI/Data Enhancements
Standard PCI DSS v4.0.1 Readiness
Mandatory controls required for compliance:
- Logical access and privileged access
- Change management
- Incident response
- Risk management
- Vendor management
- Backup and availability
- Logging and monitoring
- Confidentiality and privacy (where applicable)
View all control domains →
AI/Data Advisory Enhancements
Optional modules justified by AI-risk frameworks:
- Data lineage and training data governance
- Prompt/response telemetry
- RAG and retrieval governance
- Model/provider vendor review
- Agent approval gates
- AI-assisted SDLC controls
- Warehouse and analytics governance
Advisory Modules
Each module adds specific controls and documentation practices to address risks unique to AI and data-intensive products.
AI-Assisted SDLC Controls
PCI DSS Req 6 requires secure development practices; AI-assisted coding introduces risks of exposing cardholder data patterns in generated code and bypassing established change control processes.
What This Module Adds
- Code review gates for AI-generated code that interacts with cardholder data or CDE components
- Prohibition on using production PAN or SAD in AI coding prompts or training data
- Secure coding standard addendum covering AI-specific risks (injection via prompt, data leakage in suggestions)
- Change control documentation requirements for AI-assisted modifications to CDE applications
- SAST/DAST scan requirements specifically targeting AI-generated code before deployment
Human Review & Agent Gates
Automated systems accessing the CDE require oversight to prevent unauthorized data access; PCI DSS Req 7 (need-to-know access) and Req 10 (audit trails) mandate accountability that autonomous agents cannot self-provide.
What This Module Adds
- Human approval gates before any automated agent accesses cardholder data or modifies CDE configurations
- Agent action logging with the same audit trail granularity required by Req 10 for human users
- Privilege boundaries preventing agents from escalating their own access within the CDE
- Kill-switch mechanisms for immediate termination of agent sessions accessing payment systems
Model Provider & Vendor Risk
Third-party AI providers with access to cardholder data or CDE systems fall under PCI DSS Req 12.8 service provider management and must be assessed for compliance with all applicable requirements.
What This Module Adds
- PCI DSS compliance attestation requirements for AI/ML vendors processing or accessing cardholder data
- Contractual obligations specifying vendor responsibilities for each applicable PCI DSS requirement
- Data flow mapping documenting where cardholder data is transmitted to, processed by, or stored at vendor systems
- Annual review of vendor PCI DSS compliance status and AOC/SAQ documentation
- Incident notification clauses requiring vendor disclosure of breaches affecting cardholder data within 24 hours
Prompt & Response Logging
PCI DSS Req 10 audit trail requirements extend to all system interactions involving cardholder data, including AI system prompts and responses that may contain or reference PAN or account data.
What This Module Adds
- Logging of all AI prompts and responses that interact with CDE systems or reference cardholder data
- PAN masking in prompt/response logs to prevent audit trails from becoming a secondary data store
- Retention of AI interaction logs for the same 12-month period required by Req 10 for other audit trails
- Access controls on prompt/response logs equivalent to controls on cardholder data storage
RAG & Vector Store Controls
Vector stores containing PAN, cardholder data, or data derived from cardholder data must meet Req 3 storage protection requirements and Req 7 access restrictions as in-scope CDE components.
What This Module Adds
- Classification of vector stores as CDE components when they contain embeddings derived from cardholder data
- Encryption-at-rest requirements for vector databases equivalent to Req 3 PAN protection standards
- Access controls on vector store queries preventing unauthorized retrieval of cardholder data fragments
- Data minimization review before ingesting any cardholder data into RAG pipelines
- Retention policies for vector stores aligned with Req 3 data retention and disposal requirements
Training & Inference Data Governance
Using cardholder data for model training violates Req 3 data minimization principles unless the data is properly tokenized, encrypted, or anonymized to a degree that renders PAN unrecoverable.
What This Module Adds
- Prohibition on using raw PAN or SAD in model training datasets
- Data anonymization and tokenization requirements before cardholder data enters training pipelines
- Inference input validation preventing PAN from being submitted in model queries
- Model output filtering to prevent generated responses from containing valid PAN patterns
- Training data retention and disposal policies aligned with Req 3 minimization requirements
Warehouse & Analytics Governance
Analytics warehouses processing cardholder data or CDE-derived datasets fall within PCI DSS scope and must meet all 12 requirements including network segmentation (Req 1), access controls (Req 7), and audit trails (Req 10).
What This Module Adds
- CDE scoping assessment for analytics warehouses receiving cardholder data feeds
- Network segmentation between analytics environments and the production CDE
- Column-level access controls preventing unauthorized access to PAN fields in analytical datasets
- Data masking and tokenization requirements for cardholder data used in reporting and dashboards
- Audit logging of all analytical queries touching cardholder data fields
Need AI-Specific Readiness Support?
We help AI and data companies build a control environment that satisfies enterprise buyers and addresses the unique risks of AI products.
Get in Touch