VentureBeat recently conducted a virtual interview with Jerry R. Geisler III, the Executive Vice President and Chief Information Security Officer at Walmart Inc., to delve into the cybersecurity challenges faced by the world’s largest retailer as AI systems grow more autonomous.
The conversation covered securing agentic AI systems, modernizing identity management, and the crucial lessons from building Element AI, Walmart’s centralized AI platform. Geisler provided an honest perspective on addressing unprecedented security challenges, from countering AI-enhanced cyber threats to managing security within a vast hybrid multi-cloud infrastructure. His startup mindset for revamping identity and access management systems offers invaluable insights for enterprises.
Leading security efforts for a company operating at Walmart’s scale across Google Cloud, Azure, and private cloud environments, Geisler brings unique insights into implementing Zero Trust architectures and developing what he calls “velocity with governance,” allowing rapid AI innovation within a reliable security framework. The architectural choices during the development of Element AI have shaped Walmart’s strategy for centralizing new AI technologies.
AI Scaling Hits Its Limits
Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:
– Turning energy into a strategic advantage
– Architecting efficient inference for real throughput gains
– Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead: https://bit.ly/4mwGngO
VentureBeat: As generative and agentic AI become increasingly autonomous, how will your existing governance and security guardrails evolve to address emerging threats and unintended model behaviors?
Jerry R. Geisler III: The adoption of agentic AI introduces entirely new security threats that bypass traditional controls. These risks involve data exfiltration, autonomous misuse of APIs, and covert cross-agent collusion, which could disrupt enterprise operations or breach regulatory mandates. Our strategy is to build robust, proactive security controls using advanced AI Security Posture Management (AI-SPM), ensuring continuous risk monitoring, data protection, regulatory compliance, and operational trust.
VB: Given the limitations of traditional RBAC in dynamic AI settings, how is Walmart refining its identity management and Zero Trust architectures to provide granular, context-sensitive data access?
Geisler: An environment of our size requires a specialized approach, often necessitating a startup mindset. Our team regularly re-evaluates with questions like, “If we were a new company starting from scratch, what would we build?” Identity & access management (IAM) has evolved over the past 30+ years, focusing on modernizing our IAM stack for simplification. While related to yet distinct from Zero Trust, our principle of least privilege remains unchanged.
We are encouraged by the emergence of protocols like MCP and A2A, which acknowledge our security challenges and actively work to implement granular, context-sensitive access controls. These enable real-time access decisions based on identity, data sensitivity, and risk, using short-lived, verifiable credentials. This ensures that every agent, tool, and request is evaluated continuously, embodying Zero Trust principles.
VB: How specifically does Walmart’s extensive hybrid multi-cloud infrastructure (Google, Azure, private cloud) shape your approach to Zero Trust network segmentation and micro-segmentation for AI workloads?
Geisler: Segmentation is based on identity rather than network location. Access policies are consistent across cloud and on-premises environments. With protocols like MCP and A2A, service edge enforcement is now standardized, ensuring uniform application of zero trust principles.
VB: With AI lowering barriers for advanced threats such as sophisticated phishing, what AI-driven defenses is Walmart actively deploying to detect and mitigate these evolving threats proactively?
Geisler: Walmart is focused on staying ahead of the threat curve, with adversaries increasingly using generative AI to craft convincing phishing campaigns. We leverage similar technology in adversary simulation campaigns to build resilience proactively against such attack vectors.
We’ve integrated advanced machine learning models into our security stack to identify behavioral anomalies and detect phishing attempts. Beyond detection, we proactively use generative AI to simulate attack scenarios and pressure-test our defenses by integrating AI extensively in our red-teaming at scale.
By pairing people and technology, we help ensure our associates and customers remain protected as the digital landscape changes.
VB: Given Walmart’s extensive use of open-source AI models in Element AI, what unique cybersecurity challenges have you identified, and how is your security strategy evolving to address them at enterprise scale?
Geisler: Segmentation is based on identity rather than network location. Access policies are consistent across cloud and on-premises environments. With protocols like MCP and A2A, service edge enforcement has become standardized, ensuring uniform application of zero trust principles.
VB: Considering Walmart’s scale and continuous operations, what advanced automation or rapid-response measures are you implementing to manage simultaneous cybersecurity incidents across your global infrastructure?
Geisler: Operating at Walmart’s scale means security must be swift and frictionless. To achieve this, we’ve embedded intelligent automation into our incident response program. Using SO