Are you looking for smarter insights delivered straight to your inbox? Subscribe to our weekly newsletters for essential updates on enterprise AI, data, and security.
Exclusive Insights from Walmart’s CISO
Recently, VentureBeat conducted a virtual interview with Jerry R. Geisler III, the Executive Vice President and Chief Information Security Officer at Walmart Inc. The discussion centered around the cybersecurity challenges faced by the world’s largest retailer as artificial intelligence becomes more autonomous. Geisler shared his thoughts on securing agentic AI systems, modernizing identity management, and the crucial lessons learned from developing Element AI, Walmart’s centralized AI platform.
Geisler offered a candid perspective on how the company is addressing unprecedented security challenges, including defending against AI-enhanced cyber threats and managing security across a vast hybrid multi-cloud infrastructure. His startup mindset approach to revamping identity and access management systems provides valuable insights for enterprises of all sizes. Leading security for a company of Walmart’s scale, which operates across Google Cloud, Azure, and private cloud environments, Geisler has unique insights into implementing Zero Trust architectures. He emphasizes the importance of achieving “velocity with governance,” which allows for rapid AI innovation within a secure framework.
The architectural decisions made during the development of Element AI have significantly influenced Walmart’s overall strategy for centralizing emerging AI technologies. Below are excerpts from our interview with Geisler.
Navigating AI Challenges
As enterprise AI faces limitations such as power caps, rising token costs, and inference delays, organizations must adapt. Join our exclusive salon to learn how leading teams are:
– Transforming energy into a strategic advantage
– Designing efficient inference for genuine throughput gains
– Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead: https://bit.ly/4mwGngO
Evolving Security Measures
VentureBeat: As generative and agentic AI become increasingly autonomous, how will your existing governance and security guardrails evolve to address emerging threats and unintended model behaviors?
Jerry R. Geisler III: The rise of agentic AI presents entirely new security threats that can bypass traditional controls. These risks include data exfiltration, autonomous misuse of APIs, and covert cross-agent collusion, potentially disrupting enterprise operations or violating regulatory requirements. Our strategy focuses on building robust, proactive security controls through advanced AI Security Posture Management (AI-SPM), ensuring continuous risk monitoring, data protection, regulatory compliance, and operational trust.
Refining Identity Management
VentureBeat: Given the limitations of traditional role-based access control (RBAC) in dynamic AI settings, how is Walmart refining its identity management and Zero Trust architectures to provide granular, context-sensitive data access?
Geisler: Operating at our scale requires a customized approach, often driven by a startup mindset. Our team frequently asks, “If we were starting from scratch, what would we build?” Identity and access management (IAM) has evolved significantly over the past 30 years, and our focus is on modernizing our IAM stack for simplicity. While related to Zero Trust, our principle of least privilege remains unchanged. We are encouraged by the evolution and adoption of protocols like MCP and A2A, which address our security challenges and facilitate the implementation of granular, context-sensitive access controls. These protocols enable real-time access decisions based on identity, data sensitivity, and risk, utilizing short-lived, verifiable credentials. This approach ensures that every agent, tool, and request is continuously evaluated, embodying Zero Trust principles.
Implementing Zero Trust in Hybrid Environments
VentureBeat: How does Walmart’s extensive hybrid multi-cloud infrastructure (Google, Azure, private cloud) influence your approach to Zero Trust network segmentation and micro-segmentation for AI workloads?
Geisler: Our segmentation strategy is based on identity rather than network location. Access policies are consistently applied across both cloud and on-premises environments. With advancements in protocols like MCP and A2A, service edge enforcement is becoming standardized, ensuring that Zero Trust principles are uniformly applied.
Proactive Defense Against Threats
VentureBeat: With AI lowering barriers for advanced threats such as sophisticated phishing, what AI-driven defenses is Walmart deploying to detect and mitigate these evolving threats proactively?
Geisler: At Walmart, we are committed to staying ahead of the threat landscape, especially as AI transforms cybersecurity. Adversaries are increasingly utilizing generative AI to create highly convincing phishing campaigns, but we are leveraging similar technology for adversary simulation campaigns. This proactive approach helps us build resilience against these emerging attack vectors.