The role of the CX practitioner is expanding to encompass more and more responsibilities – AI procurement, UX design, AEO and GEO – and, thanks to the AI era that is transforming CX and service, that list now includes security leadership.
Security threats are already front of mind. When CX Network asked members to identify their top challenge as part of its annual research into the state of CX, data security emerged as a top five response.
According to Assaf Keren, chief security officer for Qualtrics and former CISO for PayPal, there are three primary security threats that impact the contact center at present: poorly tested AI agents, data integrity, and shadow AI use.
His new book Lessons from the Frontlines, explains why those in experience and service design are now operating in a high-pressure, low-tolerance-for-error environment, and what they can do to manage their risk.
The idea isn't to prevent failure – Keren says everybody in security leadership fails at some point – but to emerge faster and "come out sharper on the other side".
In this interview with CX Network, Keren explains the leading AI security threats contact center leaders are missing, how to mitigate the threat of prompt injection, and how to preserve consumer privacy as AI and data use ramp up.
CX Network: What does your new book cover and why is it relevant to those in experience and service design and management?
Assaf Keren: Here's what no one tells you about security leadership: you're going to fail. A lot.
That's the opening premise of Lessons from the Frontlines, and it's the reason I think it's relevant well beyond a traditional security audience.
After 25 years building security teams from startups to Fortune 500 companies, the thing I'm most certain of is this: security work is fundamentally about people. Protecting them, enabling them, and working through them to build something more resilient. The technical expertise matters, but it's never what determines whether a security leader succeeds or fails. What determines that is curiosity, grit, optimism under pressure, and the ability to communicate in a way that makes you a business enabler rather than the "department of no".
For those in experience and service design, I'd argue those same qualities are exactly what the AI era is now demanding from you. The threats emerging daily, the technologies evolving monthly is relevant to everyone.
Anyone responsible for designing and governing AI-powered customer experiences is operating in that same high-pressure, low-tolerance-for-error environment.
The frameworks in this book are built from real situations, including rebuilding PayPal's global security operations and navigating the current AI transformation. They are ones I wish I'd had earlier in my career. Not because they would have prevented every failure, but because they would have helped me move through failure faster and come out sharper on the other side.
That's what I want readers to take from it. Not a playbook. A way of operating.
CX Network: AI has been hotly tipped as a transformational technology for the contact center. However, you say it poses threats to security. What are the threats and what can companies do to protect themselves?
Assaf Keren: AI in the contact center is genuinely transformational, but the risk profile has changed in ways many organizations haven't fully reckoned with yet. Historically, CX platforms sat in the back office. Surveys went in, reports came out, a human made the final call. Security's involvement was minimal, and that was probably fine. But that's not the world we're in anymore. AI agents are now customer-facing and acting in real time, which changes everything from a security standpoint.
The first threat is scale. A poorly tested agent can make the same mistake, confidently, over and over.
The second is data integrity. Manipulated inputs like fake reviews or skewed survey responses can quietly corrupt the data your AI is acting on, and by the time the outputs look wrong, decisions have already been made downstream. CX platforms now connect to HRIS, CRM and compensation engines, feeding AI models that make real business decisions, so the stakes of corrupted data are far higher than they used to be.
The third is shadow AI. Around half of employees use AI tools regularly at work, but only about 20 percent stick to company-approved ones, meaning sensitive data is already moving through workflows security teams don't know exist.
The conversation needs to move beyond encryption, access controls and regulatory compliance. Those are important, but with AI – where bad data can lead to the wrong decision – the decisioning layer itself has to become a security focus. That means knowing data flows through your business, putting guardrails in place to quickly catch anything unusual, and being open about how that data is used. In a B2B setting, that kind of transparency is about more than staying compliant, it's something customers expect, and can directly impact whether they choose to work with you.
CX Network: We have heard some horror stories in the news about prompt injection. How big a threat is this to organizations?
Assaf Keren: Prompt injection is a genuine threat that's worth understanding, particularly for organizations running customer-facing AI. The basic idea is that a malicious actor embeds instructions into content the AI takes in, causing the model to behave in unintended ways. It might leak data it shouldn't have access to, bypass its own guardrails, or return outputs that cause real harm to customers or the business.
What makes this worth paying attention to is that it doesn't look like a traditional cyberattack. It's text that manipulates an AI into doing something it wasn't supposed to do. And because AI systems are often trusted to act without a human reviewing every output, issues can go undetected longer than they might with conventional software.
For contact centers specifically, the risk is real. These systems are often connected to customer records, and a successfully injected prompt could expose personal data, trigger incorrect actions on accounts, or produce responses that mislead customers. Scale is a factor too. Unlike a one-off human error, a compromised AI agent can replicate the same failure many times before it's caught.
CX Network: What are some steps they can take to mitigate this threat?
Assaf Keren: There are a few areas I'd focus on:
Start by knowing what your platform is actually connected to and what decisions it influences. Most teams have mapped integrations at a technical level, but fewer have mapped the business decisions that flow from those integrations. If your AI agent can access customer records or trigger actions, you need to understand the full extent of what that leads to.
It's also worth treating input validation as a security control, not just a data quality issue. Is the feedback your AI is acting on authentic? Could it be manipulated to skew an output or override a guardrail? This means moving beyond standard validation into intent and anomaly detection - actively looking for content that seems designed to influence the model's behavior in unexpected ways.
The key question every security and CX leader should be able to answer is: how will we know when something is going wrong, and how quickly can we act?
Security needs to be embedded into platforms, not bolted on. Platform vendors have a role to play as well – offering clear visibility into what's connected, what permissions are active, and when integrations were last reviewed.
CX Network: In 2026, our annual research into the state of CX found consumer privacy is now a top 10 trend influencing practitioners. What are some key actions organizations can take to preserve consumer privacy and address the challenges around data security?
Assaf Keren: These findings don't surprise me – they reflect something that's been building for a while. Our research tells a similar story – 53 percent of consumers say misuse of personal data is their top concern when companies use AI to automate interactions, and that figure has risen eight points in a single year. Two-thirds of people want personalised experiences, but only 40 percent think the benefits are worth the privacy trade-offs.
There's a trust gap, and closing it requires a few things.
Data integrity needs to be treated as a core company KPI. Not something audited at deployment and forgotten about, but monitored continuously. If the data feeding your AI is corrupted or manipulated, the outputs will be too, and those outputs land directly in front of customers.
Transparency matters too. Consumers have told us they'd share more data if organizations were more open about how it's used. That's a communication and governance challenge. Clear policies, plain language explanations and genuine accountability go a long way.
Organizations also need to get ahead of the regulatory curve. Data protection requirements are already complex, and with frameworks like the EU AI Act coming into force, AI-specific compliance is another layer that can't be an afterthought.
CX Network: Our research also found awareness of how AI works and uses customer data is the leading customer behavior influencing the work of practitioners. What must organizations do to ensure customers are confident in how their data are being collected and processed for (and by) AI?
Assaf Keren: The first is visibility. Consumers would share more data if organizations were more transparent about how it's used. If your customers can't easily understand what data your AI collects, why it needs it, and what decisions it influences, that's a gap you need to close. Not in a terms of service document. In the experience itself.
The second is boundaries – and enforcing them. Confidence comes from demonstrable limits. What data can your AI access? What can it act on? What is it explicitly prevented from doing? If your security and CX teams can't answer those questions clearly, your customers certainly can't trust the answers either.
Data minimization isn't just good privacy practice. It's the foundation of a credible data contract with your customers.
The third is accountability when things go wrong, and they will. Monitoring isn't optional. Track satisfaction scores, escalation rates, sentiment signals. When the data tells you something is underperforming, that's your early warning system. Use it before customers do.
Customer confidence in AI is built through evidence. The organizations that earn trust will be the ones that can demonstrate that their AI is tested before launch, governed while it runs, and corrected when it falls short.
Awareness is already driving customer behaviour.
Lessons from the Frontlines: Insights from a Cybersecurity Career
by Assaf Keren is available now on Amazon
Quick links
- Intent drift is the new CX measurement gap (and your dashboard can't see it)
- AI governance gaps are contributing to CX pilot failure
- Essential AI guardrails: How to do security testing, APIs, and logs