• | 10:00 am

Rajat Taneja on building Visa’s defense for the agentic era

Visa's President of Technology on fraud models, VVAH, and getting ahead of the quantum threat

Rajat Taneja on building Visa’s defense for the agentic era
[Source photo: Krishna Prasad/Fast Company Middle East]

Every fraud model Visa runs is built to keep moving. As commerce shifts toward agents transacting on a person’s behalf, that constant evolution faces its biggest test yet, one where the credential being protected is no longer just a card, but the authority a person has handed to a piece of software.

Rajat Taneja, President of Technology at Visa, spoke to Fast Company Middle East in an exclusive conversation on the eve of the Visa Payments Forum in Paris, the company’s flagship European gathering held at the Paris Convention Center on July 1 and 2.

He outlined how Visa is reshaping its technology stack to address a rapidly evolving threat environment, from fraud detection and the newly public Visa Vulnerability Agentic Harness, or VVAH, to preparing for the impact quantum computing could eventually have on encryption. Taneja also discussed the changes that occur when consumers delegate authority to AI agents, how Visa is using AI to defend against increasingly sophisticated attacks, and why cybersecurity and payment security are converging.

ADAPTIVE FRAUD DEFENSE

Fraud models at Visa are never static, Taneja says, comparing them to living systems that train and adapt continuously as new scams emerge around whatever is trending at the time. “Think of them as living organisms. They are AI-based, and they’re constantly training, learning, and evolving,” he says. “Just like the bad guys are changing their techniques and using technology in new and different ways, there are scams that take birth based on topical use cases that are happening.”

That same dynamism extends to agentic commerce, where data and underlying mathematics are continually fine-tuned to keep pace with attackers. “The models that we have to protect consumers and merchants have to be very dynamic,” he says.

What changes with agentic commerce is the nature of what’s being protected. Rather than a person transacting directly, a consumer is now delegating authority to software, which means Visa needs an entirely new layer to track and preserve the original intent. “You need a new stack that manages what your intent was. Are you able to delegate it in a way that maintains your specific instructions?” he says.

That delegation raises a fresh set of security questions Taneja treats as foundational: what credential an agent is given to transact on a person’s behalf, whether that credential can be shielded from misuse if compromised, and whether a malfunctioning agent could be prevented from using it beyond its intended scope.

He also points to cryptographic verification, being able to confirm which agent represents which consumer, as a core requirement, alongside safeguards defining what an agent is and isn’t permitted to do. “What is the credential you are giving your agent to transact on your behalf? Can that credential be protected as well?” he says. “Can we cryptographically verify who the agent represents?”

He frames all of this as unfinished work. “All these controls and the underlying infrastructure will continue to evolve and continue to be very dynamic,” he says.

This emphasis on adaptability also shapes Visa’s approach to emerging fraud threats.

Predicting where fraud will strike around major events comes down to signal detection, Taneja says, pointing to phishing campaigns and the kinds of topical hooks bad actors typically exploit as patterns that Visa already recognizes.

“We look at signals, right? The phishing campaigns and the types of topical events the bad guys are trying to piggyback on are known to us now,” he says. Once an attempt begins, it gets picked up through a combination of fraud models and monitoring hubs, including what Visa calls its risk operations command centers, Visa operations command centers, and cyber fusion centers.

He walks through a specific pattern to illustrate how this plays out in practice: enumeration attacks, in which stolen card details are tested with small transactions to determine whether a card is still active before being used for larger fraud. “Now they’re testing the card to see if the card is active and can operate, and they test it with small transactions in different ways. Once it goes through, they’re then able to quickly do something with it,” he says.

What makes detection possible at that scale, he explains, is visibility across geography and time. Attackers often spread their attempts across different IP addresses, merchants, and time zones to avoid detection. Still, Visa’s models track these patterns globally and in real time, scoring transactions and flagging velocity patterns that indicate something unusual.

“We are seeing the whole thing across the whole world, right? It’s coming in real time. We’re able to score it, we’re able to do velocity patterns, and we’re able to say, okay, something is going on over here, we are going to stop it right here, nip it in the bud,” he says.

He credits that outcome to the infrastructure behind it. “So, the underlying technology and the processes that we have play a very powerful part in nipping this in the bud, right?” he says.

BUILDING VVAH

Visa’s comfort releasing VVAH publicly traces back to a discipline it has practiced for years, Taneja explains: catching security issues at the very start of development rather than after the fact, an approach the company calls shift left. “What shift left means is that from the very first line of code you’re writing, you’re checking for security issues, not at the very end, which is how software is developed in many places,” he says.

That continuous checking, built over time through agents and automation, has helped Visa earn what Taneja describes as one of the highest cyber maturity ratings in the world, as determined by an independent audit.

The shift toward VVAH began when Taneja’s team gained early access to next-generation frontier models, including Anthropic’s Claude Mythos, and saw their ability to detect obscure vulnerabilities buried deep in code, across multiple languages and architectural layers, including the capacity to chain smaller flaws into new threat vectors that could be weaponized autonomously. “We saw the power they have in detecting obscure vulnerabilities deep in the code across many different languages, across different layers of the architecture,” he says.

That discovery led Visa to build what Taneja calls a control plane, a harness for scanning its own infrastructure end-to-end, around the clock, and tuned to be model-agnostic so it can work across different systems and languages. “It’s a very powerful underlying harness that allows us to operate 24/7 and look at our own infrastructure fully end-to-end,” he says.

Deciding to release that capability publicly came down to what Taneja frames as a simple observation, one that rivals building agentic security tools would contest: nothing as it existed elsewhere, and most companies would eventually need to build the same foundation without Visa’s years of accumulated expertise. “There is nothing like it out there. Nobody else has released anything like it,” he says.

“Every company, over time, will be doing this work and having to build this basic foundation themselves, and many companies may not have the same level of years of experience in this.”

Taneja breaks the process into two parts. The first is detection and prioritization, using the model to surface and rank vulnerabilities based on Visa’s own infrastructure and controls. The second is what happens after a flaw is found: fixing it, validating that the fix doesn’t introduce new issues or regressions, and pushing it into production.

To manage that, Visa built a set of pre-built instructions it calls skills, spanning eleven stages in total. “We added several techniques to do this in a very fast way with different models, and then we said we want to contribute this to the world,” he says.

The rollout has come in two parts. Visa released the first nine stages, covering detection, prioritization, and insight, in early June. “Today, what we are releasing is the final pipeline that allows remediation and validation to happen so that the trusted fixes can be put into production,” he says. On whether bad actors could exploit the same tool, Taneja distinguishes the direction of attack.

Malicious use of these models tends to come from the outside in, targeting binary code or open-source tools, whereas VVAH is built to scan custom code and infrastructure that Visa itself controls. “There are two ways you evaluate software: static analysis of your source code and dynamic security analysis, which comes from the outside in, and this allows you to do both,” he says.

INSIDE VISA’S SECURITY STRATEGY

Security at Visa rests on two pillars, Taneja explains: payment security, which handles fraud, risk, counterfeit cards, and the lifecycle of a transaction, and cybersecurity, which covers the infrastructure on which everything runs, from telecom networks and storage to devices and software.

“The other is cybersecurity, which manages the underlying infrastructure on which everything runs, the rails, if you will, everything from the telecommunication network, your local area network, wide area network, storage, computers, devices, software, and everything like that,” he says.

What’s changing, he says, is that the boundary between those two pillars is disappearing. Because agentic commerce runs entirely through software, both payment security and cybersecurity now function as core infrastructure for the same system. “What we are seeing is that the lines that separated them are blurring. They are now really core infrastructure for agentic AI-based commerce because it traverses all of this through software,” he says.

That convergence is shaping how Visa plans, with the team looking three to five years out to anticipate where threats are headed and harden its infrastructure against tools and technologies increasingly accessible to anyone.

“So we are looking ahead three years, five years, and saying, okay, where is the puck going, and how do we get ahead of it by evolving our technology, but more importantly, bullet-proofing it from attacks that can happen using new tools and technologies that everybody has access to?” he says.

Visa’s infrastructure strategy isn’t a choice between cloud and on-prem, Taneja says, but a mix of both. “We have certain workloads in the cloud, and we have a lot of workloads in our own data centers as well,” he says, noting he has even filmed videos taking people inside those facilities to show what they look like.

Regardless of where a workload sits, cloud, on-prem, or colocation, Visa designs around the same underlying philosophy: assume the worst. “Whether it is in the cloud, on our own premises, or in colocation facilities, we take a very specific view in designing this, which is what I would call a pessimistic design. It’s a zero-trust-based architecture. It is layered with a lot of defenses, and it has a lot of security controls that we have created and practiced over decades,” he says. That approach spans the full lifecycle of a transaction and the entire stack architecture, and Taneja says every layer of it is being hardened further to keep pace with increasingly sophisticated threats.

He offers an example to explain how the underlying model typically works. Most architectures, cloud or on-prem, start with telemetry signals fed into a central data lake, which then surfaces anomalous alerts. Some of those alerts can be handled by rules-based automation, but most still route into 24/7 operations centers where people are part of the decision-making process. “That’s the typical way this stack has worked for decades,” he says.

That model, Taneja argues, no longer holds up on its own. Because attacks are increasingly automated, defense must become autonomous on both sides. “Because these tools are automating attacks, the architecture has to shift toward autonomous defense as well. Both sides have to become autonomous,” he says. Making that possible means signals have to feed into systems built for continuous learning and autonomous action, ones capable of improving and iterating on their own. “In order for that cycle to work, and for signals to become intelligence, become action, and adaptively improve, you need to have some place to control it, train it, and manage it, which is what the control plane is all about,” he says.

He describes the resulting structure as a policy-driven organization, in which specific rules and architectural decisions are built into the control plane itself, allowing different companies to configure their own versions. “This layered reasoning capability, this control plane capability, and these policy layers are how we are evolving our systems,” he says.

Taneja is clear that none of this is about adding AI on top of what already exists. “We are not just bolting AI onto the existing stack, and no one should actually do that. You have to rethink it from first principles and from the ground up,” he says.

PREPARING FOR QUANTUM

Taneja treats quantum computing as both a risk and an opportunity, starting with what makes it so powerful in the first place. “Quantum is one of the most exciting technologies right around the horizon. What it provides is an address space and computing capability that we cannot imagine right now, how powerful it is,” he says, pointing to its use of qubits rather than the ones and zeros of classical computing as the source of that new computational capacity.

That power, he says, will eventually unlock breakthroughs in areas classical computers simply can’t handle, including optimization and modeling.

The same power, though, is what makes quantum a threat to current encryption. Secure online communication relies on keys that classical computers cannot break, but Taneja points to Shor’s algorithm as a quantum-era method capable of breaking such encryption. “The downside of quantum is that, because of its power, it can break some algorithms that are used for things like encryption,” he says. That risk is forcing Visa to rethink digital signatures altogether and draw a clear line between traditional cryptography and what comes next.

“We have to rethink digital signatures, and we have to rethink what post-quantum cryptography is versus traditional cryptography,” he says.

This isn’t new territory for Visa, according to Taneja, who points to a research practice inside the company that has focused on quantum for over a decade. “I have a research practice within Visa that has been focused on quantum for 10 years. Actually, it’s more than 10 years, maybe 11 or 12 years now,” he says. That work has produced several patents, including a paper on a digital signature scheme that ranks among the most-cited in the field and is being considered by standards bodies for inclusion in new cryptographic standards.

Despite the risk quantum poses to existing systems, Taneja remains optimistic about where the technology eventually leads. “But on the upside, once we have sufficient scale, some phenomenal breakthroughs will take place in medicine and various other fields,” he says.

  Be in the Know. Subscribe to our Newsletters.

ABOUT THE AUTHOR

More

More Top Stories:

FROM OUR PARTNERS