Building Human-Centered AI Security
On the 31st episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton talk with Sue Lapierre, Head of IT Governance & Information Security Officer at Prologis. Prologis manages 1.3 billion square feet of industrial real estate across 20 countries, with $3.2 trillion in goods flowing through its facilities each year. As the security leader of such a critical organization, Sue faces an evolving set of challenges: enabling rapid AI adoption, strengthening human awareness, and preparing the enterprise for deepfake-enabled social engineering.
Prologis has embraced generative AI at scale, reaching 95% adoption of its internal platform, PrologisGPT. Employees have created more than 900 GPTs for daily tasks, guided by an enterprise AI policy and reinforced with bite-sized training modules. “At the very beginning, from a security standpoint, we locked down all AI except our internal AI, PrologisGPT. That helped to focus people into one vector,” Sue explained. By narrowing employees’ usage to a trusted, secure platform, her team ensured that curiosity could flourish without compromising sensitive data.
While governance is foundational, Sue also believes resilience is built through testing. Earlier this year, Prologis hired a third party to simulate deepfake attacks against executives, admins, and help desk staff. One scenario involved a fabricated voice impersonation of Prologis CTO Sineesh Keshav. The targeted leader successfully resisted, asking a simple but unanswerable question: “When was the last time we saw each other?” Sue recalled. These exercises demonstrated the power of awareness as a frontline defense against AI-enabled threats.
Zero trust is another pillar of her strategy, but for Sue, it goes beyond firewalls and identity controls. “We have to also think about zero trust, not only on the technical side, but on the human side,” she said. Training employees not to blindly trust requests, even when they appear authentic, is central to preventing phishing, invoice fraud, and social engineering campaigns that increasingly leverage AI.
Her pragmatic approach extends to evaluating third-party tools. Sue urges security leaders to probe beneath vendor marketing and involve technical experts in questioning: How is data stored? Is it used for model training? Where is ownership retained? This due diligence, she argues, is the only way to separate genuine solutions from shiny objects. At the same time, she is actively searching for security tools that use AI to identify malicious AI, recognizing that defenders must match adversaries at the same speed.
Sue also resists the narrative that AI will replace security teams. She sees it instead as an augmentation tool. Tasks may be automated, but judgment, investigation, and nuanced decision-making remain human strengths. Prologis evaluates every new or backfilled role for AI applicability, ensuring future hires combine technical knowledge with curiosity. As she put it, curiosity is non-negotiable: “If you’re not curious, you can’t be in a security role.”
Sue’s perspective reflects both optimism and realism: AI will bring autonomous defenses and autonomous attacks. Her team is preparing for both by embedding awareness, testing resilience, and demanding rigor from vendors. For Prologis, defending $3.2 trillion in global commerce means protecting both the infrastructure and the people who operate it.
