Announcer 00:01
You are watching “InTechnology,” a video cast where you can get smarter about cybersecurity, sustainability, and technology.
Rajan Panchanathan 00:11
Hi, welcome back to the “InTechnology” podcast. I’m your host Rajan Panchanathan. Today, we have a guest sitting right at the intersection of AI, cybersecurity, and supply chains. He’s the chief security and AI officer at Lenovo. Prior to that, he spent a couple of decades at Intel leading the software and services business, and he started his career in the US Navy. And he’s here to unpack how Lenovo is navigating the wild frontier of AI and digital trust. Please welcome Doug Fisher. Doug, welcome to the podcast.
Doug Fisher 00:50
Thank you very much for having me, Rajan. It’s great to be here.
Rajan Panchanathan 00:53
We’ve got a lot to dive into AI policy, security threats, supply chain. But first, let’s start with your day job, chief security and AI officer, that’s a power title. What does that role actually look like at Lenovo in a day-to-day manner?
Doug Fisher 01:12
Yeah, that’s a great question. I do spend a lot of time, obviously internally ensuring that we do the right things from a security and AI perspective, but I also spend a lot of time with our customers and partners. And I started calling myself the Chief Trust Officer, because it really is about building that trust that Lenovo is delivering the right capabilities that are secure and have the right level of AI scrutiny, before those products and services are deployed. And so when I took over as a chief security officer, I really created a structure to ensure that we orchestrate all aspects of security that we’re driving for inside of the company. And it all culminates into one really important thing is that’s customer’s data privacy and security. That is our entire focus. But it takes a culmination of a lot of different security efforts, whether it’s product security, supply chain security, infrastructure security, and physical security, all work hand in hand on a foundation of a security first culture to deliver that capability. I was asked a year ago to take on this role as the chief AI officer, and the reason why is because they wanted the visibility and responsibility, much like I’ve driven in security, to take that same motion in AI, creating a structure that ensures that we’re doing the right things with our products and services before they’re deployed into the marketplace.
Rajan Panchanathan 02:42
So, security and AI used to be separate tracks. Why combine them now? What’s the strategic idea behind it, Doug?
Doug Fisher 02:50
You know, the foundation of delivering AI is security. And I think the way we approach security inside Lenovo, reporting directly into our CEO, one, gives visibility, but two, builds on that foundation and that structure we put in place with security. And so the reason why they go hand in hand is because the conversations oftentimes are inseparable. When you look at all the stuff going on in the press and the concerns the customers have, it comes to really data privacy and security is one of their biggest concerns. And so since that’s such a big part of delivering and deploying AI solutions, it was a natural progression to add that capability and responsibility under my remit for the company. And I’m taking that same approach I did with security, and I’m using a pyramid this time to describe how we deliver AI solutions and products to the market in a secure, ethical, and transparent way to our customers and partners.
Rajan Panchanathan 03:54
We hear a lot about companies investing in AI, but what does that really mean at Lenovo? What kinds of AI projects are you actually working on, Doug?
Doug Fisher 04:05
Well, you take a look at our Q3 results. You saw a 20% year-on-year growth, and in part, that was driven by our hybrid AI strategy. And Lenovo’s been driving this aggressively, ever since the AI move occurred. This last year alone, we deployed over 150 new AI PCs and devices into the market covering consumer, commercial and small and medium business, you know, ThinkPad to Yoga, ThinkBook to Legion, all across the space, we’ve been deploying those capabilities. And they build in elements that are critical to the success of AI, whether it’s smart modes, which really gives greater control, over the PC customization, Smart Share, which is, really enables seamless AI-driven image sharing or Smart Care, which is a way to work with Lenovo technology experts in ensuring that you get the right level of technical support. So, we’re doing a lot in our consumer commercial and small and medium business devices. We’ve also worked in our services space where we built out our AI library in conjunction with what we call AI Fast Start, which really helps accelerate the deployment of AI agents for our customers to deploy those, all the way to our hybrid cloud solution using TruScale as a way to deploy hybrid AI solutions into the enterprise environment. So, we have a broad set of capabilities that we’re deploying across our portfolio, we call it from the pocket to the cloud.
Rajan Panchanathan 05:41
That’s exciting. How are you thinking about AI itself? When you think about AI, you have bias, you have ethics, you have transparency, you have governance. What kind of frameworks or principles do you use at Lenovo across a company?
Doug Fisher 05:59
Yeah, that’s a great question. And really, we start with the basic, which is, we want to ensure that our products and services do no harm or put users at risk. That’s our fundamental objective across everything we do in AI. And so, what we reformed is what we call the responsible AI committee, which reports into me, and they look at six critical elements of any project that goes into the market, any solution or product that goes to the market. We look at inclusion, we have privacy and security reviews, accountability and reliability, explainability, transparency, and environmental and social impact. All of those things are reviewed before a project goes to the market. And, so we have every one of those projects, both the ones that we deploy and the ones that we consume, go through a rigorous review process. And all of them are vetted for that. And not everyone makes it through. We catch things that are not aligned with our commitment in deploying these. Now, our job isn’t to stop progression of these projects. Our job is to improve them. So we protect customers’ IP, customer data, cross-border transfer of data. There’s all sorts of different aspects of deploying an AI solution that you need to ensure you have a rigorous governance process in place to protect your customer. And frankly, Lenovo, as we deploy these, and keep that trust that we talked about earlier. We also work with governments and non-government organizations to help build out and deploy standards and frameworks to ensure that all these things are aligned with what we want to see in the marketplace.
Rajan Panchanathan 07:40
So, let’s focus a little bit on cybersecurity. We all know cybersecurity is a moving target, more so with AI. What threats are keeping you up at night?
Doug Fisher 07:53
You know, we always worry about security threats, regardless, wherever they come from. AI is not, in our view, creating new threats, but they’re making them much more sophisticated. And the pace of which the attackers can come at you is grown rapidly. What used to take six months to a year to develop, can take days and hours to develop because of the capabilities of AI. So, it’s really the attacks are coming at us much more sophisticated. And I think anybody that’s participating in technology sees that. And so, we have to ensure that we’re, and continually to become vigilant. And how we do that, as most people know, 80 plus percent of encroachments into an environment oftentimes come right through your employees. So that’s why we have such a stringent requirement in our environment that all employees take security training. So, we continue to create a security first culture. And what I try to emphasize is critical thinking. And what I mean by that is, you need to have the ability to utilize tools that help prevent this, but also, you are our biggest asset in preventing this by having critical thinking when something comes to you that doesn’t look quite right. We want to create that culture where you question it and take that extra step and ensuring what you’re doing is actually aligned with what the company wants, or whether you’re just actually being attacked or social engineered. And so, I actually encourage employees to do this, but I also encourage management to create a culture where the employees feel comfortable and rewarded for questioning. Imagine an environment where as an employee, you question something, and the manager takes a hostile opinion toward it because it was actually legitimate. That’s not going to create a culture of employees really driving critical thinking. So, I encourage management as a responsibility in this as well. You saw the situation when company out of Hong Kong, they had a deepfake video where all got on a call, thought it was the CFO on the call. It was actually a deepfake, it was a video fake, of an audio fake of a CFO who asked them to move $25 million to close a deal. And it was everybody on the phone was a deepfake, except the person moving the money. So, this is real, it’s happening. We often see it. And so that’s why we have to create that culture along with using tools and capabilities, of course, but that culture of critical thinking,
Rajan Panchanathan 10:27
Doug, as you were describing this, when most people think about cybersecurity, they think about firewalls, phishing, ransomware, and so on, so forth. But let’s focus on another area which is the invisible backbone, the supply chain itself. What macro trends are you seeing in the evolution of the supply chains in today’s digital world?
Doug Fisher 10:52
Yeah, I think everybody who’s paying attention is focusing heavily on really business continuity or business resiliency in the supply chain area. If you look at us as a company, we serve over 180 markets across the globe. And we take that same approach in how we look at the supply chain. You look at what Gartner says about us, we’re one of the top ranked supply chain companies in the world. That’s because we do things, like, have 30 plus manufacturing sites. These are across nine markets: Argentina, Brazil, China, Germany, Hungary, India, Japan, Mexico, and the US. And we’re also working now in Riyadh to build up a manufacturing capability there as well in 2026. So, we’re broadening our footprint of manufacturing capabilities for that purpose to navigate any disruption you could have in the supply chain. It gives us, I feel, a big competitive advantage as we own a lot of our own manufacturing and the ability to seamlessly move our capabilities from one place to another. And so I think you’re going to see more and more of that as people looking how to navigate supply chain threats and attacks in the market.
Rajan Panchanathan 12:03
Given your role, does AI and machine learning play any significant role in improving the security and resiliency of Lenovo supply chain? Do they intersect anywhere?
Doug Fisher 12:20
Oh, absolutely. I mean, we take a look at AI readiness. We look at security, people, technology and processes all together, and AI is a big part of that, ensuring that we have the knowledge we need to not only secure and deliver capabilities to our customers and partners, but also enhance. We’ve built on what’s called Lenovo Powers Lenovo. I mentioned that we work across 180 plus markets, across the globe. We take that knowledge, and we’ve built capabilities using machine learning and AI to accelerate our supply chain decision-making. So, we see a big advantage of utilizing that knowledge and that information we have to build a more robust and more efficient supply chain, primarily through things like decision-making and accelerating that.
Rajan Panchanathan 13:10
So, Doug, both Lenovo and Intel are leaders in supply chain. You just announced a new product here. Can you talk a bit about it and how you are leveraging Intel@‘s Transparent Supply Chain technology in your product?
Doug Fisher 13:25
As you know, we’ve been working with Intel for many years on what we call transparent supply chain. It was just another element to build that trust with our customers and partners that what we manufacture is being deployed in their environment. We continually evolve that roadmap and we announced recently, the ThinkShield Build Assure capability. It’s ThinkShield is a umbrella of capabilities and one of the key elements is our Build Assure that we partnered with Intel on. And what this does is really provides an attestation of the product that’s built in the factory to ensure that there’s no tampering with that product, all the way through the process of getting it into the customer’s environment. And so, this is just another level of insurance for our customers, and trust is what they want. They want to trust what we manufactured, is actually being deployed in their environment. So, we use Build Assure for that, and that will continue to evolve. This is the first of the roadmap. We’ll continue to add capabilities partnering with Intel going forward.
Rajan Panchanathan 14:31
So, what you’re actually doing is securing all the way from the factory floor to an IT deployment?
Doug Fisher 14:39
Yeah, that’s a great question. What we do is we basically, in simple terms, we take a fingerprint of the device, all the active components on that, and we broaden the number of components we look at. And then when it’s brought up in the customer’s environment, it actually has hashtag algorithms that secure all that fingerprint, but it brings it up and then it validates what was built is the same, nothing’s been modified from a firmware hardware perspective, from the time it left the factory, the time it is in their environment. So, when they bring it up, it actually tests to make sure nothing’s been modified, giving them the insurance that nothing’s been tampered with in that process of getting from the factory to their environment.
Rajan Panchanathan 15:22
Yeah, that’s exciting. Empowering the ThinkShield Build Assure, is certainly driving exciting possibilities for enterprise customers. Now, let’s look ahead a little bit zooming out. Where do you see AI and cybersecurity evolving over the course of the next three to five years? What excites you, and what scares you?
Doug Fisher 15:43
Well, I think what scares me is what I said before. I think it’s just that the bad guys are obviously, have a lot of money. This is one of the things that people can’t understand. It’s a profitable enterprise. So, they have a lot of money, and they’re building and buying the most advanced technology and advancing their ability, not only themselves to attack, but also, on the dark web, there’s as a service, attacks that you can even as a lay person start participating in nefarious activities. So, it’s really created a faster on-ramp for that environment to accelerate their attacks. And so, what we look at is how do we take AI, how do we use AI to better protect the company? And so, we’re utilizing AI driven tools, we’re deploying on endpoint protection, along with network capabilities and protections, all across our ring of defense that we put in place. We use AI tools to help accelerate our ability to be informed of a certain attack and prevent that from happening. So, AI has a two-edged sword. We can use it as well to simulate advance threats, all sorts of things that we will expect to see from the attack surface. And simulate that with AI much more rapidly, much more rigorously. And we’re building phishing attacks that we train our employees on in a much more sophisticated way as well. So, we’re using AI internally across a lot of different, you know, you say attack surfaces to accelerate our protection of our environment.
Rajan Panchanathan 17:29
That’s great to hear, Doug. Any final thoughts on AI security supply chain? Any guidance for business leaders out there?
Doug Fisher 17:39
I think it’s important that you look at the broad set of things in security. This is why we structured security AI together in a really rigorous way. So, my guidance to everybody is, you’d really need to understand that security and AI is not just one thing, it’s a collection of things that really build that trust. And so, you should really understand what that involves. From our perspective, we’ve categorized it around what we call the Pantheon, which captures all elements of security. And for AI, we’ve used a pyramid, which captures all aspects of AI that’s required before you deploy a product. Now, I mentioned a couple of terms that you may not be familiar with. The first one is in security I refer to as the Pantheon. In short, the Pantheon is a way to structure all motions or responsibilities we have across the company to ensure that we provide data privacy and security, that is the utmost of importance. So, we have the culture and the governance as a foundation. We have four pillars; product security, supply chain security, physical security, and infrastructure security. All those work together hand in hand to deliver data privacy and security. In AI, we use the pyramid to describe all the actions and motions we need to take to ensure that we deploy a product in the market that is secure, that’s ethical, transparent, you know, all the elements that I described earlier are in place before that product or service hits the market. So, we structure both of these motions to ensure that the rigor is in place to do that. And then on a supply chain side, you know, we work very hard to ensure that our supply chain meets the criteria that our customers demand. Obviously, Gartner gives us a lot of credibility with how they rank us, but we have C-TPAT, we have TAPA, and we’re working with ISO standards to ensure that we build a supply chain that’s tamper-proof and resilient for our customers and partners. You know, if they want to know where our products and services are being built, who’s touching them and how they’re deployed in their environment. And we have to be able to explain that. And we do that in a really systematic way that a lot of our environment cannot do. And so I think that’s what, you know, puts us in a position we’re in, in that trusted partner and customer for the ecosystem. That’s what’s really delivered that for Lenovo.
Rajan Panchanathan 20:08
Thanks for your time today, Doug. This is great insight on a variety of topics. Thanks to all of you for joining us. That was Doug Fisher, chief AI and security officer at Lenovo. Until next time, stay secure and stay curious.
Announcer 20:29
Never miss an episode of “InTechnology” by following us here on YouTube or wherever you get your audio podcasts.
Announcer 20:36
The views and opinions expressed are those of the guests and author, and do not necessarily reflect the official policy or position of Intel@ Corporation.
