From Evidence to Intelligence: How AI Can Transform Product Compliance (B30a)
Product compliance programs are under growing strain. Security requirements continue to expand, standards are becoming more complex, and certification teams are being asked to do more without a proportional increase in time or resources. Yet much of the work still relies on fragmented workflows, manual testing, static documentation, and point-in-time assessments. This talk explores why that model is increasingly unsustainable and how artificial intelligence can help compliance evolve from a reactive, labor-intensive exercise into a more continuous, intelligence-driven discipline. Rather than focusing narrowly on AI-generated text or isolated automation, this session will present a broader framework for applying AI across the compliance lifecycle. The talk will examine how structured test evidence, technical documentation, product configurations, and prior compliance artifacts can be used together to create more context-aware compliance workflows. It will discuss practical ways AI can assist with areas such as test orchestration, results interpretation, readiness assessment, gap analysis, artifact generation, and change impact analysis, while keeping human experts firmly in control of judgment and final decisions. A key theme of the talk is that the real opportunity is not simply to make existing tasks faster, but to change the operating model of compliance itself. When evidence is treated as living input rather than static output, teams can begin to move from episodic certification preparation toward ongoing compliance visibility. This has implications not only for Common Criteria and similar schemes, but for the broader future of product security compliance as regulatory pressure increases and engineering organizations demand tighter integration with development workflows. Attendees will leave with a practical mental model for where AI adds genuine value in compliance, where caution is warranted, and what an effective human-in-the-loop approach looks like in high-assurance environments. The talk is intended for certification practitioners, product security leaders, engineering teams, evaluators, and policymakers who want to understand how AI can be applied credibly and usefully to modern product compliance without sacrificing rigor, trust, or technical depth.