Equifax Details AI-Powered Defense and Guardrails in 2025 Security Annual Report

EQUIFAX HAS RELEASED ITS SIXTH SECURITY ANNUAL REPORT, detailing the organization's strategic integration of AI to optimize security operations, outpace AI-driven threats and securely accelerate product development. The organization has established itself as an industry leader in data security and fostered a culture of shared security ownership across the organization. 

Equifax has transformed every aspect of its operations, embedding security into the global team's DNA. In 2025, guided by a focus on relentless optimization and maximizing its cloud-native infrastructure, Equifax successfully defended against more than 19.8 million cybersecurity threats daily and conducted over 240,000 simulations to test the global workforce and prepare for future challenges.

The transition to fully cloud-native technology enabled Equifax to use AI to fundamentally change the way the organization operates and support the evolution of its security strategy across three distinct dimensions:

• Using AI to enhance security: Equifax deployed specialized AI triage agents that helped auto-resolve nearly 50% of all Security Operations Center (SOC) tickets, maintaining a mean time to detect threats of under one minute. The company also implemented custom AI to analyze vulnerabilities and automatically draft remediation code, while an internal AI advisory assistant reduced security consult times by 61%.
   

• Securing the business’s use of AI: With almost 90% of the Equifax global workforce using AI, the security team implemented strict guardrails to protect the enterprise. This includes an agnostic control layer that inspects prompts and responses for sensitive data leakage or injection attacks before they interact with an AI model. Equifax also implemented safe code connections for AI agents and established evaluation gates that automatically test every new agent.
   

• Defending against AI threats: As attackers weaponized AI to increase the speed of their campaigns, Equifax deployed a system of active immunity. This allowed the company to quickly analyze new AI-driven tactics and upgrade defenses enterprise-wide. Over the past year, these adaptive external defenses successfully blocked evasive malware and intercepted live deepfake attacks targeting company leadership.

“The 2025 threat landscape was defined by a convergence of volume, speed, and sophistication and our team navigated through it with relentless ambition to outpace the status quo,” said Jeremy Koppen, Chief Information Security Officer at Equifax.

Hear additional insights from Jeremy Koppen:

Security remains a true business accelerator at Equifax and the proof is in the organization’s output, securely launching more than 180 New Product Innovations (NPIs) in 2025 — the sixth consecutive year over 100. This demonstrates that rigorous security is not a competing interest, but a vital enabler of rapid innovation and growth.

The maturity of the Equifax cybersecurity program, with a 2025 National Institute of Standards and Technology (NIST) Cybersecurity Framework score of 4.4, increased in 2025 according to a leading global research and advisory firm, outperforming all major industry benchmarks for the sixth consecutive year. Equifax also maintained a security posture score that exceeded Technology and Financial Services industry averages.

“We increased our security maturity again in 2025, but the threats we face continue to evolve,” concluded Koppen. “We’ll continue to embrace new technologies and optimize our defenses. Our pursuit of security leadership has no ceiling.”

View the complete Equifax 2025 Security Annual Report here.