Interview: Shopify CISO Andrew Dunbar on Securing an E-Commerce Giant

Interview: Shopify CISO Andrew Dunbar on Securing an E-Commerce Giant

https://www.infosecurity-magazine.com/interviews/interview-shopify-ciso-andrew/

Publish Date: 2026-06-24 09:45:13

Source Domain: www.infosecurity-magazine.com

Andrew Dunbar, Chief Information Security Officer (CISO) at Shopify, an e-commerce giant that started in 2006 and expanded to over 8,000 employees, discussed how the firm manages cybersecurity with a strong engineering-led approach. As cybersecurity needs evolve, Shopify is embracing artificial intelligence (AI) to handle a broader range of security challenges. By embedding security principles from the ground up, ensuring a zero-trust environment, and employing an AI proxy to help innovate safely, Shopify maintains its core ethos of enabling safe innovation within the company. Additionally, by running a successful bug bounty program, Shopify collaborates with thousands of security researchers to unearth vulnerabilities, allowing them to protect millions of merchants at scale. However, the rise of AI poses new threats such as highly personalized attacks and unique exploits that exploit AI and call for advanced measures in defense.

Key Points:

-shopify maintains a strong engineering-driven approach to cybersecurity while embracing the use of AI to manage security challenges.
-Shopify operates within a zero-trust environment and uses AI proxies to balance innovation with security.
-The bug bounty program empowers thousands of security researchers to identify vulnerabilities, benefitting all of Shopify’s merchants.
-AI-enabled attackers pose significant risks that require keeping pace in defensive AI measures.
-Monitoring and understanding the third-party ecosystem and trusted vendor interactions is essential for robust cybersecurity.