Enterprise AI Team

Powering Up Intelligence

November 27, 2025
Share this blog post

Leveraging AI for Security Operations

When your infrastructure spans across power plants, cloud platforms, SaaS environments, and millions of endpoints, managing risk is a balancing act between innovation and resilience. Paul Reyes, CISO and VP of Cybersecurity at Vistra Corp., understands this reality better than most. "Each individual account is now becoming our boundary," he noted, reflecting on how the perimeter has evolved from the data center firewall to every device, user, and access point.

Overseeing cybersecurity for one of the largest power generators in the U.S., Reyes faces a threat landscape increasingly defined by speed, sophistication, and AI-enhanced attacks. But rather than retreat, he and his team leaned into AI, turning it into a force multiplier across both cybersecurity and core operations. What emerged was a cohesive strategy that uses artificial intelligence not just for defense, but for predictive insight, operational efficiency, and ultimately, enterprise transformation.

Leaving Legacy at the Gate

Vistra, like many legacy enterprises, began its digital journey with deeply siloed systems. "We have a generation arm, and then we have retail…each business unit has different needs," Reyes explained. This fragmentation meant traditional perimeter defenses could no longer serve a distributed workforce with varied risk profiles.

Gone are the days when a firewall could stand guard over a single fortified boundary. "We’ve got data in the cloud, we’ve got SaaS models…how do we now secure every individual separately to ensure they are isolated from threats?" Reyes asked. The company's answer: a zero trust architecture reinforced by AI.

While zero trust reduced attack surfaces, the rapid adoption of cloud and SaaS introduced new monitoring burdens. Reyes acknowledged the challenges, noting that even basic questions like "what's on our network?" became difficult to answer in real-time. AI helped bridge this gap, continuously monitoring devices and user behaviors to provide situational awareness across disparate environments.

Manual processes in vulnerability management and endpoint monitoring also proved inadequate. "You can never get a straight answer from your tech guys," Reyes joked, highlighting the dynamic nature of user accounts and assets. With thousands of contractors and employees, tracking anomalies manually wasn’t scalable. "You might have one person with 10 different accounts…a company of 10,000 might have 150,000 accounts."

Intelligence Across the Enterprise

To bring order to chaos, Reyes and his team turned to AI-powered behavioral analysis, embedding it into core systems. "That's not a human doing that," he said. "That's AI looking at patterns and the behaviors of actors on top of your system and being able to do predictive controls and protections."

The move wasn’t confined to IT. Reyes described how Vistra applied internal AI models to its energy fleet. "We have an awesome team that looks at all of our fleet and uses machine learning in our own internal AI…to forecast when we need to do maintenance appropriately so that we don't waste money."

This predictive maintenance strategy paid dividends, reducing unnecessary downtime and increasing asset efficiency. It also demonstrated a broader organizational shift: AI wasn’t just a security asset, it was a business enabler.

In cybersecurity, AI now plays a critical role in both detection and response. From recognizing phishing attempts in email to identifying behavioral shifts in endpoint usage, Vistra’s SOC incorporates AI to automate first-line monitoring. And while Reyes acknowledged that AI remediation in vulnerability management is still overhyped due to complexity, he sees immense promise in "augmenting 24x7 monitoring" and automating routine alerting.

Rather than fully outsourcing monitoring, Vistra uses third-party AI providers to "do common checks and balances" and then adapts those insights to their environment. "You can then modify that output to search for what's specific to your business," Reyes said.

Predicting Tomorrow's Threats

Looking ahead, Reyes sees AI not only as a defensive mechanism, but also as an offensive tool in the hands of attackers. "We saw in one of our threat feeds…AI throwing out a botnet and then doing investigation on reconnaissance…then generated reconnaissance that enabled them to be very pinpoint on what and how they would attack."

He emphasized how fast this AI-driven kill chain unfolded. "All by an AI…within hours or minutes." What used to take days of manual scanning, now happens in real-time. Reyes is preparing for this future by training his team to adopt AI literacy as a core skill. "Resources aren't going to be replaced by robots or AI…they're going to be replaced by other people that know how to use AI well."

Results That Speak Volumes

The AI-enhanced cybersecurity and operations strategy at Vistra has resulted in a reduction in unnecessary fleet maintenance, increased precision in endpoint and email threat detection, streamlined asset visibility across a sprawling IT environment, and enhanced SOC capabilities through AI-augmented alerting.

"We leverage AI that drives efficiencies within our workforce and reduces risk," Reyes summed up. The outcomes are not just security wins, but measurable gains in uptime, savings, and strategic agility.

Lessons from the Edge

As AI becomes ubiquitous, Reyes offers a cautionary but hopeful perspective: "This is a dangerous time with no regulation, no control around [AI], that we gotta be careful on what keys to the kingdom we will give."

Still, he sees AI as a lever for growth, not just defense. "You've missed it if you don't know how to leverage AI to help you escalate your skill sets," he warned.

In a world where knowing what’s on your network is no longer trivial, and phishing emails mimic trusted senders with frightening precision, Vistra’s story is a roadmap for enterprise leaders. Combine AI-driven insights with operational discipline, and what was once a vulnerability becomes your greatest advantage.