NEVERHACK Estonia
9. okt. 2025
This CyberCast episode was recorded live at the Nordic-Baltic Security Summit, the region’s leading cybersecurity event bringing together innovators, policymakers, and practitioners to explore the future of digital defense.
Show host Ronnie Jaanhold sat down with Margus Anvelt, Head of Security and Compliance at Pactum AI, to discuss a fascinating topic: how autonomous negotiation systems are transforming enterprise procurement and what new cybersecurity challenges they introduce.
When AI Starts to Negotiate
Every large enterprise manages thousands of supplier relationships. The biggest ones get regular attention, while the smaller ones often do not. Those long-tail contracts quietly renew each year, locking in outdated terms and leaving money on the table.
Pactum AI changes that. Its autonomous agents can negotiate thousands of supplier agreements automatically, freeing procurement teams to focus on strategic deals. “Most of these smaller contracts simply renew by default,” Margus explains. “We automate the ones that otherwise wouldn’t be negotiated at all.”
The platform reaches out to suppliers, initiates a conversation through a chatbot-style interface, and finalizes deals within minutes. It is not about replacing humans but empowering them to do more with less effort.
Every negotiation starts with clear parameters defined by the customer, such as price, payment terms, delivery preferences, and acceptable limits. Pactum’s AI then runs the negotiation autonomously within those boundaries. If a supplier does not agree, the case is escalated for human review. This keeps control in human hands while automating repetitive tasks.
“Negotiation doesn’t have to be a zero-sum game,” says Margus. “Both sides can win.”
AI With Boundaries
Despite its AI-powered design, Pactum’s system does not rely on open-ended generative AI for live negotiations. Instead, it uses a rule-based model, called a “value function,” that defines safe and predictable outcomes. “We don’t yet trust generative AI to talk directly with suppliers,” he says. “Our enterprise customers need predictability.”
Generative models are used internally to design negotiation flows, but the supplier-facing interface stays fully structured and auditable. This approach reduces risk and preserves trust, especially when dealing with Fortune 500 clients.
Security at the Core
With any new technology comes a new attack surface. Pactum takes this seriously, applying a defense-in-depth strategy to protect data and systems:
-
Encryption for data in transit and at rest
-
Strict access controls, MFA, and SSO
-
Data residency options in the US or EU
-
Full segregation between customer environments
“We handle highly strategic information,” Margus explains. “It must stay confidential and controlled.” This philosophy shapes every layer of Pactum’s architecture and operations.
To validate its security posture, Pactum regularly partners with NEVERHACK Estonia for penetration testing. These tests go beyond compliance and are part of continuous assurance. “For us, pen testing isn’t optional,” says Margus. “Your team really takes time to understand how our platform works. That collaboration matters.” Each assessment helps uncover hidden issues early and strengthen the system before new features go live.
The Future of Cyber and AI
As AI systems grow more sophisticated, Margus predicts a future where penetration testers will become “social engineers of LLMs” — specialists probing the psychology and behavior of large language models rather than just code or networks.
He recently participated in an AI Capture The Flag event, exploring how AI systems can be manipulated or tricked. The experience highlighted how fast this field is changing and how important it is to stay proactive.
Rethinking Negotiation, Redefining Trust
Autonomous negotiation may sound futuristic, but it’s already here — reshaping how global enterprises manage their supply chains and vendor relationships.
For security leaders like Margus Anvelt, the challenge is balancing innovation with control, and speed with trust.
The takeaway from this episode?
AI can unlock enormous value — if it’s deployed responsibly, transparently, and securely.
