Concerns over cybersecurity are escalating as artificial intelligence (AI) becomes more prevalent in operational technology (OT) environments. Industry leaders caution that the integration of AI into critical infrastructure is creating new systemic risks that could have significant implications for safety and security.
Many organizations in industrial sectors are increasingly adopting AI to enhance efficiency through methods such as predictive maintenance, anomaly detection, and optimization tools. However, Rob Demain, Chief Executive Officer at e2e-assure, warns that security protocols are not keeping pace with this rapid adoption. He highlighted the potential for AI to introduce model drift and misgeneralization into OT settings, which may result in unsafe decision-making and the bypassing of established safety processes if AI recommendations override manual checks.
The connectivity associated with AI, particularly through the use of application programming interfaces and cloud services, is increasing the number of entry points into OT networks, complicating the security landscape for operators of critical infrastructure. This added complexity raises the stakes for cybersecurity, as more vulnerabilities emerge.
While the current prevalence of AI within OT remains relatively limited, several organizations are beginning to test large language model (LLM)-based assistants designed to support engineering and operational tasks. Demain notes that there are clear signs that malicious actors are already utilizing AI to enhance their cyber attack tactics. He emphasized that the deployment of AI in cyber attacks is not merely theoretical, as attackers are employing it to improve productivity and generate dynamic commands, thereby making detection increasingly challenging.
Evidence suggests that AI is enabling the development of polymorphic malware, which can disguise its communications by blending into legitimate traffic. This ability allows malicious activities to circumvent traditional OT security measures, such as signature-based detection and static indicator of compromise (IOC) matching. As a result, the landscape for defenders has become more intricate.
According to Demain, defenders must scrutinize both external LLM API traffic and internal model operations with the utmost diligence. He raised concerns regarding local LLMs, highlighting that these models often contain sensitive data that could be exploited by attackers. The models themselves could act as blueprints for cybercriminals aiming to escalate their attacks.
The evolving tactic of “Living off the land,” which involves using legitimate tools and functions to conduct attacks, is being redefined by some researchers as “Living off the LLM.” This shift indicates that attackers are increasingly leveraging AI-native capabilities for covert actions within OT environments, posing new challenges for cybersecurity defense strategies.
In response to these concerns, the United States Cybersecurity and Infrastructure Security Agency (CISA) recently issued guidance urging that AI systems be segregated from OT networks. This involves ensuring that AI systems receive only read-only data feeds while maintaining a clear data flow from OT to IT without allowing AI any visibility or control over OT systems.
Despite these recommendations, Demain expresses concern that regulatory guidance may not be stringent enough. He described the current advice as conservative, suggesting that a more robust stance is warranted to safeguard critical operations. “The latest advice from CISA is good in terms of keeping AI away from OT—providing a read-only data feed to it, sending data safely from OT to IT but not including AI where it could see/control OT systems,” Demain stated. “I do think they could go harder and discourage AI use on anything connected to OT. Safety first should mandate that these systems should be treated as a safety risk to operations at this stage.”
As organizations grapple with the intersection of AI and operational technology, the need for advanced security measures becomes increasingly apparent. With the stakes higher than ever, industry leaders and cybersecurity experts must collaborate to address these emerging threats and navigate the complexities introduced by this transformative technology.
See also
Radius Telecoms Launches Cyber Resilience Summit to Enhance Business Security Amid Rising Threats
SentinelOne Forecasts Weak Q4 Revenue of $271M, CFO Barbara Larson to Depart
HP Predicts 2026 Surge in AI-Driven Cyber Threats and Rise in Cookie Theft
Jeffs’ Brands Stock Falls 8.44% Despite $1M AI Threat Detection Deal with Scanary
Rubrik Stock Soars 25% After 48% Revenue Growth and AI Security Focus
