A December advisory jointly authored by the U.S. Cybersecurity and Infrastructure and Security Agency, National Security Agency, Federal Bureau of Investigation and six foreign intelligence services offers crucial guidance on how organizations should deploy artificial intelligence into their operational technology (OT) environments.
Summary
A December advisory jointly authored by the U.S. Cybersecurity and Infrastructure and Security Agency, National Security Agency, Federal Bureau of Investigation and six foreign intelligence services offers crucial guidance on how organizations should deploy artificial intelligence into their operational technology (OT) environments. The report titled “Principles for the Secure Integration of Artificial Intelligence in Operational Technology” “describes different ways that AI can be integrated into OT and outlines four principles critical infrastructure owners and operators should follow to both leverage the benefits and minimize the risks of integrating AI into OT environments,” according to an accompanying press release.
The report titled “Principles for the Secure Integration of Artificial Intelligence in Operational Technology” “describes different ways that AI can be integrated into OT and outlines four principles critical infrastructure owners and operators should follow to both leverage the benefits and minimize the risks of integrating AI into OT environments,” according to an accompanying press release.
Specifically, these principles detail “guidance to understand AI; consider AI use in the OT domain; establish AI governance and assurance frameworks; and embed safety and security practices into AI and AI-enabled OT systems,” the press release said.
This guidance is especially timely given the fact that many industrial organizations are deploying AI into their physical operations to enhance efficiencies through predictive maintenance, anomaly detection, various resource optimization tools, and even cybersecurity use cases.
At the same time, AI-based cyber threats are proliferating. As noted in a recent SC Media op-ed commentary authored by HITRUST vice president of cyber risk Tom Kellerman, the “AI revolution that offers so much positive potential for innovation and progress also brings along “Dark Passengers” in the form of new systemic third-party cyber risks.”
Kellerman further elaborated: “With the rise of AI, the AI infrastructure has been manipulated into attack vectors and the intelligence systems designed to make business smarter will get twisted to compromise business value.”
Additionally, the Google Cloud Security 2026 Cybersecurity Forecast projects that cybercrime will pose the the primary disruptive threat to industrial control systems (ICS)” and OT. Specifically, Google’s Cloud Security team expects to see more “ransomware operations specifically designed to impact critical enterprise software (such as ERP systems), severely disrupting the supply chain of data essential for OT operations.”
The convergence of AI adoption by critical infrastructure organizations, combined with the anticipated increased targeting of OT environments by threat actors, and growing attacks on foundational AI infrastructures and supply chains demands vigilance from industrial operators. The following InfraShield blog will review the authoring agencies’ proposed best practices for integrating AI into OT environments.
Secure Integration Principles
The scope of the report’s guidance specifically focuses on machine learning and “large language model (LLM)-based AI and AI agents because integrating OT with these types of AI systems involves more complex safety and security considerations,” according to the document.
The report defines AI agents as a “type of software that can process data, perform decision-making capabilities, and initiate autonomous actions using AI and ML models.” Like LLMs, AI agents can “enhance decision-making, automate routine tasks, and optimize maintenance schedules, which enables them to improve and streamline critical infrastructure operations,” according to the report.
Regardless, the report notes that the “guidance may also be applied to systems augmented with traditional statistical modeling and other logic-based automation.” The four principles delineated by the report include the following:
- Understanding AI
- Considering AI Use in the OT domain
- Establishing AI Governance and Assurance Frameworks
- Embedding Oversight and Failsafe Practices into AI and AI-Enabled OT systems
Understanding AI
The report’s first principle emphasizes that critical infrastructure owners and operators must develop a clear, practical understanding of how AI behaves in the OT environment and the unique risks it introduces. Unlike traditional automation, AI systems can be manipulated through their data, models, or deployment software, creating cybersecurity, safety, and reliability risks that directly affect physical operations.
While established controls such as access management, auditing, and encryption still apply, AI-enabled OT systems are also exposed to new attack vectors, including model manipulation, prompt injection, and supply-chain compromise. All of these attack scenarios have the potential to cascade into system outages, safety incidents, and ultimately, financial and reputational harm.
The guidance highlights several AI-specific risk areas that are especially consequential in OT. For example, poor data quality can degrade model performance and reduce system availability, while centralized OT data repositories may become high-value targets for adversaries. Also, AI model drift, which is caused by changes in operating conditions or production processes, can quietly erode accuracy over time if left unchecked.
Limited explainability further complicates troubleshooting and auditing, increasing recovery times when failures occur. At the human level, excessive or inaccurate AI-generated alerts can raise operator cognitive load, trigger unnecessary downtime, and introduce new opportunities for error. Overreliance on AI also risks skill erosion, leaving operators unprepared to intervene manually during system failures.
To address these challenges, the report stresses the importance of understanding the secure AI system development lifecycle. Owners and operators must clearly define roles and responsibilities across design, procurement, deployment, and ongoing operation, particularly when working with vendors, integrators, or managed service providers.
Secure-by-design principles, rigorous testing, and continuous monitoring are essential to ensure AI systems do not undermine OT safety or reliability. Equally important is educating personnel. This undertaking entails training OT teams to interpret AI outputs, along with validating results using independent signals. Crucially, OT teams must strive to maintain human oversight over AI, so this technology remains a decision-support tool rather than an unchecked authority within critical infrastructure operations.
Considering AI Use in the OT Domain
The report’s second principle urges critical infrastructure owners and operators to carefully evaluate whether AI is truly the right tool for a given OT use case. Before introducing AI into OT environments, organizations should assess whether existing technologies or established automation capabilities can meet operational requirements with less complexity and risk.
While AI can deliver meaningful benefits, it remains an evolving technology that introduces new dependencies, expanded attack surfaces, and long-term maintenance considerations that must be weighed against safety, reliability, cost, and performance requirements.
A sound AI business case should clearly define the operational problem, success metrics, and acceptable risk thresholds. This includes understanding organizational readiness to support AI systems over time, such as the need for additional infrastructure, data processing capacity, and security controls.
If AI is deemed appropriate, the guidance recommends following a secure AI system development lifecycle and leveraging established frameworks, such as NIST’s AI Risk Management Framework, to manage risk throughout deployment and operation.
Data protection is a central consideration when applying AI in OT environments. Owners and operators must understand where OT data is stored, who can access or modify it, and how vendors use that data, particularly when cloud-based or offshore services are involved.
Protecting sensitive engineering data, process measurements, and proprietary operational information is critical, as these datasets are highly valuable to adversaries and may persist within AI models long after collection. Data quality and integrity are equally important, requiring close collaboration between OT personnel and AI developers to ensure models are trained on accurate, representative data.
Finally, the guidance highlights the growing role of OT vendors and the integration challenges AI introduces. Organizations should demand transparency into embedded AI capabilities, supply chains, and data usage policies, while retaining the ability to disable AI features when necessary. Careful planning around interoperability, latency, cloud connectivity, and fail-safe design is essential to ensure AI enhances OT safety and resilience.
Establishing AI Governance and Assurance Frameworks
The third principle underscores that effective governance and assurance frameworks are foundational to safely integrating AI into OT environments. AI in OT cannot be treated as an isolated technical deployment; it requires clearly defined policies, accountability structures, and decision-making authority that span the full AI lifecycle—from procurement and design through deployment and ongoing operations.
Strong governance ensures AI security, safety, and reliability risks are considered alongside functional and performance objectives. The guidance further emphasizes the importance of engaging the right stakeholders early. Senior leadership commitment is critical to sustaining governance efforts and aligning AI risk management with enterprise priorities.
OT, IT, and AI subject matter experts can help provide essential operational and technical context, while cybersecurity teams help safeguard sensitive OT data and identify vulnerabilities unique to AI-enabled systems. Together, these groups should define roles and responsibilities, enforce data governance controls, and conduct regular audits to reduce ambiguity and ensure accountability during incidents or failures.
AI governance must also be tightly integrated into existing cyber-physical security frameworks. Rather than creating parallel processes, organizations should embed AI risk assessments, monitoring, and controls into established vulnerability management, incident response, and compliance programs. This framework includes applying traditional security controls, such as encryption, access management, and intrusion detection, while also incorporating AI-specific threat modeling and adversary techniques into risk evaluations.
The guidance also notes that thorough testing and evaluation are another core component of assurance. AI systems should be validated extensively in non-production environments before operational deployment, progressing from low-fidelity testing to realistic simulations that assess safety, latency, interoperability, and reliability.
Lastly, the guidance highlights the growing regulatory complexity surrounding AI in OT. Operators must monitor evolving standards, ensure auditability, and define clear thresholds for reverting to traditional automation or manual control if AI performance or safety degrades.
Embedding Oversight and Failsafe Practices into AI and AI-Enabled OT Systems
The fourth principle reinforces a foundational concept: humans remain ultimately responsible for functional safety in OT environments, even as AI capabilities expand. AI tools may enhance efficiency and insight, but they must operate within clearly defined oversight and safety boundaries.
To that end, critical infrastructure owners and operators should maintain a comprehensive inventory of AI components and dependent systems, continuously monitor AI inputs and outputs, and define known safe operating states that allow rapid restoration when conditions deviate from expected behavior.
Effective oversight begins with human-in-the-loop decision-making, particularly for AI systems that influence or modify control logic. Operators should retain visibility into AI-driven recommendations and actions, with defined intervention points for critical operations. This approach improves safety, enhances system reliability, and preserves operator skills essential during emergencies.
Organizations must also understand where AI systems are likely to fail, including expected rates of false positives and false negatives, and how those errors compare to baseline operational conditions. The guidance emphasizes robust monitoring mechanisms, including anomaly detection, behavioral analytics, and comprehensive logging that supports compliance, forensics, and performance evaluation.
AI activity should be observable through existing operator interfaces where possible, with clearly defined performance indicators and regular review cycles involving internal stakeholders and vendors. Continuous testing, model validation, and AI-specific threat modeling are necessary to detect drift, manipulation, or degradation over time.
Finally, failsafe design is essential. AI systems should be engineered to fail gracefully, reverting to traditional automation or manual control without disrupting critical operations. New AI-related failure states must be integrated into functional safety and incident response plans, including scenarios involving malicious interference.
By embedding oversight, explainability, segmentation, and robust failsafe mechanisms, organizations can ensure AI augments OT operations without compromising safety, resilience, or operator control.
How InfraShield Can Help
Through ongoing client engagements and conversations with industrial leaders, InfraShield has observed a clear and accelerating shift across critical infrastructure sectors: organizations are rapidly deepening AI integrations within their OT environments.
This transformation is no longer limited to traditionally “tech-forward” industries. Even sectors that historically approached AI with deep caution — like nuclear energy, where InfraShield has built its OT security niche — are now actively exploring and embracing AI-driven operations.
A recent 404 Media article headlined “‘Atoms for Algorithms:’ The Trump Administration’s Top Nuclear Scientists Think AI Can Replace Humans in Power Plants” aptly captures this changing mindset. While the article itself takes an alarmist view of AI, it highlights a presentation delivered at the International Atomic Energy Agency’s International Symposium on Artificial Intelligence in Vienna earlier this month.
The presentation featured Rian Bahran, Deputy Assistant Secretary for Nuclear Reactors at the U.S. Department of Energy, who outlined a techno-optimistic vision in which AI systems could one day manage nuclear plant operations with minimal human involvement.
Dr. Bahran described the development of AI-driven digital twins designed to interpret complex operational data in real time, identify subtle deviations at early stages, and recommend preemptive actions to enhance safety margins. In this envisioned future, human operators would play a reduced but still supervisory role.
Whether or not such predictions fully materialize, the AI revolution is already reshaping OT environments today. As AI systems become embedded in control logic, monitoring, optimization, and decision-support workflows, they introduce new cyber, safety, and systemic risks. These risks cannot be adequately addressed using traditional IT or OT security models alone.
As AI adoption accelerates across OT environments, the principles discussed earlier in this blog offer a necessary framework for disciplined decision-making. The principles outlined by the authoring agencies are not optional considerations; they are prerequisites for safely integrating AI into safety-critical operations.
Critical infrastructure operators must apply these principles collectively as they assess where AI delivers operational value, how it reshapes risk, and whether their organizations are prepared to manage AI responsibly across its full lifecycle.
InfraShield brings deep expertise at the intersection of AI, OT, and critical infrastructure security, helping organizations design, assess, and implement secure-by-design AI-OT architectures that account for cyber risk, safety impact, and adversarial threat models from day one.
If your organization is exploring AI-OT integration initiatives and wants to do so securely, contact InfraShield today for expert guidance on building resilient, safe, and trustworthy operational systems.
