Manufacturers and industrial operators have clear commercial reasons for looking towards AI. Predictive analytics can boost uptime, machine learning can improve throughput, and AI tools can also support quality control by spotting patterns that are difficult to detect through manual review.
In many environments, the first generation of industrial AI will remain advisory, helping engineers make better, faster decisions. The risk changes when AI moves closer to operational technology, however. OT includes the machines, controllers and systems that run industrial facilities, and when AI begins to influence those systems, questions must be asked around whether it can be trusted inside an environment where digital outputs can have physical consequences.
Joint guidance from the NSA, CISA and international partners on the secure integration of AI in operational technology1 makes this point clearly. CISA Acting Director Madhu Gottumukkala says OT systems are “the backbone of our nation’s critical infrastructure, and integrating AI into these environments demands a thoughtful, risk-informed approach.”
OT: a tough test for AI
AI deployments in enterprise environments often carry business risk. A poor forecast might affect purchasing, or a flawed analysis might distort planning for example. OT environments have more tangible consequences, since a flawed AI output in a plant can delay production, affect product quality, contribute to regulatory exposure or create unsafe operating conditions.
Industrial environments also place tighter limits on experimentation. Equipment lifecycles can run for decades, with upgrades restricted to narrow windows of planned downtime. The option is generally not there to down tools or stop a line to try something new: OT must keep running except for brief, pre-arranged stops.
Besides, that uptime necessity and the slow pace of upgrades mean many sites run legacy systems, essential to plant operations but never designed for heavy digital integration. These are not necessarily straightforward to work with, and AI tools trained or tested away from live production conditions may behave differently once connected to real operational data.
Keeping models honest
A model that performs well in testing is not automatically ready for OT use. Industrial environments change over time as equipment ages, maintenance levels alter performance characteristics, and materials vary. AI models are trained on historical data which reflects the conditions that existed when it was collected. When those conditions change, the model may drift away from reality while continuing to produce confident outputs.
This creates a difficult problem for operators. Whereas a mechanical fault may leave visible signs, a drifting model may not. It can keep generating recommendations that look precise, even when its assumptions subtly slide away from the point that they fit the process.
Industrial AI therefore needs lifecycle management from the start. It must be regularly, thoroughly checked against real outcomes rather than theory. The NIST AI Risk Management Framework2 is a useful tool here, because it encourages organisations to think about AI with a lifecycle view.
Authority determines risk
Not all AI in OT carries the same level of operational risk. The risk level tends to be influenced by its placement in the architecture. An advisory system that recommends a maintenance inspection gives the operator room to judge the output, meaning it can support better planning without taking control of the process. The human remains the decision-maker.
A system that directly adjusts process parameters is different, as is any AI system that influences safety-related logic, control settings or production thresholds. The more connected and integrated the deployment, the more direct dependencies exist between model behaviour and plant behaviour. That means early consideration is vital.
Before deploying AI in OT, organisations should answer basic questions about the role that such a system might play. Where does the model sit? What data does it consume? What decisions does it influence? What can it change? Who can override it? What happens when it fails? These questions might feel like box-ticking administrative detail, but they are crucial for defining the risk profile of any AI deployment. Governance should scale with the level of authority given to the model.
Designing for oversight
Many AI deployments are described as having a human in the loop. OT requires more than that base-level involvement, since human oversight only works when operators fully understand what they are being asked to approve. They need the confidence that comes from context. They must know the equipment and its risks, as well as the purpose of the model, the limits of its training data and the conditions under which its output should be challenged.
If the system presents recommendations without explanation, that leave the operator to accept or reject a result without understanding it. If the system generates too many alerts, fatigue can set in, or approval can become routine. In both cases, the human role becomes weaker than it appears on paper.
Good oversight comes from a combination of interface design, training and clear escalation rules. AI must work for operators, not the other way around, and the human in the loop must be able to challenge the model without slowing the plant unnecessarily. They also need a defined path to follow when AI output conflicts with operational judgement.
The performance dependency
AI in OT also expands the cyber risk surface. Models depend on data pipelines, interfaces and connected infrastructure, and each new connection creates a fresh route for manipulation or misuse – one which touches physical equipment and applies all the risk that comes along with that.
Data integrity is a particular concern. If poor data reaches the model, the output can become unreliable. If an attacker can influence the data, the model may be steered toward unsafe or inefficient recommendations. AI governance and cybersecurity governance are, in effect, the same thing: the model, the data feeding it and the systems receiving its outputs all need protection.
The joint CISA and NSA guidance highlights the need to embed safety and security practices into AI-enabled OT systems, an approach which neatly fits the reality of industrial environments. Like any system, AI cannot sit outside existing control disciplines if it has a role in operational decision-making.
Ensuring responsible deployment
Industrial AI should not be held back by unrealistic fears. It is too valuable for that. The technology can improve maintenance, quality and process performance. It can help operators see patterns earlier and act with better information. But it must only be deployed by those cognisant of its risks, and only at the speed at which it can be comfortably governed.
OT environments demand that kind of discipline. A new piece of machinery would not be added to a production line without validation, operating limits and clear procedures. AI that influences OT should face a similar standard.
That means defining the model’s role before deployment. It means testing performance against operational conditions rather than idealised data. It means monitoring the model after launch, training operators to interpret outputs and preparing fallback plans for failure.
AI’s role in industrial environments is undoubtedly set to grow over the coming years. The deployments that last will be those built around assurance from the beginning. When AI affects operational technology, it becomes part of the operational environment, and should be managed with the same care.
Learn more about Arista Cyber solutions for securing OT environments:
https://aristacyber.io/industries/ot-cybersecurity-manufacturing
Denrich Sananda, Managing Partner and Senior Consultant at Arista Cyber
Recognised as a leading authority in industrial cybersecurity, Denrich Sananda combines deep technical expertise with strategic insight to address the most complex cyber risk challenges. With a career built on pioneering work in automation and critical infrastructure security, he has led high-profile initiatives across North America and the Middle East. His mission is to help shape resilient systems that stand strong against evolving threats and guide organizations toward greater security maturity, operational confidence, and long-term resilience.
Denrich is a Harvard Business School alumnus and holds many cybersecurity certifications and positions including being a member of committees working on ISA99 WG2 focusing on the description of an effective cybersecurity management system in the ISA-62443-2-1 standard and is a Member Board Of Directors – ISA Toronto.
About Arista Cyber
Arista Cyber protects the world’s critical infrastructure. As a global consulting firm specializing in OT/ICS cybersecurity, Arista Cyber partners with organizations across energy, utilities, manufacturing and other essential sectors to deliver layered security solutions that align to global compliance standards. Combining unrivalled expertise with deep business insight, Arista Cyber is trusted by industries worldwide to provide future-ready end-to-end solutions adapted to operational reality. Arista Cyber’s TÜV Rheinland-certified experts work closely with organizations to secure their most vital assets – protecting the pulse of industrial innovation today, and preparing for the challenges of tomorrow. Find out more: https://aristacyber.io/
