I’ve walked into some model of this scene at power utilities, automotive crops and pharma websites throughout sectors and borders for a decade. The dashboards change; the “forgotten” laptop computer stays. That is the large visibility hole that no Massive Language Mannequin can shut. In keeping with the 2026 Dragos OT Cybersecurity Yr in Assessment, fewer than 10 % of OT networks worldwide at the moment have significant community monitoring in place. In 30 % of final 12 months’s incident response instances, investigations began not with a detection alert, however with somebody on the plant flooring noticing that “one thing appeared mistaken.”
In case you are a C-level chief planning an AI-driven security technique, you should notice: your technique received’t fail as a result of the AI isn’t sensible sufficient. It’s going to fail as a result of your most crucial telemetry by no means reaches it.
The inverted CIA triad: The place AI hallucinates threat
In IT, we prioritize confidentiality, integrity and availability. In OT — operational expertise — the triad is flipped: availability is every little thing.
This inversion is the place AI-driven security instruments quietly break. A mannequin educated on enterprise telemetry — HTTP, DNS and Home windows occasion logs — will have a look at a Modbus or PROFINET section and flag completely regular industrial site visitors as an anomaly. If that AI is wired into an automatic response playbook, you’ve constructed a system that may shut down a manufacturing line quicker than any hacker.
