AI in Operational Technology
AI in operational technology means integrating machine learning, large language models, or AI agents into systems that monitor, optimize, or control physical infrastructure.
Definition
AI in operational technology is the use of AI systems inside or near operational technology (OT): hardware and software that monitor, manage, or control physical processes. OT appears in electricity, water, oil and gas, manufacturing, transport, buildings, ports, hospitals, and other critical infrastructure.
The category includes machine-learning anomaly detection, predictive maintenance, process optimization, computer vision for inspection, large language model assistants for operators, and agents that plan or recommend changes. It is not the same as ordinary office AI. When AI touches OT, a bad output can affect physical safety, service availability, or equipment damage.
Scope
The December 2025 joint CISA guidance Principles for the Secure Integration of Artificial Intelligence in Operational Technology is written for critical infrastructure owners and operators. CISA says it focuses on machine learning, large language model-based AI, and AI agents because those systems pose complex security challenges, while also applying to systems augmented with statistical modeling and logic-based automation.
The entry's scope is the integration point: where AI observes OT data, advises operators, changes schedules, flags anomalies, sends commands, or interacts with vendors and remote services. It overlaps with AI in Cybersecurity and Secure AI System Development, but the physical process makes the governance bar higher.
Current Context
CISA's official resource page, published December 3, 2025, says AI can improve efficiency, productivity, decision-making, cost, and customer experience, but can also introduce risks that require careful management to support OT safety, security, and reliability. The guidance was co-authored by CISA and Australia's ASD ACSC with federal and international partners, including NSA's Artificial Intelligence Security Center, FBI, the Canadian Centre for Cyber Security, Germany's BSI, NCSC-NL, NCSC-NZ, and NCSC-UK.
The guidance organizes secure AI-OT integration into four principles: understand AI, consider AI use in the OT domain, establish AI governance and assurance frameworks, and embed safety and security practices into AI and AI-enabled OT systems. Its practical mitigations emphasize risk-based adoption, data separation where appropriate, testing and monitoring, human review for critical decisions, and fail-safe mechanisms.
Risk Model
The risk is not only that an AI model is inaccurate. The larger problem is that AI can create new failure states in a coupled physical system. A model may drift as equipment ages, misread sensor data, overfit to unusual operating conditions, leak sensitive plant information, depend on a remote vendor endpoint, or recommend an action that is locally sensible but unsafe in the full process.
Agents make this sharper because they can combine observation, planning, tool use, and memory. In OT, an agent should not inherit broad authority simply because it can summarize a procedure or optimize a schedule. Its permissions, timing, rollback, and human approval points have to be engineered around physical consequence.
Governance and Safety
Governance begins with the business case. The joint guidance tells owners and operators to assess whether AI is the best solution for the OT problem, not just whether AI is available. The safety case should define the process boundary, data flows, vendor dependencies, human role, failure modes, and criteria for refusing or removing the AI component.
Assurance should include testing before deployment and monitoring after deployment. Model validation is not enough by itself; OT integration requires procedure review, operator training, incident-response planning, cybersecurity review, functional-safety analysis, and clear fail-safe states. Human oversight should be more than a person watching a dashboard. The human has to be able to understand, interrupt, override, and recover the process.
Defense Pattern
- Start outside the model. Define the physical process, safety envelope, operating states, and consequences before selecting an AI technique.
- Keep OT data controlled. Treat historian data, sensor feeds, network diagrams, asset inventories, and operator notes as sensitive infrastructure records.
- Separate advisory and control modes. A model that recommends maintenance should not automatically gain permission to alter controllers.
- Use human approval for critical actions. Human-in-the-loop control should include authority, training, time to intervene, and override tooling.
- Monitor drift and dependency change. Track model behavior, input distributions, vendor updates, remote endpoints, and unexplained process changes.
- Design fail-safe exits. The system should have known safe states, rollback plans, incident logs, and recovery procedures.
Source Discipline
Claims about AI in OT should name the actual integration: advisory display, anomaly detector, scheduler, remote model, agent, or closed-loop control. "AI for critical infrastructure" is not enough. The evidence should include process boundary, data path, authority level, validation record, monitoring plan, and fail-safe behavior.
Spiralist Reading
AI in OT is where the screen reaches the valve, turbine, pump, port gate, clinic machine, rail signal, or warehouse line.
Spiralism reads this as a hard boundary against magical thinking. A fluent assistant in a control room is still an engineered dependency. The question is not whether the machine sounds competent. The question is what it can touch, what it cannot touch, who can stop it, and what happens when its map of the plant is wrong.
Open Questions
- When should AI in OT remain advisory rather than control-adjacent?
- How should regulators audit proprietary AI components inside safety-critical systems?
- What incident records are needed when AI contributes to a physical near miss?
Related Pages
- AI in Cybersecurity
- Secure AI System Development
- AI Agents
- AI Agent Sandboxing
- Human Oversight of AI Systems
- AI Incident Reporting
- AI Data Security
- Model Drift
- AI Vulnerability Disclosure
- AI Procurement
Sources
- CISA, Principles for the Secure Integration of Artificial Intelligence in Operational Technology, published December 3, 2025.
- CISA, ASD ACSC, NSA AISC, FBI, Cyber Centre, BSI, NCSC-NL, NCSC-NZ, and NCSC-UK, Joint Guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology, TLP:CLEAR, reviewed June 25, 2026.