Gen AI: A game-changer for OT security Opportunities, Challenges, and the Road to Resilience

Just as Gen AI is reshaping the world of sports – influencing everything from personalized training and nutrition plans for athletes to enhancing the fan experience –it is having a profound effect on industrial environments. As traditional operational technology (OT) merges with cutting-edge IT systems, the complexity of securing these hybrid landscapes increases exponentially. Now, with the rise of generative AI (Gen AI), the cybersecurity game is evolving at a rapid—and sometimes unsettling—pace.

The promise of digital transformation—integrating Industrial Internet of Things (IIoT) devices, cloud platforms, and AI-powered analytics—offers undeniable benefits. Operations become more efficient, productive, and sustainable. However, every new digital connection introduces a new potential point of vulnerability. It’s no longer enough to focus security efforts solely on traditional IT networks; organizations must embed security deeply within their digital strategies.

To achieve this, organizations should implement strong encryption, strict access controls, and carry out ongoing security evaluations. As OT systems evolve to include virtualization technologies like Programmable Logic Controllers (PLCs) at the edge and localized data centers, it’s clear that transformation isn’t just about embracing the cloud. Local compute solutions now play a vital role in aligning security with the unique demands of industrial environments.

Raising the bar

In this context, the rise to prominence of AI, and particularly GenAI, adds further complexity to securing industrial environments. A recent study carried out by Global Data and commissioned by Orange Business found that a significant 97% of companies are either using, piloting, or planning to implement AI in their OT environments over the next two years: current use cases included predictive maintenance (53%) and condition-based monitoring (51%) with planned AI use cases for the next 1-5 years focus on employee effectiveness (65%), shipping documentation automation (62%), and demand forecasting (61%).

When it comes to Gen AI in OT environments, industrial leaders are less bullish than their white-collar counterparts when it comes to deploying the technology (reflecting the downtime risks of any failed implementation); nevertheless, 37% of companies are already using GenAI, while 34% are planning to adopt it. The biggest single challenge relating to the adoption of this disruptive new technology was security – more than two-thirds (69%) listed this as a concern.

Gen AI in a head-to-head battle – with itself

On one hand, Gen AI is transforming threat detection and response: AI tools can analyze large amounts of data in real time, automate defenses, and identify threats that might otherwise go unnoticed. This leads to faster responses and a significant advantage for defenders.

However, there’s a flip side: the same capabilities that help organizations strengthen their defenses can also be exploited by threat actors. In the era of AI, industrial automation systems face increased risks from advanced cyber threats. AI-powered cyberattacks utilize AI or machine learning (ML) algorithms to automate, speed up, or improve various stages of a cyberattack. This includes finding vulnerabilities, executing attacks along identified pathways, advancing attack methods, creating backdoors within systems, stealing or tampering with data, and disrupting system operations.

AI-enabled cyberattacks can adapt to evade detection or generate attack patterns that security systems cannot recognize. For example, AI-driven social engineering attacks use generative AI to craft highly personalized and realistic emails, SMS messages, phone calls, or social media outreach to achieve their goals. Another example is AI-generated malware—malicious software that employs artificial intelligence techniques. Unlike traditional malware, these AI-enabled programs can autonomously adapt and improve, making them more difficult to detect.

Gen AI can also enable attackers to automate complex social engineering campaigns and harvest personal data with unmatched speed and accuracy. In the hands of adversaries, Gen AI becomes a force multiplier, widening the gap between traditional security measures and emerging threats.

Offense is often the best defense

Measures to enhance these systems include implementing AI-based cybersecurity tools that process large datasets in real time to detect anomalies and identify malicious activity. Treating threat intelligence as a continually updated resource helps organizations monitor new AI-driven attack methods and adjust their security strategies accordingly. Behavioral and anomaly detection systems can also contribute to security by recognizing deviations from standard industrial processes.

Equally important is the adoption of Zero Trust Architecture (ZTA). In an industrial setting, where lateral movement between systems can cause catastrophic disruption, ZTA ensures that every access request, whether from users, devices, or applications, is continuously authenticated and validated, minimizing the attack surface.

Endpoint protection is also essential, with advanced EDR (Endpoint Detection and Response) platforms offering behavioral analysis and AI-integrated threat prevention. These identify and contain AI-generated threats before they compromise critical systems. However, modern EDR tools are often optimized for IT environments and do not support the older, proprietary operating systems or firmware commonly found in industrial environments. Therefore, the preferred approach in industrial systems is to use network-based passive OT monitoring. Specialized OT security platforms leverage AI to provide threat detection based on communication and network behavior analysis. 

Getting the best players onto your team

Building cyber resilience goes beyond technology. Employee training, regular patch management, and a culture of security awareness are just as critical as advanced tools. Organizations must make resilience a top priority by adopting AI-driven defenses. Legacy system vulnerabilities, compliance mandates, and rapid digital transformation also put pressure on teams to do more with less. As the need for qualified IT security experts outpaces the available workforce, many companies are underprepared for today’s threats – so, organizations must nurture a new generation of talent. If these steps are not taken, the gap will only continue to widen, exposing critical infrastructure to ever-greater risks.

In many cases, outsourcing cybersecurity services to specialized providers offers a pragmatic way forward. Orange Business is both an AI pioneer and a leading systems integrator, while Orange Cyberdefense brings industry-leading security service skills – together, our two companies are ideally placed to bridge any knowledge or skills gap, allowing organizations to shore up defenses while focusing on their core operational goals. 

The endgame

Modern industrial automation systems face a rapidly evolving threat landscape. The adoption of AI and Gen AI is both a shield and a sword, offering new capabilities for defense while introducing new vectors for attack. As generative AI becomes more deeply embedded in industrial systems, the need for robust AI governance frameworks grows.

However, it’s not enough to deploy these technologies; organizations must ensure that innovation is balanced with security and ethical use. By establishing clear guidelines and continuous oversight, companies can harness the benefits of AI without falling prey to its potential dangers. With Zero Trust Architectures, advanced endpoint detection and response, and a commitment to continuous learning, organizations can tilt the balance in their favor.

As AI decisively changes the game for OT security, organizations must up their game accordingly and accept that resilience is not just an option—it’s a necessity.