Most of the concern in the cybersecurity community about agentic artificial intelligence has been over adversaries leveraging agentic AI systems to scale targeted attacks against enterprises and manufacturers. To help thwart these attacks, more defenders are examining the use of agentic AI to help level the playing field. It’s a classic case of fighting fire with fire.

AI is driving unprecedented gains in manufacturing efficiency, visibility and quality, but it’s also raising cybersecurity risks. Since 2019, cyberattacks have surged 300% in the manufacturing sector. Today’s attackers, including nation-state sponsored cybercriminals, are using AI more frequently to scale and refine every phase of their attacks. It helps adversaries devise ultra-convincing social engineering attacks using deepfakes and hyper-personalized phishing, automated malware generation, detection-evasion, and faster vulnerability discovery. All of this is especially dangerous for manufacturers, because Operational (OT) and information (IT) technology systems often lack modern defenses. 

Manufacturing OT environments, including programmable logic controllers (PLCs), human-machine interfaces (HMIs) and sensors, are especially vulnerable. That’s because they often run legacy systems with limited logging or endpoint detection and response (EDR) capabilities, so sophisticated, low-and-slow AI-aided attacks are more likely to persist and manipulate processes before defenders can detect them. 

However, manufacturers can beat cybercriminals at their own game by utilizing AI as a force multiplier, strengthening their security by integrating AI across their IT and OT cybersecurity layers.

AI is a powerful tool in the cyber defense arsenal. It’s been embedded into threat detection, response and prevention, helping security professionals identify threats and respond faster before they can do real damage. Today’s AI can act as automated security analysts, AI-powered agents supporting human security experts and helping them respond faster to threats. Together, humans and machines can create an automated Security Operations Center (SOC) with the power to patrol a manufacturing technology environment around the clock, ready to act at the early signs of a potential attack. 

To truly benefit from AI-enhanced security, manufacturers should deploy a multi-layered defense incorporating architectural safeguards designed for the AI era. An autonomous SOC leverages multiple types of AI, including:

• Traditional, predictive AI and machine learning that identify patterns, provide analytics and make recommendations on logical next steps;
• Agentic AI, which operates with goal-driven autonomy to proactively triage alerts, detect anomalies and prioritize threats, empowering lean security teams to move from reactive to anticipatory defense with minimal supervision;
• Generative and conversational AI, such as security-specific copilots or personal assistants;
• Graph ML that connects security alerts and related events automatically, surfacing attacks undetectable to the human eye; and
• Hyperautomation, the next evolution of security orchestration, automation, and response (SOAR) technology.

The multi-layered AI approach to defending OT environments adds significant speed, scale, and efficiency to SecOps environments, regardless of size and scope. Autonomous SOCs can free human security professionals to take on more complex tasks such as threat hunting, AI research and investigation.

AI can quickly identify anomalous patterns and indicators of compromise (IOCs) that would otherwise go unnoticed in a manufacturing environment. Machine learning models identify deviations from normal network behavior, detecting potential zero-day attacks, ransomware, insider threats and lateral movement. Examples include employees attempting to access servers, applications or information that aren’t core to their jobs, a sudden surge in data transfer from or to an unusual internal IP address, or a login attempt from an atypical geographic location at an odd hour. With AI monitoring for these behaviors, any actions can automatically trigger an alert and start an investigation.

Even more importantly, AI accelerates threat response. In today’s high-stakes manufacturing world, where even a few hours of downtime can translate to millions of dollars in losses, quickly responding and recovering from a security incident can make or break a business. 

Automated incident response enables rapid mitigation through automated threat containment, alert prioritization and security workflow automation. AI can automate various stages of incident handling, such as quarantining infected systems, blocking malicious IP addresses, and enriching security alerts with contextual information. These automated responses buy the human security analysts time to continue their investigation into the threats while preventing them from doing any damage to the IT or OT environment. 

The ability to automate responses significantly reduces the mean time to detect (MTTD) and mean time to respond (MTTR), mitigating the impact of an attack and restoring operational continuity faster. In short, AI makes manufacturing OT systems more resilient in the event of an attack. 

AI is a double-edged sword in manufacturing cybersecurity. While it optimizes production and boosts efficiency, its integration also introduces advanced attack vectors, necessitating a shift in IT/OT security strategies. By adopting AI-powered security solutions that offer automated and accelerated threat detection, manufacturers can proactively counter OT threats, preventing issues like plant disruptions and data theft. The future of manufacturing security relies on a proactive, multi-layered AI defense capable of not only withstanding current threats, but also anticipating and neutralizing future sophisticated attacks, thereby ensuring the industry's continued productivity and resilience.

Christophe Briguet is director of product management at Stellar Cyber.