During the S4X25 conference in progress, Jeffrey Macre, an architect of industrial security solutions at DarkTraceUnderlined the rapidly evolving role of artificial intelligence (AI) in Operational Technology (OT) environments. The discussion, entitled “Navigation of media threw in AI”, focused on the demystification of AI applications in industrial control systems (ICS) and the realization of its promises and limitations.
Prepare the ground: IA imperative in OT
Macre started by highlighting the overwhelming consensus among the world leaders on the need to integrate AI into their organizations. A 95% striking of the respondents of the DarkTrace World Survey recognized the need for AI to improve security and resilience against emerging threats. However, only 26% of these leaders really understood the different types of AI integrated into their safety platforms.
This disparity has established the basics of the fundamental objective of the session: to fill the difference in knowledge and allow security professionals to critically assess the complaints of AI formulated by the sellers.
Understand the fundamental principles of AI: supervised learning vs not supervised
The session immersed in Two main forms of automatic learning – supervised and not supervised – both essential in OT Cybersecurity.
- Supervised automatic learning (ML):
- Aim: Detects known threats by analyzing pre-labeling data such as vulnerabilities and current exhibitions (CVE), intelligence flows on threats and known attack models.
- Application: Mainly used in threat detection tools based on historical data to identify familiar attack vectors.
- Boundaries: Inifactive against zero-day threats or new attack techniques that have not been documented before.
- Automatic learning not supervised (ML):
- Aim: Identify unknown or new threats by analyzing models and anomalies in real -time data without relying on predefined labels.
- Application: Crucial for predictive maintenance, the analysis of the behavior of devices and the detection of emerging threats which deviate from normal operational basic lines.
- Benefits: Offers greater adaptability in dynamic environments, which makes it essential to detect sophisticated and invisible cyber-menices.
AI Generative: new border in security OT
By moving beyond the traditional ML models, Macre explored the booming field of generative AI, in particular language models (LLM). He shared a case study involving an installation of Froto-Lay where an acoustic analysis led by AI was used to optimize production. By monitoring the sound of corn treatment, the AI system has adjusted real -time operations to maintain the coherence of the products – a testimony of the potential of AI beyond cybersecurity.
Current use cases for generative AI in OT:
- Data recovery and optimization: Improves efficiency in the analysis of the logic of complex PLCs and network traffic.
- Content summary: Summates data from several sources to provide usable information.
- Automated code generation: Helps create and optimize the PLC code based on real -time comments.
- Multilingual support: Translated security alerts for global operations, improving awareness of the situation in various teams.
Critical considerations: AI limits
Despite its advantages, AI is not without faults. Macre highlighted the key limitations:
- Precision challenges: AI systems can produce false positive or negative, especially when trained on biased or insufficient data.
- Regarding confidentiality data: The supervised ML often requires internet connectivity to ingestion of intelligence on threats, which increases potential security risks linked to exposure to data.
- Excessive on AI: Organizations must avoid considering AI as a miracle solution; Human surveillance remains crucial to validate the ideas focused on AI.
Key questions to ask sellers
To empower participants in the assessment of AI solutions, Macre has provided a critical question control list:
- What are the forces and limits of your AI models?
- Does AI learn or constantly depends on static data sets?
- Where are the data analyzed and stored – on the first or in the cloud?
- How do you prevent biases in AI training models?
- What measures are in place to minimize false positive and negative?
The way to follow: combine AI with human expertise
Macre concluded with a message that AI is a transformative tool, but its true value emerges when it is combined with human intelligence. Security professionals must not only deploy AI solutions, but also understand their underlying mechanisms, continually question their results and adapt strategies as threats evolve.
The session served as a critical recall that although AI can considerably improve the safety of OTs, its effectiveness depends on informed implementation, rigorous evaluation and continuous collaboration between technology and human expertise.
Final reflections
The S4X25 session on AI in OT environments was more than a simple deep technical dive; It was a call for action for security leaders to become demanding consumers of AI technology. While organizations are increasingly incorporating AI into their cybersecurity arsenals, the ability to separate media from reality will be the key to creating resilient safety strategies and the test of future.
