How AI is reshaping cybersecurity in utility operations

By Ian Bramson | Vice president of global industrial cybersecurity, Black & Veatch

As Artificial intelligence (AI) integrates into the operations of utilities, it is fundamentally rewriting the rules of industrial cybersecurity in real time. From grid modernization and advanced metering to AI agents busily working in operational technology (OT) networks, AI is taking over more analysis, decision-making and daily operations. This is redefining what cyber needs to protect, how it defends and how it operates.

For utility leaders, this is not a moment for fear. It’s a moment for clarity, strategy and action.

The utility landscape is witnessing an AI-powered arms race between “attackers” and “defenders.” Threat actors are leveraging AI to scan for vulnerabilities, craft more sophisticated intrusion methods and launch attacks at scale. Recent examples have shown AI systems identifying multiple zero-day vulnerabilities that would have been almost impossible for humans to find. Attackers are creating novel attacks that are nearly undetectable and using AI as a force multiplier. Even the old-standby “security by obscurity” that claims systems and networks are too old for modern malware can’t stand up to AI programs that can learn outdated computer code in a matter of hours. 

Power utilities are using the same AI capabilities to identify their own weaknesses to detect emerging attack patterns and respond faster. Most monitoring technologies use AI as an integral part of anomaly detection. Companies are even using AI as part of readiness and penetration testing to simulate next generation attacks.  

Unfortunately, too many cybersecurity teams are hesitant to engage with AI, and that hesitation is dangerous. State-sponsored actors, criminal organizations and opportunistic hackers are all active, and cyber conflict is no longer contained to physical borders. Every cyber connected system is a potential target, and the motivation, means and opportunity are converging at an accelerated pace from attackers. Not using AI as part of defenses is like bringing a knife to a tank fight.

Generative AI in OT keeps a human in the loop by aggregating data, surfacing insights and empowering operators to make better decisions. From predictive maintenance to anomaly detection, Generative AI has been used in operations and industrial cybersecurity for a while.

The new frontier is Agentic AI in OT. This removes the human from the loop, automating processes, autonomously executing tasks and making operational decisions in real time. The risk is profound, especially for utilities where failures can threaten public safety, environmental integrity and national security.

This challenges the traditional assumption that threats come from the outside – this risk originates within operations. An agentic system, whether compromised by a malicious actor or simply drifting from its intended parameters, can impact safety and uptime just as effectively as a targeted cyberattack.

This reshapes cybersecurity’s role to not only protect networks from attackers, but an organization’s operations from itself. To tackle this expanded role, cyber teams need to use generative AI tools to monitor and manage AI OT agents.

AI offers utilities a powerful new paradigm for defense: Data Meshing integrates cyber telemetry with operational data such as sensor readings, maintenance records, predictive analytics and process safety information to create a far richer picture of what is happening across an operation.

Historically, OT cyber monitoring focused on detecting anomalies in network traffic, resulting in limited visibility and delayed response. Data Meshing changes that equation by weaving together internal operational data, cybersecurity monitoring, physical security systems, supply chain intelligence and even geopolitical factors that signal emerging threats.

Imagine a scenario where network monitoring flags an anomaly at the same time vibration data on a piece of equipment spikes, even though maintenance records show it was recently serviced and running normally. Add a fourth data point: process safety information indicating a catastrophic event could follow within hours if the issue persists. Independently, each data point might be dismissed as routine. Combined, they paint a clear and time-critical warning. That is the power of all-source monitoring via Data Meshing.

Generative AI can ingest and correlate information from across an entire operation, a level of integration that not long ago was impractical. This approach transforms cybersecurity from a reactive function into a strategic capability, enabling faster detection, smarter prioritization and, ultimately, the ability to get ahead of threats before they escalate.

For utility executives preparing for what’s next, the path forward doesn’t require solving every unknown at once. Across the industry, Black & Veatch is helping utilities take a structured, risk-based approach grounded in visibility, control and early integration:

1. Start early. Embed cybersecurity into capital projects at the earliest design phase. A “secure-by-design” approach defines cyber requirements upfront to better manage evolving risks and avoid costly retrofits later for new construction and modernization projects.
2. Treat agentic AI as an insider threat. Apply the principle of least agency and ensure autonomous systems operate with the minimum access necessary, with robust monitoring and human-in-the-loop oversight through generative AI tools.
3. Adopt all-source monitoring. Break down and integrate data silos and intelligence feeds to gain the visibility and context needed to detect and respond to threats.
4. Address supply chain risk. Understand how your suppliers, partners and vendors are using AI and how they manage their cybersecurity.

AI is the wild card in operational security, not because it’s inherently dangerous, but because it’s evolving faster than most organizations can track. The convergence of increasing digitalization and a growing threat landscape demands a new approach.

Utilities need to build a bridge: a measured, principled path that embraces AI’s transformative potential while managing the risks with discipline and foresight. The fundamentals of visibility and control have never been more important. It’s a brave new world for industrial cyber, and it operates at the speed and scale of AI.

Learn more about how utilities are strengthening cybersecurity across operational technologies, critical infrastructure, and customer systems to safeguard against evolving threats and ensure grid reliability at DTECH 2027. The 2027 Call for Content is open, submit your sessions ideas before June 16, 2026.