How agentic AI can be a 'force multiplier' in IT and OT cybersecurity

What you’ll learn:

• Unlike traditional AI, agentic AI pursues objectives rather than simply answering questions or following scripts.
• The drawback to IT/OT convergence is it has significantly expanded the manufacturing “attack surface.”
• Agentic AI can promote cross-plant security awareness by detecting and neutralizing potential coordinated attacks across multiple facilities.

Let’s talk about agentic AI and its ability to be a mighty cybersecurity tool in manufacturing.

First, what is agentic AI? Generally, it’s a system capable of autonomous action, meaning that it can independently plan, execute, and adapt to achieve goals, with minimal human intervention. How is it powerful as an agent to fight cyberattacks on manufacturing, beyond passively monitoring?

See also: Agentic leaps past Gen-AI in its ability to solve production plant problems

Unlike systems that merely flag threats, agentic AI can supervise, detect, analyze, and respond to threats in real time, significantly reducing vulnerability. This makes agentic a “force multiplier,” enhancing the efficiency and accuracy of humans in manufacturing security operations.

What makes agentic a force multiplier?

How does agentic differ from other forms of artificial intelligence? Unlike traditional AI, agentic AI pursues objectives rather than simply answering questions or following scripts. An AI agent acts like an assistant, making decisions and adapting to new data without constant human intervention.

In manufacturing, transportation, construction and utilities, it integrates data from IT, OT, and connected systems, utilizing APIs, RPA, and IoT to trigger workflows and control devices.

Upcoming webinar: Cybersecurity challenges, courtesy of AI

Whether these organizations manage IT and OT cybersecurity in their own security operations (SecOps), outsource their security to a managed security service provider (MSSP), or a blend of both, agentic AI holds great potential to bolster defenses and ensure that both sides of the converged house are better protected from cyberattacks.

How IT/OT convergence increases security risk

IT/OT convergence has been a vital trend in data-driven insights around productivity, safety, equipment maintenance, and remote plant management. The drawback to this trend is that it has significantly expanded the manufacturing “attack surface.”

See also: Securing smart factories when the ‘attack surface’ keeps expanding

Security leaders in the industrial segment can no longer rely on the myth of “air gaps.” The 2025 State of CPS Security 2025: OT Exposures report reveals that in an analysis of 1 million OT devices, 111,000, or 11%, were discovered to be carrying known exploitable vulnerabilities (KEVs), and of those devices, 68% were linked to established ransomware campaigns. In the past year, ransomware attacks targeting OT systems surged by 87%.

The new crown jewels: OT data

Why are adversaries targeting OT assets with their attacks? Industrial systems are highly vulnerable to ransomware due to their high value, weak security, and costly downtime.

Cybercriminals will even target manufacturers during weekends or shift changes when they are understaffed, knowing they are likely to pay quickly to restore operations and avoid significant revenue loss and fines.

A few of the factors that make OT systems so appealing to hackers include:

• Legacy devices: Many legacy OT devices were designed decades ago. Moreover, they were built for reliability and uptime, not cybersecurity. They often run on outdated, unpatchable firmware and use insecure protocols. Because network segmentation between OT and IT isn’t always strict, attackers can move laterally once they penetrate an IT system.
• Valuable industrial data: Most adversaries are after sensitive data. OT environments hold a treasure trove of intellectual property, such as design specs, patents, recipes, process parameters, and the like.
• Supply chain leverage: As we saw during the pandemic, manufacturing plants are critical nodes in global supply chains. A disruption can ripple outward, affecting multiple companies and industries. This “chain reaction” potential makes them high-value extortion targets.
• Safety and sabotage potential: OT attacks can cause physical damage (e.g., machine overload) or endanger workers. Nation-state actors may target OT in geopolitical conflicts to weaken industrial capacity.

Help’s on the way from “always-on” security analysts

The good news is that flesh-and-blood security analysts have a sophisticated new ally to help prevent cyberattacks in manufacturing.

See also: Digital reliance is growing, but so are cyber risks. Is your operation prepared?

As part of an autonomous SOC, AI agents in a manufacturing environment can protect by combining automation, AI, and continuous monitoring to address IT and OT security risks without overburdening human analysts. Think of AI agents as your highly trained, always-on security analysts ensuring that nothing falls through the cracks.

Here are a few real-world examples of what today’s AI agents can do.

Real-time, autonomous threat detection: Agentic AI can continuously monitor both OT (industrial control systems, PLCs, SCADA) and IT networks, detecting anomalies in production equipment behavior and corporate systems.

Through adaptive baselining, AI agents learn what “normal” looks like for specific machines, processes, and workflows, enabling them to catch subtle deviations that signature-based tools might miss.

Take pre-emptive action on threat indicators: If an AI agent detects unusual PLC commands or network traffic, for example, it can instantly isolate the affected device or network segment before the malware spreads.

See also: AI can expose manufacturing data to risk, so audit your implementations, third-party links

The agent, trained to follow incident response playbooks, also gathers information on the potentially infected device to share with a human analyst for further investigation to determine the source.

Through dynamic access control, AI agents can then revoke suspicious user or machine credentials automatically, reducing insider threats or compromised account misuse.

Supply chain and firmware integrity checks: Agentic AI can scan firmware updates, software patches, and supplier integrations for hidden vulnerabilities or tampering before they are deployed to factory systems. Through continuous verification, virtual agents can monitor connected suppliers’ data streams for abnormal patterns that may indicate a supply chain compromise.

Predictive vulnerability management: Agentic AI can recommend—and even schedule—patching without disrupting production by understanding machine criticality and threat likelihood. AI agents can carry out simulated attacks. They can “red team” your environment virtually, probing for weaknesses and testing defensive responses without affecting live operations.

Coordinated multi-system defense: Most importantly, agentic AI can act as the decision-making hub, ingesting data and integrating signals from your existing intrusion detection, endpoint security, and industrial safety systems to orchestrate a rapid, coordinated defense.

See also: Without strict security governance, AI could become a liability

Agentic AI can promote cross-plant security awareness by detecting and neutralizing potential coordinated attacks across multiple facilities.

Continuous learning from global threats: One of the most significant benefits of agentic AI is the ability of agents to learn and improve from previous tasks and processes. For example, it can ingest anonymized global threat feeds, learn from other incidents in manufacturing, and apply those defenses proactively in your environment.

Scenario: Ransomware attempt on a smart factory

To demonstrate how this works in the real world, here’s an attack-to-response scenario showing how agentic AI might stop a ransomware attack in a manufacturing plant.

Stage 1: Attack begins

An attacker compromises a supplier’s VPN account, which still has access to your plant’s maintenance network. The attacker sends small, disguised data packets containing malware to a programmable logic controller (PLC) on the assembly line. The goal is to encrypt control software and halt production until a ransom is paid.

Stage 2: Agentic AI detects the threat

The AI agent, trained to monitor against a normal baseline for user behavior, sees an unusual sequence of PLC commands arriving at 3:14 a.m., when the plant is idle. This sets into action a specific protocol:

Cross-domain correlation: It links this to an unrecognized source IP tied to a supplier, but flags that the IP is behaving unlike that supplier’s historical patterns.

Predictive modeling: Based on its training and global threat intel, the AI predicts the commands could trigger a ransomware payload in under 2 minutes.

Stage 3: Autonomous containment

Within seconds, the agentic AI can isolate the affected PLC from the network while keeping mechanical safety systems online. The agent revokes the supplier’s VPN credentials and logs the source IP for investigation. It then blocks similar traffic patterns across all plant segments.

Stage 4: Proactive Plantwide defense

The AI agent runs a lateral movement check to ensure the malware hasn’t spread to other PLCs or SCADA systems. It triggers a safe mode for nearby machines so they finish their current cycles, but won’t accept new instructions from unverified sources. The AI agent then sends alerts to human security staff in the SOC and plant operations managers, including a full forensic log and suggested remediation steps.

Stage 5: Post-incident optimization

Now that the immediate threat is neutralized, the AI agent automatically updates the plant’s threat model to recognize this attack vector. It shares anonymized details with a global manufacturing threat network to help other facilities prevent similar incidents. Finally, the agent schedules a maintenance window for safe firmware updates to vulnerable devices.

Following this scenario, production downtime is limited to a few minutes, no ransom is paid, and operations continue with strengthened defenses without waiting for human analysts to manually detect and respond.

See also: Leading cyberattack against manufacturing sets record in Q1

Done right, agentic AI has the power to completely transform a SecOps environment from a passive alarm system into an active defender that works at real-time speed, enabling manufacturing plants to stay productive, safe, and resilient against evolving cyber threats.