New Darktrace report spotlights growing cybersecurity risks manufacturers face from AI
Key Highlights
- AI-driven threats are rising fast in manufacturing as companies raise concerns about evolving malware and data exposure risks.
- While 78% of security professionals are concerned about AI risks, only 37% have AI policies in place and over half say they’re unprepared.
- One expert said manufacturers must improve monitoring of AI use, understand behavioral patterns and enforce real-time controls, as legacy security tools struggle to keep up with AI-enabled threats.
As manufacturing organizations experience data exposure and cyberattacks from AI agents, concerns among security professionals continue to rise as malware adapts, according to research from AI cybersecurity specialist Darktrace.
About 78% of manufacturing security professionals are concerned employee use of AI agents could increase data exposure and regulatory risk, according to Darktrace’s State of AI Cybersecurity Survey that the company released late last month.
See also: SMBs, manufacturers are the most vulnerable to cyberattacks, Verizon report finds
The survey "shows that manufacturing security managers are more acutely aware of the impact of data exposure to their operations, perhaps more so than other industries, and AI is merely an acceleration of that,” said Oakley Cox-Robison, senior director of product at Darktrace.
“AI enables it more and opens up more risk factors of how it could be accidentally or intentionally leaked.”
Cox-Robinson also highlighted the “matching statistic” Darktrace found that only 37% have AI deployment policies in place, indicating a discrepancy between awareness of the risks that AI poses and barriers to adopting the technology securely.
He said that companies face challenges such as a lack of funding, resources, and policies when adopting AI.
The bottom line reflected in the Darktrace report is AI-powered attacks are already impacting manufacturers, as 76% of respondents said their organizations are already experiencing AI-driven cyberthreats.
Also, 90% said they believe AI is increasing the success of phishing and social engineering attacks, and 49% are worried about malware that can evolve in real time, which is higher than the cross-industry average.
Although AI agents mimic human decisions, they can leave companies exposed to threats of data exposure, phishing campaigns and more. External threats of AI-powered attacks are also a large concern as malware continues to evolve.
Meanwhile, the preparedness gap continues to widen, as 51% said in the Darktrace survey that they are not prepared for AI-driven threats.
Policies must change, communication must improve
Cox-Robinson said that part of the reason why companies lack proper methods to prepare against and mitigate attacks is lack of communication and little change in policy. He said C-suite leaders that are pushing their companies to use AI-enabled software don’t always understand the risks that use of the tools poses, specifically relating to data breaches.
For example, he told Smart Industry in an interview, a lack of guidance is pervasive for manufacturing companies to securely and effectively implement different types of AI, such as generative and agentic.
Although security professionals are aware of this, the C-suite isn’t always as informed, leading to issues in implementation, Cox-Robinson said.
“It is such a hot topic in terms of this rapid adoption being pushed down from [the] executive level to increase efficiency ... but security managers are then left there, and they're almost trying to be the brakes on this, but they don't have the kind of tooling and the guidance to [say] ‘this is the risk you are imposing on the business by implementing this particular AI technique, and this is what we need to do to ensure it,’” he said.
“It's such a fast-moving new field that security leaders are feeling very isolated in understanding the implications of. They know it's important, they just can't get beyond the unknown.”
Crystal Ball 2026: AI-driven cyberattacks are coming. Here’s how to prepare now
Data is necessary to train agents, allowing access to business data and processes increases risk of sensitive data exposure, Cox-Robinson added.
Darktrace’s report revealed that this exposure was a concern for 60% of respondents, with 59% worried about accidental policy and regulatory violations.
When implementing agents, Cox-Robinson said, data determines how well AI models are trained. Bad AI models yield bad results in operational efficiency and quality control, which is a risk that manufacturers need to deal with, he said.
“When you then have things like generative AI, which then increases the potential for data to be leaked. I think that may be one of the reasons why manufacturing security leaders are better able to understand the risks of AI adoption above other industry verticals,” he said.
Visibility concerns and solutions
Addressing the AI implementation challenge, according to Cox-Robinson, requires a different approach to security that can operate at the same speed and scale as AI and named three priorities for manufacturing organizations: visibility, context and guardrails.
Generally, he said, risks start from a lack of visibility of AI agents within manufacturing organizations.
Having visibility of agents includes knowing where the agents are physically hosted and used; who is using them, from both human-to-agent and agent-to-agent identities; and monitoring prompts used in generative AI agents.
Visibility, he explained, allows risks to be quantified so real-time detection and policies can then be put in place.
“You can actually monitor the how people are using it and potentially abusing it, either maliciously or accidentally, in terms of how they might be accidentally exposing risk, which allows you to then kind of perform that real-time detection [while] still allowing them to do what they're really good at, but putting guardrails in place in terms of real time detection,” he said.
See also: How much more proof do you need that cybersecurity should be essential to your plant?
In terms of context, detecting threats requires understanding patterns within the organization and identifying deviations as they happen. This is then supported by guardrails, in which organizations need boundaries around actions they can take with these agents which need to be embedded into systems themselves, Cox-Robinson said.
Additionally, many manufacturers still depend on legacy security tooling that isn’t always able to keep up with speed of attacks as it is dependent on known bad actors. Risks can increase, he said, just by simply adopting AI within businesses.
“This will require a new generation of AI-powered security tools,” he said. “That doesn't mean the problem is that different as a starting point, but it does mean a shift in mindset of how we solve it.”
About the Author
Sarah Mattalian
Staff Writer
Sarah Mattalian is a Chicago-based journalist writing for Smart Industry and Automation World, two brands of Endeavor Business Media, covering industry trends and manufacturing technology. In 2025, she graduated with a master's degree in journalism from Northwestern University's Medill School of Journalism, specializing in health, environment and science reporting. She does freelance work as well, covering public health and the environment in Chicagoland and in the Midwest. Her work has appeared in Inside Climate News, Inside Washington Publishers, NBC4 in Washington, D.C., The Durango Herald and North Jersey Daily News. She has a translation certificate in Spanish.