CISA Guidance on Secure AI Integration in OT Environments

Artificial intelligence is gradually being integrated into operational technology environments, ranging from predictive maintenance to decision-support systems powered by machine learning and large language models. For critical infrastructure operators, this presents a dual challenge: harnessing AI for efficiency while maintaining safety, availability, and cybersecurity.

In December 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), together with cybersecurity authorities from the United States, the United Kingdom, Canada, Germany, the Netherlands, Australia, and New Zealand released Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This document provides a structured framework for integrating AI into OT systems while safeguarding their essential security and safety requirements.

Why Artificial Intelligence Introduces New Security and Safety Risks in OT Environments

Unlike IT systems, OT environments are designed around determinism, real-time constraints, and strict safety margins. The guidance highlights several AI-specific risk categories with direct OT impact:

• Cybersecurity risks: Manipulation of AI models or data, prompt injection, and bypass of safety guardrails.

• Model drift: Changes in operational processes degrade AI accuracy over time.

• Lack of explainability: Complicating troubleshooting, auditing, and regulatory compliance.

• AI dependency: Operators losing situational awareness or manual skills.

CISA explicitly notes that some AI systems, particularly LLMs, “almost certainly should not be used to make safety decisions for OT environments” due to reliability and hallucination risks.

Principle 1: Understanding Artificial Intelligence and Its Impact on Operational Technology

The first principle emphasizes the need for organizations to understand both AI capabilities and limitations before deployment. This includes awareness of AI-specific threat models and the secure development lifecycle for AI systems.

CISA and NCSC-UK identify four lifecycle stages: secure design, secure procurement or development, secure deployment, and secure operation and maintenance. For critical infrastructure operators, this requires clearly defined responsibilities across vendors, system integrators, and internal teams. The guidance emphasizes workforce readiness, warning that without proper training, operators might misinterpret AI outputs or rely too heavily on automation, thereby increasing operational risks.

Principle 2: Evaluating Appropriate AI Use Cases in Operational Technology

CISA advises organizations to first determine whether AI is the most appropriate solution for a given OT use case. The guidance explicitly recommends assessing simpler or established technologies before introducing AI-driven complexity.

The document provides a detailed example of AI-based predictive maintenance for an industrial generator, including success metrics, safety thresholds, and security requirements such as bandwidth limits and alarm quality. This illustrates a core expectation: AI deployment must be justified by measurable operational benefit and bounded by defined safety and security controls.

Data management is another central concern. The guidance highlights risks related to data sovereignty, exposure of sensitive engineering data, and centralized OT data aggregation.

Principle 3: Governance, Assurance, and Security Frameworks for AI in OT

Effective AI integration relies on governance frameworks that involve leadership, OT and IT subject matter experts, and cybersecurity teams. These frameworks should establish clear accountability, enforce data protection policies, and facilitate ongoing validation of AI performance.

The guidance further recommends integrating AI risk into existing security frameworks rather than treating AI as a separate domain. This includes:

• Regular audits and risk assessments

• Encryption, access controls, and logging for AI endpoints

• Incorporation of AI-specific threat models, such as MITRE ATLAS, alongside traditional ATT&CK-based analysis.

Thorough testing in non-production environments is emphasized, including hardware-in-the-loop testing where appropriate, before any AI system is moved into production OT environments.

Principle 4: Oversight, Network Segmentation, and Failsafe Mechanisms for AI-Enabled OT Systems

CISA makes a clear statement: humans remain responsible for functional safety. AI systems must therefore operate with defined oversight mechanisms, human-in-the-loop controls, and clearly documented failure states.

A key architectural recommendation is to favor push-based or brokered data transfer models. The guidance suggests extracting necessary OT data from OT networks without granting persistent inbound access, and explicitly endorses one-way data transfer patterns and audited staging buffers as best practices.

Failsafe mechanisms are equally critical. Operators are advised to design AI systems so they can be bypassed or disabled without disrupting core operations, and to incorporate AI-related failure scenarios into existing functional safety and incident response plans.

Implementing CISA’s Principles for Secure AI Integration in Operational Technology

CISA’s guidance provides a structured, internationally aligned framework for integrating AI into OT environments responsibly. It emphasizes understanding AI risks, carefully selecting use cases, enforcing governance, and embedding oversight and failsafe mechanisms.

At DataFlowX, AI integration is guided by these principles. Across its solutions, DataFlowX prioritizes controlled data flows, strict network segmentation, and architectures that prevent persistent inbound access to critical systems. This approach aligns closely with CISA’s recommendations for push-based data transfer models, strong governance, and safety-first design.

As AI adoption in critical infrastructure continues to grow, frameworks such as this guidance will be essential for ensuring that innovation does not come at the expense of security, safety, or operational continuity.

Contact our expert team today to explore how you can securely integrate AI-powered technologies into your cybersecurity measures in OT environments.