A coalition of nine national cybersecurity agencies issued joint guidance in December 2025 establishing the first comprehensive framework for governing artificial intelligence deployments in operational technology (OT) environments. The move comes as data revealing governance gaps and rising breach rates intensifies pressure on industrial operators to act.

Background

On December 3, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the FBI, Australia's ASD Cyber Security Centre, and cybersecurity authorities from Canada, Germany, the Netherlands, New Zealand, and the United Kingdom jointly published Principles for the Secure Integration of Artificial Intelligence in Operational Technology. The document is among the first to treat AI-in-OT as a distinct risk domain, separate from the IT-centric AI security frameworks that have dominated policy discussions.

The guidance responds to a structural gap that operators and policymakers have long identified. Existing AI security frameworks focus on IT and cloud environments and lack provisions for the safety constraints, timing requirements, system drift, and high-reliability engineering required in OT. Unlike enterprise software, OT systems govern physical processes-turbines, chemical dosing, water treatment-where unintended AI behavior carries safety consequences beyond data loss.

IT/OT convergence and the integration of AI in OT have required a fundamental rethinking of industrial security, according to IoT Analytics' OT Cybersecurity Insights Report 2026. Meanwhile, Honeywell reported that in Q1 2025 alone, there were over 2,400 ransomware attacks targeting OT environments, compared to 6,130 incidents across all of 2024.

Details

The governance gap is quantifiable. According to IBM's Cost of a Data Breach Report 2025, 63% of companies lack AI governance policies. The same study found that 13% of organizations reported breaches involving AI models or applications, and among that group, 97% lacked proper AI access controls. A separate threat vector-"shadow AI," the unauthorized use of AI tools by employees without IT or OT department approval-accounted for data breaches at 20% of respondents in the IBM study.

On the demand side, 84.7% of manufacturers said they planned to prioritize digital transformation in the next 12 months, according to the National Association of Manufacturers' Q2 2025 Outlook Survey. However, 40% of manufacturers cited cybersecurity concerns as the top barrier to initial AI adoption, according to Cisco's 2026 State of Industrial AI report.

The CISA-led joint guidance structures its recommendations around four principles. The first directs operators to educate personnel on AI-specific failure modes-including model drift, prompt injection, data poisoning, and hallucinations-not found in traditional deterministic OT control logic. The second requires evaluating AI deployments against OT-specific business criteria, including safety impact, latency tolerances, and legacy system compatibility. The third calls for formal AI governance frameworks: the guidance specifically recommends anomaly detection, comprehensive logging, and regular AI red-teaming to identify vulnerabilities and validate model accuracy over time. The fourth mandates embedding safety practices directly into AI-enabled systems, including enforced human-in-the-loop decision points and the ability to revert to manual or deterministic control.

The document also addresses data governance. Operational data aggregated for AI training becomes more attractive to adversaries, and the guidance recommends strict data governance controls including encryption, access control, and defined data retention policies, as well as software bills of materials (SBOMs) for AI components. CISA Acting Director Madhu Gottumukkala stated that "OT systems are the backbone of our nation's critical infrastructure, and integrating AI into these environments demands a thoughtful, risk-informed approach."

Organizational structure receives attention as well. According to Industrial Cyber's reporting, organizations need clearly defined IT-OT decision rights before an incident occurs, supported by a unified governance framework that establishes system ownership, security responsibilities, triage authority, and supply-chain accountability.

Outlook

The joint guidance notes that AI governance measures may become regulatory obligations depending on sector-specific requirements, and that AI-enabled OT products may face heightened vendor transparency expectations including model disclosures and safety reporting. Industrial operators are expected to update incident response plans and data practices as regulatory scrutiny increases. The Google Cloud Security 2026 Cybersecurity Forecast projects that cybercrime will pose the primary disruptive threat to industrial control systems and OT environments in the near term.