In May 2025, U.S. authorities warned that hackers were targeting industrial control systems across the oil and gas sector. The joint advisory from CISA, the FBI, the Department of Energy and the EPA detailed how attackers probed supervisory control and data-acquisition (SCADA) networks for weak authentication and misconfigured remote connections.
The attacks weren’t sophisticated, but their scale, and the flood of alerts that followed, was alarming. Security teams were buried in sensor data, unsure which alerts showed real danger. And that moment made a growing dilemma clear: The tools meant to protect industrial systems are generating more noise than insight.
Operational-technology (OT) environments — the industrial control systems that run factories, grids and pipelines — are under mounting pressure as the EU’s NIS2 directive, which took effect this year, tightens cyber-risk and incident-reporting rules. Similar guidance from CISA in the U.S. urges utilities to map and monitor every connected asset. Yet the more sensors and systems they deploy, the more alerts they generate and the thinner their security teams are stretched.
The Age Of Alert Fatigue
“Due to a mix of regulations, supply chain requirements and prominent publications of attacks, the awareness about OT security is rapidly growing and more and more organizations are looking into deploying such solutions,” explained Ilan Barda, CEO of Radiflow, in an interview. “When mid-size organizations are deploying such a solution they often lack the proper preparations to harden their devices and their network and to tune the security baseline, so the deployed tools generate a lot of alerts.”
Those alerts are landing on analysts who, he noted, frequently lack deep OT expertise. “The handling of these new types of alerts is often assigned to existing less-qualified teams,” Barda added. The result is quite a paradox, where IT teams have more visibility but less clarity. Many defenders spend their days chasing low-priority notifications while missing the subtle precursors of real attacks.
A recent Rockwell Automation forecast captures the tension well, noting that “in 2025, AI will increasingly be used for OT security for anomaly detection, behavioral profiling, vulnerability management, and security automation and orchestration.” Yet as AI moves deeper into the industrial stack, experts warn that it is both remedy and risk.
Teaching AI To Understand Context
“The main challenge in OT security is the lack of expertise among the people that are assigned to handle the alerts,” Barda told me. “AI can assist the security analysts in two aspects: One is relevancy, which aims to answer the question of whether an alert is relevant in the context of a specific industrial environment. The other is priority: What is the possible business impact of the kill-chain related to this alert in the context of my specific industrial environment?”
In Radiflow’s approach, algorithms are trained on each facility’s unique processes, then correlated with public threat-intelligence sources to determine which anomalies matter most. “AI tools trained on each facility’s environment and correlated with public threat data help analysts focus on what’s critical,” Barda said.”
Radiflow’s new Radiflow360 platform, unveiled at the IT-SA Expo in Germany this October, applies that principle — unifying asset discovery, risk analysis and anomaly detection for mid-sized industrial firms. With an AI analyst assistant built in, it reflects a broader shift toward using automation to cut through alert noise and simplify OT security operations.
This shift — from detecting everything to understanding what matters — could make security both scalable and sustainable. Barda claims that integrating contextual risk analysis with detection can yield a “1:10 optimization in terms of resources.” But he also cautioned that AI isn’t infallible. “AI tools tend to be less accurate with hallucinations based on the partial and inaccurate information. As such AI findings should be validated by a person,” he said. Human expertise, in other words, remains the governor on automation.
Reality Check From The Field
For Martin Hill, cybersecurity product manager at Fujitsu, many OT systems were never designed to be connected to the internet. “They were built for reliability, not security,” he said. “Now, as organisations connect these systems to IT networks to improve efficiency, they’re discovering vulnerabilities that weren’t previously a concern.”
Hill sees progress, but also gaps. “We are seeing a shift from reactive to proactive strategies,” he said. Companies are investing in network segmentation, 24/7 monitoring and compliance with NIS2 and IEC 62443. But the challenge, according to Hill, remains that “IT and OT groups often speak different languages — one focused on data, the other on uptime and safety.”
The result is a cautious embrace of automation. “AI has a role to play — especially in monitoring and anomaly detection — but adoption is slow and uneven,” he said. “Some organisations are embracing AI to stay ahead of threats, while others only act after an incident. It’s not about chasing technology — it’s about securing operations in a way that’s practical, scalable, and aligned with business priorities.”
The Double-Edged Sword
AI’s ambivalence runs through the industry. “On one hand, it helps security teams spot threats earlier, automate responses and reduce downtime,” said Vicky Bruce, global capability manager for cybersecurity services at Rockwell Automation, in a September 2025 commentary on Solutions Review. “On the other hand, it gives cyber attackers tools to launch more targeted, convincing, and damaging attacks — often in seconds.”
Meanwhile, visibility — the foundation of any AI system — remains incomplete. “Most sectors have not done an OT asset inventory. So they don’t even know what they have,” Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, recently told Federal News Network. Without that baseline, the smartest algorithms can only make educated guesses.
Barda agrees context is crucial but insists progress is visible. “AI will certainly make OT security more manageable, providing more context to threats and alerts so less-experienced analysts can handle them and improving risk-based prioritization of alerts so less SOC resources are required,” he said. “Such tools still need human oversight in the foreseeable future.”
The Road To Resilience
Across industries, the shift from alerts to answers is reshaping how cyber defenders think about resilience. The promise of AI isn’t that it replaces human analysts but that it helps them see the whole board — linking vulnerabilities, business impact and operational context in real time.
Barda believes this convergence will ultimately bridge the historical divide between IT and OT. “AI tools in OT security are very useful in bridging the gap between IT and OT,” he said. “Such tools enable IT professionals to better understand OT threats and alerts as well as improve the security level of OT networks.”
The path ahead is still bumpy, though. AI may help as costs rise and compliance deadlines loom, but it won’t know everything. The systems that run modern life are getting better at protecting themselves, but the real test of progress may be whether people can learn to trust them enough, without handing over the controls entirely.