* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Company \& Culture](https://www2.paloaltonetworks.com/blog/category/company-culture/)
* AI in OT Security --- Balan...

# AI in OT Security --- Balancing Industrial Innovation and Cyber Risk

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F08%2Fai-in-ot-security%2F)  
[](https://twitter.com/share?text=AI+in+OT+Security+%E2%80%94+Balancing+Industrial+Innovation+and+Cyber+Risk&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F08%2Fai-in-ot-security%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2024%2F08%2Fai-in-ot-security%2F&title=AI+in+OT+Security+%E2%80%94+Balancing+Industrial+Innovation+and+Cyber+Risk&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2024/08/ai-in-ot-security/&ts=markdown)  
\[\](mailto:?subject=AI in OT Security — Balancing Industrial Innovation and Cyber Risk)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
Aug 21, 2024  
7 minutes  
[Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown)  
[AI's Impact in Cybersecurity](https://www.paloaltonetworks.com/blog/tag/ais-impact-in-cybersecurity/?ts=markdown)  
[Industrial Control Systems](https://www.paloaltonetworks.com/blog/tag/industrial-control-systems/?ts=markdown)  
[Industrial OT Security](https://www.paloaltonetworks.com/blog/tag/industrial-ot-security/?ts=markdown)  
[Interview](https://www.paloaltonetworks.com/blog/tag/interview/?ts=markdown)  
[LLMs](https://www.paloaltonetworks.com/blog/tag/llms/?ts=markdown)  
[OT security](https://www.paloaltonetworks.com/blog/tag/ot-security/?ts=markdown)  
![](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/audio-icon.svg)  
Rodillas on OT and ICS security  
*00:00* *00:00*  
Volume Slider  
10s 10s  
10s 10s  
Seek Slider

Whether defensive or offensive, cybersecurity is in constant flux. And in today's industrial landscape, the convergence of operational technology (OT), industrial control systems (ICS) and information technology (IT) is reshaping manufacturing and critical infrastructure. This convergence, while bringing unprecedented efficiency and innovation, also exposes traditionally isolated systems to new security risks, creating a complex ecosystem where AI is emerging as a powerful ally in securing these environments.

We recently interviewed Del Rodillas, distinguished product manager at Palo Alto Networks, who focuses on OT and ICS security, developing solution roadmaps and working closely with the product teams. His expertise extends to collaborating with sales teams, enabling them to better serve clients, and educating customers. Del's long-standing experience and insights make him a valuable asset in navigating the multifaceted landscape of the OT-IT convergence and emerging cybersecurity challenges in the manufacturing and industrial sectors.

## The Changing Face of OT Security

Today, the manufacturing sector is embracing digital transformation at an unmatched rate. By 2026, industrial organizations are expected to employ [over 15 billion new and legacy assets connected to 5G](https://www.marketsandmarkets.com/Market-Reports/5g-iot-market-164027845.html), the internet and cloud. As one might expect, this rapid adoption of new technologies is not without risk. The attack surface of a typical manufacturing organization becomes exponentially broader as more devices are deployed.

This expanded attack surface, coupled with the inherent vulnerabilities of legacy OT systems, creates a perfect storm for cybercriminals who are now setting their sights on these systems, leveraging advanced, AI-enhanced techniques to launch attacks. As Rodillas points out:

"OT-IT convergence plays a massive role in the cyberthreat landscape because it enables attackers with a more sophisticated playbook or set of tools that makes their capabilities more advanced, but it also increases the velocity and volume of their attacks."

This increased digital tangle of connectivity has made OT systems prime targets for cybercriminals. In 2021, 35% of reported OT cyberattacks had physical consequences, with an [estimated damage of $140 million per incident](https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/how-to-enhance-the-cybersecurity-of-operational-technology-environments). These alarming statistics underscore the critical need for robust OT security measures that can keep pace with evolving threats.

## AI --- A Game-Changer in OT Security

As in other areas in cybersecurity, AI is proving to be a formidable ally in the fight against cyberthreats in OT environments. Rodillas emphasizes the importance of AI in addressing the unique challenges of OT security:

"AI plays a massive role in the cyberthreat landscape... I think AI is changing the mindset that it's not relevant to OT. It's very much relevant because of an integrated IT-OT attack lifecycle. From a sophistication standpoint, I think particularly on the social engineering phase, so people have to remember that attacks to OT primarily are ones that originate from IT and then pivot to OT.

Generative AI particularly can be used to automate the research and email generation to have a more targeted and more convincing spear phishing campaign. And the adaptability, I think, is another thing for the threat landscape, where the malware can constantly evolve, making it harder to detect and neutralize. I don't think it would be a stretch to say that AI will be applied to have more efficient and stealthy lateral movement in OT, thus shortening the time to compromise a critical asset."

Given these evolving threats, AI is not just a tool but a necessity in modern OT security.

## Key Areas Where AI Is Making an Impact Protecting Industrial Environments

**Enhanced Threat Detection and Response**

AI-powered tools are revolutionizing how organizations detect and respond to threats in manufacturing settings. Rodillas highlights the importance of [User and Entity Behavior Analytics (UEBA)](https://www.paloaltonetworks.com/cyberpedia/what-is-user-entity-behavior-analytics-ueba), stating,

"In manufacturing, the device aspect of UEBA becomes very interesting because now you're talking about OT devices, industrial IoT devices, IoT devices, IT devices, a lot of devices on the shop floor."

By leveraging machine learning algorithms, these tools can establish baselines for normal behavior and quickly identify anomalies that may indicate a security threat. This capability is particularly crucial in OT environments, where traditional IT security tools may not understand specialized industrial protocols.

**Bridging the IT-OT Security Gap**

One of the most significant challenges in OT security has been the disconnect between IT and OT teams. AI is helping to bridge this gap by providing a common language and unified view of the security landscape. Rodillas explains:

"Organizations are better off because there's that increased connectivity between the two environments. OT is becoming more like IT from a technology standpoint... AI can be one of these types of technologies, kind of a unifying capability."

By applying AI analytics across both IT and OT environments, organizations can detect threats earlier and map attacks to frameworks like MITRE ATT\&CK, enabling better identification of threat actors and more effective response strategies.

**Addressing the Skills Gap**

The cybersecurity skills shortage is particularly acute in the OT sector. AI is helping to alleviate this limitation by automating routine tasks and enabling less experienced staff to handle more complex security operations. As Rodillas notes, "You need AI to take this burden off of humans and AI can do it 24/7 automatically, and it can only involve your personnel when there's a critical and high fidelity signal that is better handled by a human."

This automation not only helps to address the skills gap but also allows security teams to focus on strategic initiatives rather than getting bogged down in day-to-day alert management.

## Challenges and Considerations

While AI offers tremendous potential in OT security, it's not without challenges. One of the primary concerns is the risk of false positives leading to unnecessary operational disruptions. Rodillas cautions, "If you act on a false positive and shut something down, and it causes a downtime and or some safety concern, that's like, ' the cure is worse than the problem' kind of scenario."

To mitigate this risk, Rodillas suggests implementing decision assistance mechanisms that provide context and recommended actions to human operators, rather than relying on fully automated containment.

## Looking Ahead --- The Future of AI in OT Security

As we peer into the future, several advancements in AI are poised to have a significant impact on OT and ICS security:

* Improved accuracy in threat detection, reduced false positives
* Enhanced operational risk assessment capabilities
* Integration of AI with digital twin technologies for more effective security simulations

These digital twins, which are virtual replicas of physical systems, allow organizations to simulate and analyze potential security scenarios without risking their actual infrastructure. By applying AI to these simulations, companies can predict vulnerabilities, test response strategies, and optimize their security posture in a safe, controlled environment. This approach is particularly valuable in OT settings, where testing on live systems could lead to costly disruptions or safety risks.

Rodillas also sees potential in the application of large language models (LLMs) in OT security, particularly in querying and analyzing complex, interconnected datasets across OT and IT systems.

The convergence of OT and IT, coupled with the rise of AI, is ushering in a new era of industrial cybersecurity. While challenges remain, the potential benefits of AI in securing critical infrastructure and manufacturing environments are immense. By leveraging AI-powered tools and strategies, organizations can enhance their threat detection capabilities, bridge the IT-OT security gap, and address the persistent skills shortage in the cybersecurity field.

As we move forward, it's clear that AI will play an increasingly central role in safeguarding our industrial systems. Organizations that embrace these technologies and integrate them thoughtfully into their security strategies will be best positioned to thrive in the evolving threat landscape of the OT world.

### Learn More

Download our [*State of OT Security Report-2024*](https://www.paloaltonetworks.com/resources/research/state-of-ot-security-report) to learn more about securing industrial environments.

*** ** * ** ***

## Related Blogs

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### AI in Security --- Ready for Prime Time](https://www2.paloaltonetworks.com/blog/2024/01/ai-in-security/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI Provides an Rx for Cybersecurity in Healthcare](https://www2.paloaltonetworks.com/blog/2024/07/ai-provides-an-rx-for-cybersecurity-in-healthcare/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI in Cybersecurity --- A CISO's Perspective](https://www2.paloaltonetworks.com/blog/2024/03/ai-in-cybersecurity-a-cisos-perspective/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Beyond the Hype --- Where AI Can Shine in Security](https://www2.paloaltonetworks.com/blog/2024/01/where-ai-can-shine-in-security/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### AI Is Changing Security --- 5 Predictions from Cortex](https://www2.paloaltonetworks.com/blog/2024/01/ai-is-changing-security/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### CISOs Take Note --- Don't Let AI Adoption Outpace Due Diligence](https://www2.paloaltonetworks.com/blog/2024/01/ai-adoption-outpace-due-diligence/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language