The deployment of artificial intelligence systems in operational technology environments is accelerating. Predictive maintenance platforms, AI-driven process optimisation tools, and operator-facing copilot systems are now present in industrial facilities across UK manufacturing, energy, and water sectors. New technical research from e2e-assure, published on 28 May 2026, identifies four distinct categories of cyber risk that AI deployment in OT environments creates, each with worked examples drawn from public research and disclosed incidents.
The AI Threat Landscape: What the OT Security Review Found
The e2e-assure OT Security Review 2026, based on independent Census wide research surveying 250 cybersecurity decision makers across UK CNI and manufacturing, establishes the baseline from which AI-related threats are emerging. The research found that 49% of organisations are already concerned about AI-enabled threats or automation, placing this category alongside established concerns such as supply chain compromise and insider threats. Self-assessed preparedness for AI-enabled threat automation stands at 54%, the highest of any attack category assessed in the study, though the research notes this confidence warrants re-evaluation given rapid advances in adversarial AI capability since the survey was fielded in January 2026.
The OT Security Review notes that advances in AI models have lowered the barrier to generating convincing phishing content, automating reconnaissance, and discovering vulnerabilities at scale. For OT environments, this shift is compounding existing exposure. The four risk categories identified in this e2e-assure analysis represent the next layer of that threat.
Four New Risk Categories
The first risk category is training data poisoning. AI systems used for anomaly detection or process optimisation in OT environments are trained on historical sensor data. An attacker who can inject false data into training datasets can cause the AI system to learn that malicious behaviour is normal. Once deployed, the model then actively suppresses alerts for the attack patterns it was trained on.
The second is model evasion. Adversarial inputs can cause AI systems to misclassify malicious traffic or process states. In an OT context, this means an AI-driven monitoring system can be caused to fail to flag a compromised PLC command if that command is crafted to fall within the AI’s learned boundary for normal behaviour.
Prompt Injection and Autonomous Control
The third risk category applies specifically to AI copilot systems being deployed in control rooms to assist operators with decision-making. Prompt injection, a well-documented attack vector in general AI systems, allows an attacker who can influence the input to a copilot to cause it to generate harmful recommendations or, in more serious cases, to directly execute process control commands.
The fourth category is autonomous control hijack. As AI systems take on more autonomous process control functions in advanced manufacturing and energy facilities, compromise of an autonomous control system is no longer an IT security incident. It is an operational safety event.
Defensive Framework for OT Teams
e2e-assure has developed a defensive framework for OT teams introducing AI to plant floor or control room workflows. The framework covers five control domains: training data integrity assurance, model validation against adversarial inputs before deployment, access controls for AI system configuration interfaces, monitoring of AI system output for anomalous recommendation patterns, and incident response procedures specific to AI system compromise.
The framework draws on NCSC AI security principles, the NIST AI Risk Management Framework, and IEC 62443 control objectives, adapted for OT-specific deployment contexts. e2e-assure’s OT cyber security expertise spans both AI and OT domains, with analysts trained on AI system behaviour in industrial contexts alongside core OT protocol and network knowledge.
For more information on e2e-assure’s OT cyber security expertise, visit e2e-assure.com.
Key Facts
- Four new OT attack categories: training data poisoning, model evasion, prompt injection, and autonomous control hijack
- OT Security Review (Censuswide/e2e-assure, Jan 2026): 49% of organisations concerned about AI-enabled threat automation
- OT Security Review: 54% self-assess as prepared for AI-enabled threats, though this was assessed before recent AI capability advances
- OT Security Review: advances in AI models have lowered the barrier to reconnaissance, phishing, and vulnerability discovery at scale
- Defensive framework covers five control domains including training data integrity and AI-specific incident response
- Framework draws on NCSC AI security principles, NIST AI RMF, and IEC 62443
- Worked examples drawn from public research and disclosed incidents included in full report
About e2e-assure
e2e-assure is a UK-based managed SOC and cybersecurity company specialising in IT/OT security, threat detection and response, and cyber assessment services for critical national infrastructure and industrial operators. Founded by Rob Demain, e2e-assure operates the Cumulo platform, purpose-built for unified IT/OT monitoring. The company serves clients in manufacturing, energy, water, and transport across the United Kingdom.
