November 17, 2025
6 MIN.
In this article
How AI is being used to exploit existing gateways for cyberattacks
Case study: Industrial reconnaissance and access with LLMs
The big difference: Speed and scalability
Sustainable protection strategies for the manufacturing industry in the age of AI
AI-supported cyberattacks – new threats to production systems?
Industry 4.0, networked control systems, smart factories – these advances are changing not only the efficiency and flexibility of production facilities, but also the threat landscape. With the increasing use of AI tools, existing attack vectors in the manufacturing industry are being multiplied. The time it takes an attacker to move through a network before becoming active has been significantly reduced. This is particularly critical for production systems with legacy operating systems or open protocols, which are still quite common in the sector, and easy targets.
In this article, we will first explore how cybercriminals use AI, and then we will look at how industrial companies can counter these attacks with sustainable protection strategies.
How AI is being used to exploit existing gateways for cyberattacks
Most importantly, AI and machine learning (ML) technologies enable attackers to achieve higher hit rates with less effort. ML-supported port scanners and fingerprinting tools automate the search for machines with open protocols or known vulnerabilities. Generative AI models can create exploit scripts faster, and adapt them to individual conditions in the targeted system.
At the same time, AI takes Social Engineering to the next level. Deepfakes and high-quality phishing campaigns target production employees in the industry directly.
AI uses known vulnerabilities – instead of new ones.
In most cases, attackers do not exploit new vulnerabilities. Rather, traditional weaknesses are becoming more exposed due to AI.
Examples include:
Easy access to legacy protocols without authentication or encryption, such as SMBv1 or Telnet.
AI enables the quick and automated discovery of weak passwords or standard access data in industrial control systems.
Production facilities with older operating systems, such as Windows 10, Windows XP, or even MS-DOS control modules often lack modern security mechanisms, and can therefore be targeted at scale through automated AI-driven attack trains.
Case study: Industrial reconnaissance and access with LLMs
Let’s create a realistic scenario to illustrate the impact of AI on cyberattacks.
An attacker uses an AI agent to automatically search databases of Common Vulnerabilities and Exposures (CVE) for new vulnerabilities that meet predefined criteria.
A search engine for networked devices, such as Shodan, identifies OT devices where the identified vulnerability may not have been fixed. An exploit script tailored through prompt engineering scans the devices and attempts to penetrate the system – all within a few minutes. AI takes over the reconnaissance stage, script writing, and targeting, significantly reducing the time between identification of the vulnerability and the intrusion.
The big difference: Speed and scalability
The main difference from traditional attack structures is the speed, automation, and scalability. In addition, AI tools can enable criminals with limited digital skills to carry out targeted actions. Instead of taking days or weeks to prepare one targeted cyberattack, today an AI-supported reconnaissance phase can be carried out simultaneously against hundreds of potential targets.
For companies that need to protect against attacks, this means that they don’t have to prepare for completely new types of attacks on their shop floor. Instead, they must minimize known attack surfaces more urgently than before. Old systems, open ports, and unsegmented networks – organizations must focus on anything that could be quickly exploited by AI-supported attacks on a large scale.
Sustainable protection strategies for the manufacturing industry in the age of AI
We rely on many proven cybersecurity principles to protect production systems from this type of threat situation. Organizations should adapt protection strategies to the unique situation of the OT environment – long machine cycles, proprietary controls, and a heterogeneous network. Resilience and risk minimization are more effective than experimental actions.
1. Reduce existing attack surfaces
The core requirement of minimizing existing attack vectors remains. An OT security solution such as edge.SHIELDOR can help achieve this. Similar to the software air gap principle, it creates a clear separation between the IT and OT networks, without preventing communication. Organizations can continue to run legacy systems without updates, while still integrating them into the network. Insecure protocols such as SMBv1 or OPC-DA are converted into the more secure successors SMBv3 and OPC-UA.
2. Protect human-machine interaction
AI-supported phishing campaigns are increasingly focusing on the interface between humans and machines, for example, targeting executives in large organizations with realistic audio or video deepfakes. It is critical that service and remote access are protected by multifactor authentication and role-based rights assignments, and that detailed logging of user interactions is mandatory. Companies should inform their employees about phishing attacks, and train them in secure practices.
3. Defensive AI: AI against AI
AI can also be used to protect against AI-based attacks:
Machine learning can detect anomalies in the OT network or train early warning systems to identify unusual behavior patterns. This helps detect attempted attacks, and the deployment of countermeasures before damage is done.
4. Resilience instead of perfection
In an industrial environment – as in any networked system – one hundred percent protection is unrealistic. For this reason, organizations must be prepared for a possible breach. Segmented networks can restrict the attackers’ movements, while incident response plans enable a swift reaction. With regular backups, systems can be fully restored after the attack has been dealt with.
Use increasing security to modernize
The increase in cyberattacks requires investment in cybersecurity, but this can be used to harness potential and drive efficiency. Connective solutions, such as edge.SHIELDOR not only secure production systems – they can reopen data sources that were assumed lost. With modern data science methods companies can gain valuable insights from these data streams to increase overall system efficiency and save energy.
If you would like to find out how TRIOVEGA’s solutions for Factory 4.0 increase the resilience of your OT infrastructure against AI-supported threats while uncovering efficiency potential, contact us to arrange a consultation.
Author: René Janz
René Janz is an industrial engineer with extensive knowledge of the shop floor. He has been with TRIOVEGA GmbH since 2023, and as Director Business Development, René is responsible for the strategic expansion of OT security and digitalization in the production industry.
You want to know more about our products
and solutions?
edge.SHIELDOR
Holistic OT security for industrial plants that enables data connectivity and sustainably reduces costs
service.factoryINSIGHTS
Discover potential and optimize production processes effectively with our data science expertise
This might also interest you:
- AI-supported cyberattacks – new threats to production systems?AI increases the severity of cyberattacks, particularly against legacy production systems. TRIOVEGA on the risks and possible strategies for more resilient OT security.
- Secure software development in manufacturing – A project report from a development manager
Cybersecurity is no longer a buzzword. It is an essential requirement. In the coming years, regulations such as the Cyber Resilience Act (CRA) and NIS-2 Directive will make security for networked products mandatory, including verification across the entire life cycle. - Legacy by Design: Outdated operating systems on innovative shop floors
Legacy by Design: Outdated operating systems on innovative shop floors The interface of modern production processes with outdated control architecture creates serious vulnerabilities that have a massive impact on safety and efficiency. We will tell you which solutions can still combine connectivity and security.
