Critical Infrastructure Attacks Targeting AI, OT, and ICS Systems
Rising geopolitical tensions, AI-powered adversaries, and exposed industrial systems are converging into a significantly elevated threat landscape for critical infrastructure.
TL;DR
Global analysis shows wide-scale cyberattacks against OT and critical infrastructure are growing more distributed and costly as we enter 2026.
Hacktivists and cybercriminals are increasingly exploiting exposed ICS/OT/AI systems, including human-machine interface (HMI) and SCADA vulnerabilities.
A major campaign disrupted the Polish power grid in late 2025, highlighting real-world risks to energy infrastructure.
Surveys of energy OT installations reveal pervasive unpatched systems, weak segmentation, and visibility gaps that make attacks easier.
AI is reshaping the threat landscape by accelerating planning, reconnaissance, and exploitation phases of attacks against cyber-physical systems.
Critical infrastructure, from energy grids and water systems to manufacturing and transportation, has long been a target for nation-state and criminal groups. Historically, these threats focused on traditional IT systems. In 2026, however, attackers are bridging digital attacks and physical consequences by exploiting OT, ICS, SCADA, and AI-enhanced systems that control tangible operations in the real world. This shift isn’t theoretical. Industries are experiencing more frequent, more complex incursions that leverage both human and machine-assisted techniques.
Awareness and Research Surface Weaknesses
Broad industry research and reporting are highlighting critical weaknesses and helping defenders sharpen strategy before disaster strikes.
Independent security surveys have revealed that unpatched devices, weak segmentation, and hidden assets are common among energy OT networks such as substations and power plants. These vulnerabilities often show up within minutes of a passive network assessment.
Analyses from global cybersecurity firms are also mapping attacker behaviours, showing that adversaries are using AI as part of the attack lifecycle, making reconnaissance, exploitation, and persistence faster and more effective than ever before.
Reports like the World Economic Forum’s Global Cybersecurity Outlook underscore that AI acceleration and fragmentation of geopolitical alliances are reshaping how nations think about risk, pushing for shared responsibility and coordinated defence.
Real Attacks and Systemic Weaknesses Exposed
While research improves awareness, real attacks are happening now.
In late December 2025, a sophisticated cyberattack against the Polish power grid illustrated how adversaries can disrupt electricity delivery during severe winter conditions. Analysts linked the coordinated breach to a Russian-aligned actor known as ELECTRUM.
Beyond specific campaigns, hacktivists and cybercriminals have increasingly included OT and ICS targets in their operations. This includes exploiting exposed HMI and SCADA interfaces, the operational heart of many industrial systems, which historically were not designed with robust security controls in mind.
Industry forecasting also warns that by 2026, more than one-third of global energy and utility infrastructure will have experienced cyber pre-positioning activity such as quiet access, data collection, and network mapping by attackers, including AI-assisted adversaries preparing for future operations.
Legacy systems and flat network designs further exacerbate risk. Many critical infrastructure environments still use insecure protocols, inadequate segmentation, and outdated firmware, providing low barriers for attackers once initial access is achieved.
My Perspective: Defending Beyond the Perimeter
The reality of 2026 is clear: attackers are not waiting for vulnerabilities to be perfect. They exploit messy, interconnected systems where IT, OT, AI models, and human oversight all intersect.
To defend critical infrastructure effectively, organisations must move beyond traditional perimeter security to focus on zero-trust segmentation, deep visibility into OT traffic, continuous behavioural monitoring, and integrated AI-powered defence orchestration.
Legacy OT environments will continue to be juicy targets unless defenders adopt modern security practices tailored to cyber-physical systems. These include strict network segmentation even for “air-gapped” systems, continuous patching where possible, real-time IDS/IPS monitoring tailored to industrial protocols, and robust incident response plans. Defence cannot be passive. It must be dynamic and predictive.
Attackers have already shown they can cross the divide between digital and physical systems. The next frontier in critical infrastructure defence is recognising that AI, OT, and ICS technologies are now frontline systems; connected, attackable, and essential to everyday life.
AI Toolkit: Tools Worth Exploring
Claude — Reliable, interpretable AI assistant built for tasks at any scale.
datafa.st — Instantly see which marketing channels actually drive customers.
Cal.com — Open-source scheduling with deep customization and API control.
Pandada — Turn messy files into clean, presentation-ready data reports with AI.
1Code — Run multiple Claude Code agents in parallel, locally or in the cloud.
Prompt of the Day
Ask AI to outline a cyber-physical defence plan for a critical infrastructure environment. Include network segmentation, OT/ICS anomaly detection, AI model integrity checks, incident response team drills, and integration with national CERT/CSIRT practices.