Experimenting with AI to defend critical infrastructure

Defending critical infrastructure with AI is one of those areas where the upside and the risk are both very real. On the positive side, ML is well suited for anomaly detection in environments like ICS/SCADA, where “normal” behavior is relatively stable and deviations can be meaningful. That can help catch subtle faults or early-stage intrusions that rule based systems miss.

That said, production infrastructure has very different constraints than typical IT systems. False positives are costly, explainability matters, and operators need to trust and understand the alerts. AI here works best as a decision-support tool, not an autonomous control layer. Tight integration with domain knowledge, strong validation, and conservative deployment are key.

I’m most interested in approaches that combine traditional engineering controls with AI-driven monitoring, rather than trying to replace proven safety and security mechanisms outright.