• Military
• WMD
• Intelligence

• Security Menu                     

• Systems
• Industry
• Operations
• Hot Documents
• News
• Reports
• Policy
• Budget
• Congress
• Links

• Space

NSA, CISA, and Others Release Guidance on Integrating AI in Operational Technology

National Security Agency / Central Security Service

Press Release | Dec. 3, 2025

FORT MEADE, Md. - The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC), and others in releasing the Cybersecurity Information Sheet (CSI), "Principles for the Secure Integration of Artificial Intelligence in Operational Technology."

While artificial intelligence (AI) presents potential to enhance efficiency, productivity, decision-making, and customer experiences, adopting AI into operational technology (OT) systems introduces new risks to the safety and security of the environments they are integrated in and critical functions they support.

Understanding and carefully managing the associated risks are critical in protecting the safety and security of OT systems.

The report describes different ways that AI can be integrated into OT and outlines four principles critical infrastructure owners and operators should follow to both leverage the benefits and minimize the risks of integrating AI into OT environments. The principles detail guidance to understand AI; consider AI use in the OT domain; establish AI governance and assurance frameworks; and embed safety and security practices into AI and AI-enabled OT systems.

Key mitigations highlighted in the CSI encourage critical infrastructure (CI) owners and operators to:

• Ensure proper understanding of the unique risks that AI brings.
• Only integrate AI when there are clear benefits that outweigh the risks.
• Push data from the OT environment to a separate AI system where appropriate.
• Establish clear governance with through testing and monitoring.
• Incorporate a human-in-the-loop into critical decisions.
• Implement fail-safe mechanisms to limit the consequences of failures and worst-case scenarios.

CI owners and operators should follow the recommendations provided in this guidance to achieve a balanced integration of AI into OT environments and ensure availability and reliability of critical infrastructure.

Read the full report here.