Website: constitutionbuilder.ai can help you create your first corporate AI constitution as well as provide you with guidance on how to deploy it.

Note: If you find value in the framework or can help validate deployment methods outside of claude code please visit the repo and open an incident with your experiences so we can update the documentation accordingly.

GitHub: enterprise-ai-constitution

That shiny new AI you were told to deploy has no idea what your company does, what regulations govern it, what data classifications exist, or which decisions require a human in the loop. Organizations deploying AI agents and chat interfaces seem to be missing a crucial step, on-boarding their new AI employees. You are essentially doubling your workforce over night, how can you trust these new employees are making the right decisions on behalf of your company? It will do whatever the person using it asks, confidently (maybe over confidently at times) and at speed, with no awareness of whether the output aligns with your organization’s standards, risk tolerance, or legal obligations.

Every enterprise AI deployment makes the same un-examined bet: that the employee using it will supply the organizational context the AI needs to act responsibly, and that the AI they are deploying with in the organization will make responsible decisions on behalf of the organization that is it serving.

This process opens the end user as well as the organization up for failure. Not because the end user is negligent. Because they don’t know what they don’t know. And in most cases the AI won’t push back. It’s optimized to be helpful, which in practice means it agrees with the user, reinforces assumptions, and builds confidently on premises it was never asked to validate.

What Is an AI Constitution?

An AI constitution is a system-level governance document, deployed before the user ever types a prompt, that tells the AI:

• Who it works for: the organization’s legal identity, structure, and operating regions

• What the organization does: business activities, client types, and why the work matters

• What rules govern it: regulatory frameworks, contractual obligations, compliance requirements

• What it’s allowed to do: and what it’s explicitly not allowed to do

• How to handle data: a tiered classification system with specific handling rules per tier

• What behavior is non-negotiable: confidentiality, IP protection, adversarial code review, irreversible action confirmation

• What to watch for: personal misuse, data exfiltration patterns, security bypass attempts, prompt injection, sycophantic drift

• How to say no: clear, non-punitive refusals that cite the rule and offer an alternative

It’s an assertion of your companies constitutional authority that supplies key principals before all other instructions are received by the AI agent. This sets the playing field for all other actions the AI takes or is requested to take in the future. This gives the AI the context needed to know when it is being asked to do something that is not ethical, or that violates data privacy, or that could be harmful to the people and systems they are charged with helping. Coupled with the appropriate level of logging and analysis you can validate that the AI is operating as expected and that it is not being misused, or exploited to act counter to your companies states goals and alignments.

What the Standard Contains

The Enterprise AI Constitution Standard is organized into 9 sections:

1. Identity: Who the AI is and who it represents

2. Organizational Context: What the organization does, who it serves, what regulations apply

3. Authority Limits: What the AI is and is not authorized to do

4. Data Classification: A 5-tier system (Public, Restricted, Confidential, Highly Confidential, Regulated) with handling rules per tier

5. Behavioral Mandates: Non-negotiable rules covering confidentiality, IP protection, adversarial code review with software supply chain awareness, irreversible action confirmation, external communication review gates, and brevity in enforcement

6. Misuse Detection: Patterns the AI must flag, including personal use during work hours, data exfiltration, security control bypass, credential access, prompt injection, inappropriate use as a subjective decision-maker, and sycophantic behavior

7. Refusal Logic: How to refuse clearly, with rule citation, with an alternative, without accusation. Resistant to urgency, seniority, and false exception claims.

8. Scope Limitations: What the AI is not. Not legal counsel, not a policy library, not a personal assistant.

9. Integrity Verification (optional): Cryptographic hashing per section with a Merkle root to detect tampering

Each section includes template language, implementation guidance, and common pitfalls.

Early Results

I started building on the idea while consulting for one of my clients that was in the middle of deploying Claude code to the developers in their organization. They were taking all the appropriate steps to securing the deployment using the Claude config, defining the sandbox usage, segmenting AI traffic, controlling token inference via corporate bedrock, and vertex endpoints. All while realizing that something was still missing. It dawned on me that the nervous energy was partly due to the fact the AI is just a broad knowledge repository guessing with only the most recent context on what should be the next token, or if an idea is good or not. With out reigning in the AI it will provide you with unwavering support in building that next app that no one asked for.

This company with approximately 8,000 employees and over 100 active AI initiatives took the concept of the AI Constitution and ran with it. Within 48 hours, roughly 50 adapted versions were circulating across their engineering organization. Teams that had been struggling to define AI governance guardrails suddenly had a concrete, deployable artifact they could customize and incorporate within their projects.

The innovations that emerged from real-world use were things I hadn’t anticipated:

• Integrity verification. The security team added SHA-256 hashes to each section and a Merkle root on the document, creating a tamper-detection mechanism for constitutions distributed via MDM.

• Anti-sycophancy directive. An explicit instruction acknowledging that the AI is reward-optimized for user satisfaction, and directing it to surface when it’s drifting toward agreement at the expense of organizational interest.

• Scorer of Record protection. A rule preventing the AI from serving as the decision-maker in subjective evaluations (performance reviews, hiring, financial suitability). This was prompted by managers attempting to use AI as an objective arbiter for inherently subjective decisions.

• Software supply chain awareness. Expanding adversarial code review to identify risks not just in code being written, but in the dependencies surrounding it.

• Structured refusal logging. Tagging refusals with searchable categories so security teams can aggregate patterns without reading full transcripts.

The concept resonated because it was simple, immediately deployable, and didn’t ask much of the teams adopting it. As their security lead put it: “It’s strange that this isn’t already happening.”

The Layered Context Model

The constitution is designed as the outermost layer of a governance model we call the Enterprise AI Constitution:

• Corporate (outermost): The constitution. Organization-wide, read-only, non-negotiable.

• Team (middle): Team-level addenda that interpret corporate rules for a specific function. Governed by team leads. Can and is used to fill in team level objectives, standards, and environments the team operates with in.

• Practitioner (innermost): Individual context covering the operator’s role, systems, decision authority, and working preferences.

Each layer narrows the scope. Each layer builds on the one above, providing your workforce with an AI Agent already aligned with your company and team goals before they make their first request.

This maps directly to how governance already works in regulated industries. Corporate policy sets boundaries. Procedures interpret them for functions. Runbooks tell practitioners what to do. AI is the perfect candidate to receive this context so it can advocate on behalf of the organization when helping a user reply to an email. Research a new product or market ensuring adherence the the same standards and business practices your company agreed to uphold to his board, or shareholders.

The corporate layer alone is a significant improvement over the status quo. You don’t need all three layers to start. Deploy the constitution first. Add layers as your governance matures.

The Standard Is Open

We’re releasing the Enterprise AI Constitution Standard as an open, public resource. It includes:

• The 9-section standard with template language, implementation guidance, and pitfall documentation

• Ready-to-use templates for corporate, team, and practitioner constitutions

• A 24-scenario test suite for validating your constitution’s behavioral outcomes

• An anonymized real-world example from an industrial manufacturing context

• Documentation on the Context Onion framework and enterprise deployment

The standard is licensed under CC BY 4.0. Free to use, adapt, and build upon for any purpose, including commercial, with attribution.

Website: constitutionbuilder.ai GitHub: enterprise-ai-constitution

This is version 1.0. It reflects real-world deployment and validation, but the framework is evolving. We’re actively seeking feedback from organizations deploying constitutions in production. What works, what breaks, what’s missing.

If you’re using this framework or considering it, visit constitutionbuilder.ai to get started, or head to GitHub to open an issue, submit a PR, or start a discussion.

I am an OT cybersecurity consultant specializing in ICS risk assessments, corporate governance, architecture reviews, and compliance gap assessments for critical infrastructure environments. If you made it this far feel free to talk to me about Bonsai, Whiskey, or being a parent, all things that consume my life outside of Cyber security.

Does this sound like your quality lab?

Quality labs are another oft ignored blind spot in manufacturing cybersecurity. Sitting between IT and operational technology, these environments house million-dollar analytical instruments, critical test data, and access pathways that could compromise both enterprise networks and production systems. Yet they remain largely unprotected, caught in the security silo between IT teams focused on corporate networks and OT teams protecting production lines.

A critical gap exists in how manufacturers approach lab security. Recent studies indicate that 84% of manufacturers have embraced or are actively considering smart manufacturing applications, yet lab systems often connect to networks without proper security controls. My own assessments have discovered lab equipment accidentally bridged between OT and corporate networks, creating unintended pathways for lateral movement. Many analytical instruments ship with default passwords and un-encrypted communications as standard, vulnerabilities that would be unacceptable in any modern IT system but persist in million-dollar lab equipment.

Oh not the convergence word again…

The manufacturing industry is experiencing accelerating IT/OT convergence. Omdia’s recent research found that 80% of manufacturers experienced increased cyber incidents, yet only 45% feel adequately prepared to defend against these threats. More concerning: the study revealed a “fragmented approach to security responsibility” with a lack of clear ownership and authority for securing mission-critical systems and quality labs epitomize this exact problem.

When IT and OT teams operate independently, labs hide under the radar with equipment that is treated like OT because it can’t be easily upgraded or replaced. As detailed in the ISA OT Cybersecurity Summit analysis, three primary definitions of IT/OT convergence each create distinct security risks. The most dangerous scenario for labs is when IT management practices are enforced directly onto OT infrastructures without understanding the validation and operational requirements unique to analytical environments. IT security teams apply standard patching schedules that could invalidate instrument certifications. OT teams, focused on production continuity, overlook the enterprise connectivity risks that lab equipment now presents.

Why Quality Labs Matter to Your Supply Chain Risk

Quality labs generate data that often bridges operational and enterprise systems through pathways most organizations don’t monitor or control. The convergence of IT and OT systems is driving manufacturing innovation, but organizations that fail to adopt intentional integration strategies risk leaving their labs in a vulnerable state. Lab equipment connects to:

• Enterprise networks – for data reporting, regulatory compliance uploads, and remote vendor diagnostics

• Production systems – for real-time quality feedback and feed-forward controls

• Third-party infrastructure – for cloud analytics, vendor support, and regulatory submissions

But the connectivity threat extends far beyond network connections. Many quality labs still operate legacy workstations running Windows XP, Windows 7, or even Raspberry Pi OS, some of which haven’t received security patches in years. These aging machines collect critical test data from million-dollar analytical instruments, yet they remain largely invisible to corporate IT security programs because they’re perceived as “OT” systems outside IT’s scope.

The real vulnerability emerges in how data moves between these domains. We’ve documented cases where lab technicians download test data to USB drives and then plug those same drives directly into corporate assets for reporting and regulatory submission. This “sneaker net” approach creates a direct bridge between isolated lab environments and enterprise networks—a pathway that can carry not just data, but malware, configuration changes, and persistent threats. A compromised USB drive becomes a vector that bypasses all network segmentation, firewalls, and perimeter controls.

Each connection point—whether networked or physical—is a potential entry vector for compromise. Default credentials on a spectrophotometer. Un-encrypted data flows from a chromatograph. Remote access sessions from equipment vendors. USB-based data transfer from decades-old workstations to modern corporate systems. All of these are routine in quality labs, and all represent security risks that span both IT and OT domains, creating bridges that traditional security models fail to address.

The Third-Party Vendor Problem

Quality lab equipment typically requires ongoing support from manufacturers. Some vendors need remote access to perform diagnostics, install updates, and validate system performance. Others require yearly onsite visits during calibrations to apply patches and upgrade equipment. This creates a practical security challenge: how do you enable necessary vendor access while preventing that access from becoming a persistent backdoor?

Traditional IT solutions (VPNs, SSH sessions, application firewalls) weren’t designed for the constraints of analytical equipment. OT-style air-gapping or strict network isolation breaks vendor support arrangements and may violate service level agreements. Labs sit in this uncomfortable middle ground where neither traditional IT nor traditional OT security solutions work perfectly.

Breaking Down the Silos

Breaking down silos between IT, OT, and quality organizations is essential. Lab security is not just an IT problem or an OT problem—it’s an enterprise risk that demands coordinated response. By applying proven OT security frameworks while respecting the unique operational requirements of analytical environments, manufacturers can close this critical security gap.

The path forward requires:

1. Acknowledging the problem – Quality labs are OT assets that require OT security discipline, not IT afterthoughts

2. Clarifying ownership – Establish clear accountability for lab security across IT, OT, and quality organizations

3. Understanding constraints – Recognize that labs have validation requirements and operational continuity needs that shape what security controls are feasible

4. Implementing segmentation – Separate lab networks from both enterprise and production infrastructure with controlled data flows

5. Managing vendor access – Audit, document, and control third-party access with compensating controls where traditional solutions don’t fit

Partner with DirectDefense for Comprehensive OT Security

At DirectDefense, we’ve helped manufacturers across industries identify and remediate vulnerabilities in their quality lab environments. Our approach combines deep OT security expertise with an understanding of the unique challenges these environments present—from validation constraints to vendor management complexities.

Our OT security assessment methodology specifically addresses quality lab risks through:

• Comprehensive asset discovery including legacy analytical equipment and sneaker net data flows

• Network traffic analysis to identify improper segmentation and unauthorized communications

• Vendor access audit and remediation planning with focus on shared credential risks

• Custom security roadmaps that balance operational needs, regulatory requirements, and risk reduction

• Practical compensating controls for systems that cannot be traditionally secured

Quality labs are critical to your manufacturing operation and your supply chain integrity. Don’t leave them as the overlooked vulnerability in your OT security program. Reach out to schedule an assessment.

Supporting Resources

• Omdia: 80% of manufacturers hit by rising cyber threats, while only 45% are prepared

• Definitions of IT/OT Convergence Shape OT Cybersecurity Risks and Solutions

• The Power of IT-OT Convergence in Driving Manufacturing Innovation

• DirectDefense: Securing the Path Between IT and OT Environments

In 1789, a 21-year-old textile apprentice named Samuel Slater walked off a ship in New York Harbor carrying the most valuable cargo imaginable: the complete blueprint for Britain's industrial revolution locked inside his head. No USB drives, no encrypted files, no network exfiltration just pure human memory containing the technical specifications that would launch America's manufacturing dominance.

Slater's story reads like a modern cyber espionage operation, and the parallels are pretty spot on. While helping companies assess cybersecurity risks and build more resilient OT systems, I see the same attack patterns Slater used over 230 years ago playing out in our SCADA networks today. The tools have evolved, but the fundamental vulnerabilities remain unchanged.

The Classic Insider Threat Pattern

Samuel Slater wasn't some random opportunist. He was a trusted insider with privileged access the 18th-century equivalent of a system administrator with root privileges. Starting his apprenticeship at age 14 under Jedediah Strutt, Slater spent years learning the intricate workings of Richard Arkwright's water frame technology, the crown jewel of British textile manufacturing.

Britain treated this technology like we treat classified encryption algorithms today. They had comprehensive export controls: death penalties for exporting machinery, severe punishments for skilled workers attempting to emigrate, and manufacturing processes guarded as state secrets. The British understood that their technological advantage was worth more than gold it was the foundation of their economic empire.

But they faced the same challenge we see in industrial environments today: balancing necessary trust with appropriate security controls. Organizations must trust their workers the vast majority are honest and deserve to be treated with dignity and respect while implementing safeguards that protect both against the rare malicious insider and the more common threat of honest employees being victimized by social engineering, data stealers, and ransomware attacks.

Memory as the Perfect Exfiltration Vector

Slater's methodology was practically inevitable. Writing down the information would have created a paper trail that could expose him at British ports, so memorization was really his only viable option. Rather than stealing physical blueprints or smuggling out components the equivalent of copying files to removable media he committed the entire system architecture to memory. Every gear ratio, belt configuration, and mechanical timing sequence was committed to memory through years of hands-on operation.

Think about your own industrial environment. How many operators could rebuild critical control logic from memory? How many technicians understand the complete process flow well enough to recreate it elsewhere? That institutional knowledge walking around your facility represents the same vulnerability Slater exploited but it also creates a double-edged risk. Some operators may hold vital operational information that exists nowhere else but their heads, meaning you face threats both from malicious exfiltration and simple employee departure.

Modern attackers have simply digitized this approach, but the threats have evolved beyond willing accomplices. Today's insider threats often involve employees being blackmailed into stealing sensitive information for nation-states or state-owned enterprises. Meanwhile, ransomware and infostealers create an even broader risk selling stolen data that may include critical IP, passwords, and process information to the highest bidder, turning every compromised employee into an unwitting Samuel Slater.

Evading Border Controls: The Original Network Segmentation Challenge

Britain's export controls created physical isolation designed to prevent technology transfer. While many companies today claim "air gaps" for their critical systems, true isolation is rarely practical or even real. Modern industrial cybersecurity focuses less on absolute isolation and more on building what we call a security onion layered defenses throughout the enterprise and process control networks.

Slater defeated Britain's border controls through social engineering and identity manipulation, disguising himself as a farm laborer to avoid detection. His success demonstrates why segmentation must be more than a single boundary. He bypassed the primary control point, but Britain had no secondary verification layers or monitoring of what crossed their borders.

Today's approach recognizes this reality. Network segmentation creates multiple security zones with different trust levels, monitored transitions between zones, and defense-in-depth rather than relying on a single perimeter. When someone needs to move between your corporate network and process control systems whether it's a maintenance technician with a laptop or an engineer updating HMI software you need multiple verification points and monitoring at each boundary crossing.

The British learned what we implement through modern segmentation: you can't stop every threat at the perimeter, but you can make it much harder for threats to move laterally once they're inside.

The Network Effect of Industrial Espionage

Once in America, Slater didn't just build one facility he recreated Britain's entire textile ecosystem. By 1793, he had established the first successful water-powered textile mill in America. By 1801, he was building complete industrial communities, transferring not just technology but entire manufacturing methodologies.

This is exactly what we see with modern industrial espionage. Attackers don't steal individual PLCs or HMI configurations they steal the operational knowledge to replicate entire industrial processes. The most successful modern version of Slater's approach has been the relentless Chinese campaigns targeting manufacturing sectors since the early nineties, though they're hardly the only nation conducting cyber espionage. These campaigns aren't collecting random data; they're systematically acquiring the knowledge needed to rebuild our industrial capabilities.

When I work with companies on cybersecurity assessments, I see the vulnerabilities that make this pattern possible: inadequate network segmentation, excessive user privileges, and insufficient monitoring of operational systems. The architectural weaknesses I find would certainly enable attackers to study operational processes, understand control philosophies, and learn how systems interact.

The threat is evolving beyond traditional attack methods. We're

seeing AI and machine learning increasingly incorporated into control system design. AI models helping engineers develop control logic, AI optimizing process parameters. This creates new attack surfaces we're only beginning to understand. Meanwhile, attackers are leveraging these same AI tools to narrow their experience gap when encountering unfamiliar industrial systems. What once required years of operational knowledge can now be accelerated through AI-assisted reconnaissance and system analysis.

What Slater Teaches Modern Defenders

Trust but Verify Isn't Enough: Britain trusted Slater because he was part of their system for years. We trust our operators, technicians, and engineers because they're essential to operations. But trust without continuous monitoring creates blind spots. Modern behavioral analytics for industrial systems serve the same purpose as 18th-century guild oversight detect when trusted insiders act outside normal patterns.

Compartmentalization Remains Critical: Slater's access to complete system designs was operationally necessary but strategically disastrous. Today's zero-trust architectures apply this lesson: even trusted users only access what they need for their specific role. Your HMI operator doesn't need engineering station privileges.

Supply Chain Vigilance Never Ends: Slater evaded border controls just as modern attackers bypass network perimeters. The lesson: security controls must extend beyond your facility boundaries to include vendors, contractors, and anyone with system access. That engineering laptop leaving your site represents the same risk as Slater boarding his ship to America.

The Human Element Endures

The most sobering aspect of Slater's story is how little has changed. We've built sophisticated network security, deployed advanced threat detection, and implemented comprehensive access controls. But we still rely on people to operate our systems, and people remain both our greatest asset and our most exploitable vulnerability.

Slater succeeded because he understood something we sometimes forget in our focus on technical controls: the most valuable intellectual property exists in the minds of the people who use it daily. Until we account for that human factor in our security designs, we'll keep discovering that our most sensitive knowledge walked out the door in someone's memory or in their malware-infected laptop.

The next time you're designing security for an industrial environment, remember Samuel Slater. The attack vectors have evolved from memory to malware, but the fundamental challenge remains protecting knowledge while enabling the human expertise that makes our systems run.

Zach Corum helps companies identify and manage cybersecurity risk through assessments, architecture reviews, and infrastructure consulting. Follow more insights on industrial security evolution at Infrasec Alliance and connect on LinkedIn.

This operational model, often referred to as a "hacker-for-hire ecosystem," is a cornerstone of China's "Military-Civil Fusion" strategy. This national-level directive intentionally blurs the lines between the state's security apparatus and the private sector, compelling and co-opting technology firms to serve the objectives of the Chinese Communist Party (CCP) (U.S. Department of State, n.d.). This arrangement provides the government with access to a vast and agile talent pool, while the companies receive financial backing and political cover.

A pivotal moment of clarity into this shadowy world came with the February 2024 leak of documents from I-Soon (Anxun), a Shanghai-based information security company. The files revealed a direct and contractual relationship between the company and various Chinese government entities, including the Ministry of Public Security (MPS) and the Ministry of State Security (MSS). As detailed in the "Nattothoughts" analysis of the event, the I-Soon leak is significant not because it reveals a new phenomenon, but because it provides unprecedented, tangible proof of the "scale and character" of the government-contractor relationship (Nattothoughts, 2024). It moves the discussion from attribution based on forensic data to documented evidence of contracts, employee complaints, and business operations, confirming that these are not rogue actors but integral, if sometimes messy, parts of the state's intelligence apparatus.

I-Soon's activities included targeting foreign governments, pro-democracy organizations in Hong Kong, and universities (Lyngaas & Goud, 2024). The Nattothoughts article emphasizes that the leaked data shows these contractors engaging in a "mix of the mundane and the malevolent," from monitoring dissent to enabling sophisticated network intrusions, all while functioning like a typical, sales-driven business with performance targets and internal politics.

This practice is not isolated to a single firm. For years, cybersecurity researchers have tracked numerous Advanced Persistent Threat (APT) groups with strong suspected links to the Chinese state. These groups, often given monikers like "APT41" (also known as Barium or Wicked Panda), have been observed conducting both cyber espionage for strategic state purposes and financially motivated cybercrime, indicating a fluid and opportunistic relationship with their government sponsors (Mandiant, n.d.).

The U.S. government has also taken a more assertive stance in exposing these operations. In March 2024, the Department of Justice announced charges against seven Chinese nationals, all employees of the Wuhan Xiaoruizhi Science and Technology Company Ltd. (Wuhan XRZ), for their alleged involvement in a 14-year global hacking campaign. The indictment explicitly stated that Wuhan XRZ acted as a front for the MSS, targeting U.S. and foreign critics of the Chinese government, businesses, and politicians (U.S. Department of Justice, 2024).

This symbiotic relationship offers several strategic advantages for Beijing in the greyzone:

• Plausible Deniability: By outsourcing cyber operations, the Chinese government can distance itself from malicious activities, making definitive attribution more challenging and complicating a direct state-to-state response.

• Access to Specialized Skills: The private sector often fosters a more dynamic and innovative environment for cyber talent. The government can tap into this expertise without the bureaucratic constraints of its own formal structures.

• Scalability and Flexibility: The use of a network of contractors allows for the rapid scaling of operations to meet evolving strategic priorities. Different firms can be activated for specific targets or campaigns, providing a flexible and resilient offensive cyber capability.

• Economic Incentives: The "hacker-for-hire" model creates a self-sustaining ecosystem where companies are motivated by profit to proactively seek out vulnerabilities and intelligence that can be sold to the government, further expanding the state's reach.

This deep-seated partnership with a proxy army of cyber warriors is a clear indication that China views these third-party companies as an indispensable tool in its long-term strategic competition. The continued exposure of these relationships by journalists, cybersecurity researchers, and Western governments is crucial in holding Beijing accountable for its actions in the increasingly contested domain of cyberspace.

References

• Lyngaas, S., & Goud, N. (2024, February 21). Leaked files reveal details of China's global hacking operations. CNN. Retrieved from https://www.cnn.com/2024/02/21/tech/china-hacking-files-isoon-intl/index.html

• Mandiant. (n.d.). APT41. Mandiant. Retrieved from https://www.mandiant.com/resources/insights/apt41

• Nattothoughts. (2024, February 22). I-SOON - Kicking off the Year of the Dragon. Nattothoughts on Strategy and Geopolitics. Retrieved from

Natto Thoughts

i-SOON: Kicking off the Year of the Dragon with Good Luck … or Not

On February 18, the first working day after a week-long Lunar New Year holiday, i-SOON, a Chinese information security company on which the Natto team reported last October, posted on its WeChat public account a red banner with the greeting 开工大吉 (kai gong da ji), meaning …

Read more

2 years ago · 11 likes · 3 comments · Natto Team

• U.S. Department of Justice. (2024, March 25). Seven Hackers Associated with Chinese Government-Sponsored APT31 Hacking Group Charged with Computer Intrusion Offenses. Office of Public Affairs. Retrieved from https://www.justice.gov/opa/pr/seven-hackers-associated-chinese-government-sponsored-apt31-hacking-group-charged-computer

• U.S. Department of State. (n.d.). The CCP’s Military-Civil Fusion Strategy. Retrieved from https://www.state.gov/the-ccps-military-civil-fusion-strategy/

1. Introduction

The industrial automation (IA) landscape is on the cusp of a significant transformation, driven by the rapid advancements and integration of Generative Artificial Intelligence (GenAI). This technology, capable of creating novel content, code, and solutions from existing data, promises to redefine how industrial systems are designed, operated, and maintained. From enhancing human-machine collaboration through intuitive copilots to optimizing complex processes with AI-driven insights, GenAI is poised to unlock new levels of productivity, efficiency, and innovation across various industrial sectors.

This report provides an in-depth analysis of GenAI integration within industrial automation platforms and tools. It examines the strategies and offerings of major IA vendors, explores the contributions of emerging and niche players, and identifies key market trends, challenges, and the future outlook for this dynamic field. The objective is to furnish industry stakeholders with a comprehensive understanding of the current state and potential trajectory of GenAI in industrial automation, enabling informed decision-making and strategic planning.

2. Methodology

The findings and analyses presented in this report are derived from a comprehensive review of publicly available information, including company announcements, product documentation, technical papers, industry reports, and news articles published between 2022 and 2025. The research focused on identifying specific GenAI-powered tools, their integration with existing IA platforms (such as PLCs, SCADA, MES, DCS, and Digital Twins), targeted use cases, strategic partnerships, and deployment models. The analysis synthesizes this data to provide a nuanced perspective on vendor strategies, market trends, and the broader implications of GenAI for the industrial automation sector.

3. Major Industrial Automation Vendors and GenAI Integration

The established leaders in industrial automation are actively incorporating GenAI into their portfolios, each with distinct strategies that leverage their core strengths and target specific market needs.

3.1. ABB

Overview of IA Portfolio and GenAI Strategy:

ABB, a global leader in electrification and automation, is strategically embedding GenAI across its portfolio to enhance productivity, safety, and sustainability for industries such as power generation, oil and gas, manufacturing, and transportation.1 Their approach focuses on leveraging GenAI to create intuitive, knowledge-driven solutions that empower the workforce and optimize operations. A cornerstone of this strategy is the ABB Ability™ Genix Industrial Analytics and AI Suite, which serves as an enterprise-grade digital platform for integrating OT, IT, and ET data, enhanced with AI and machine learning.3

Flagship IA Platforms and GenAI Integration:

• ABB Ability™ Genix Industrial Analytics and AI Suite: This platform is central to ABB's AI strategy, combining industrial analytics and AI to unlock value from contextualized data through the Industrial Internet of Things (IIoT).³ Genix integrates data from diverse sources, including PLCs, MES, and SCADA systems, into a cognitive data lake, enabling advanced analytics and AI-driven insights.³

• ABB Genix™ Copilot: Integrated with Microsoft Azure OpenAI Service, Genix Copilot leverages GenAI to enable users to interact with industrial data using natural language, aiming to improve efficiency, productivity, and sustainability by contextualizing vast amounts of data.³ This solution is designed to make complex industrial data more accessible and actionable for a wider range of users.

• ABB Ability™ Platform: The broader ABB Ability platform provides an open architecture for seamless integration with ABB's products and third-party systems, offering manufacturers a customizable approach to digital transformation.⁸

Specific GenAI-Powered Products/Tools:

• My Measurement Assistant+: An AI-powered digital solution leveraging GenAI, cloud computing, and Augmented Reality (AR) for maintenance and remote troubleshooting of measurement devices. Integrated with Genix Copilot and Microsoft technologies, it aims to resolve technical support issues rapidly, potentially boosting first-time fix rates by up to 50%.⁶ This tool provides a single access point for information retrieval, device diagnostics, and remote support.

• ABB Ability™ Industrial Knowledge Vault: A GenAI-driven solution, developed with Microsoft Azure OpenAI Service and Genix CoPilot, designed to capture, retain, and safeguard critical operational expertise. It transforms this knowledge into step-by-step workflows accessible via natural language queries, addressing the challenge of knowledge loss from retiring experienced employees and enhancing workforce productivity.¹⁰ The system continuously learns from real-world operations to refine workflows.

Integration with Core Industrial Systems (PLC, SCADA, MES, Digital Twins):

• PLC/SCADA/MES: The Genix platform, through its Contextual Fusion Hub, is designed to ingest and contextualize real-time OT data from sources like SCADA and MES, and by extension, PLCs which feed these systems.⁵ While direct GenAI for PLC programming isn't explicitly detailed as a primary feature in the provided materials, the insights and operational guidance from GenAI tools like Genix Copilot and Industrial Knowledge Vault would inherently leverage data originating from these core systems.

• Digital Twins: Genix integrates with a System Digital Twin Integrity Hub, enhancing data contextualization for digital twins.⁵ The platform supports hundreds of pre-built asset models and digital twins, which are crucial for the AI-powered advanced analytics offered.

Targeted Industrial Use Cases and Sectors:

• Use Cases: Predictive maintenance, remote troubleshooting, knowledge management and retention, operational efficiency, workforce empowerment, workflow generation, real-time decision support, asset performance management, and reduction in unplanned downtime.³

• Sectors: Process industries (energy, water, materials), hybrid industries, maritime, power generation, oil and gas, manufacturing, transportation, food and beverage, life sciences, mining, and chemicals.¹

Strategic GenAI Technology Partnerships:

• Microsoft: This is a cornerstone partnership. ABB collaborates with Microsoft to bring GenAI to industrial applications, leveraging Microsoft Azure OpenAI Service for solutions like Genix Copilot, My Measurement Assistant+, and the Industrial Knowledge Vault.³ ABB states they made a strategic decision to collaborate with Microsoft to use GenAI to solve complex industrial problems.⁷

• Tietoevry: ABB Drives collaborated with Tietoevry Create to deploy a custom GenAI platform (based on Tietoevry's GPT for Business accelerator) to support team members with daily work by connecting to multiple internal knowledge bases via a chat interface, running on ABB Drives' premises.¹²

Deployment Models:

• ABB Ability™ Genix: Offers flexible deployment across edge, fleet, plant, on-premises, hybrid, cloud, and multi-cloud environments. It is available via permanent license (customer manages infrastructure) or as SaaS/PaaS.⁴

• ABB Ability™ Industrial Knowledge Vault: Can be deployed across cloud, on-premise, or ABB SaaS.¹⁰

• My Measurement Assistant+: A web application leveraging cloud computing.⁶

• Custom GenAI Platform for ABB Drives (with Tietoevry): Runs within ABB Drives' premises.¹²

Key Announcements and Product Roadmaps (2023-2025):

• 2025 (no specific month, but context implies early 2025 or late 2024): ABB Robotics names T-Robotics and Mbodi as AI Startup Challenge winners, aiming to collaborate on conversational AI and adaptive learning robotics solutions, with commercial applications expected in 2025.¹³ This signals a move towards GenAI in robotics programming and operation.

• March 2025: Launch of My Measurement Assistant+.⁶

• March 2025: Article on AI-powered energy management solutions, partnering with startups like Ndustrial and GridBeyond (though not explicitly GenAI, it's part of their broader AI strategy).¹⁵

• May 2025 (Automate 2025): Showcase of OmniCore™ controller, emphasizing faster, smarter, autonomous automation, integrating ABB's hardware and software portfolio.¹⁶ While not explicitly GenAI, it lays the groundwork for more advanced AI integration.

• Launch of ABB Ability™ Industrial Knowledge Vault.¹⁰

ABB's GenAI initiatives demonstrate a clear understanding of the technology's potential to address critical industrial challenges, particularly knowledge retention and operational efficiency. The development of the Industrial Knowledge Vault, leveraging Microsoft Azure OpenAI, directly tackles the issue of expertise loss due to workforce changes.¹⁰ This is achieved by capturing and structuring domain-specific knowledge into an accessible, conversational format. This approach suggests that ABB sees GenAI not just as a tool for data analysis, but as a means to preserve and democratize invaluable human expertise, turning it into an actionable digital asset. The continuous learning capability of the Vault, refining workflows based on real-world operations, points towards a system that evolves alongside the industrial environment it supports, promising ongoing improvements in operational continuity and efficiency.¹⁰

Furthermore, ABB's partnership with Microsoft is a significant enabler of its GenAI strategy, providing the foundational AI models and cloud infrastructure necessary to build and scale solutions like Genix Copilot and My Measurement Assistant+.⁶ This collaboration allows ABB to focus on applying GenAI to specific industrial domain problems, integrating their deep industry knowledge with advanced AI capabilities. The projection that My Measurement Assistant+ could resolve a majority of technical support issues in minutes and boost first-time fix rates by up to 50% highlights the tangible operational benefits ABB anticipates from these GenAI tools.⁶ This strategy indicates a move towards more proactive and intelligent maintenance and support, reducing reliance on manual troubleshooting and potentially lowering operational costs significantly. The integration of Augmented Reality in My Measurement Assistant+ further suggests a vision for a highly interactive and supportive environment for frontline workers.⁶ Such a multi-faceted approach, combining GenAI with AR and cloud computing, underscores a commitment to creating comprehensive digital solutions that address multiple facets of industrial operations.

3.2. Siemens

Overview of IA Portfolio and GenAI Strategy:

Siemens, a global industrial powerhouse, is aggressively integrating GenAI across its extensive automation, digitalization, and industrial software portfolio, particularly within the Siemens Xcelerator platform.17 Their strategy revolves around creating "Industrial Copilots"—GenAI-powered assistants designed to optimize workflows, enhance human-AI collaboration, and boost productivity and sustainability across the entire industrial value chain, from design and engineering to operations and service.21

Flagship IA Platforms and GenAI Integration:

• Siemens Xcelerator: An open digital business platform that forms the backbone of Siemens' digitalization strategy. Industrial Copilots and other AI capabilities are being integrated into this ecosystem.²⁰

• Totally Integrated Automation (TIA) Portal: Siemens' flagship engineering framework for automation. It is being enhanced with GenAI through the "Engineering Copilot".²⁵

• Teamcenter: Siemens' Product Lifecycle Management (PLM) software, which is being integrated with GenAI capabilities, particularly through the partnership with Microsoft for Teamcenter X on Azure.²¹

Specific GenAI-Powered Products/Tools:

Siemens is developing a comprehensive suite of Industrial Copilots:

• Engineering Copilot for TIA Portal: An AI-supported assistant that acts as a bridge between the local TIA Portal (V19 or V20) and Azure OpenAI services. It allows users to ask questions about automation tasks, provides S7 PLC code generation support, and guides users in creating WinCC Unified HMI visualizations using natural language prompts.²⁰ It aims to significantly reduce development time and minimize errors.

• Design Copilot NX: Provides AI engineering assistance within Siemens NX software, enabling users to ask natural language questions, access technical insights, and streamline complex design tasks for faster product development.²¹

• Manufacturing Copilot NX X: Delivers generative AI-driven manufacturing recommendations, software navigation, and domain-specific answers within NX X, accelerating software navigation and enhancing productivity.²¹

• Planning Copilot Teamcenter Easy Plan: A GenAI-powered assistant for Teamcenter Easy Plan that aids in translating work instructions while maintaining accuracy, incorporating visuals, and company terminology. It can also build process plans from legacy documents.²¹

• Simulation Copilot Tecnomatix Process Simulate: Uses GenAI for efficient troubleshooting and optimization of complex manufacturing simulations, providing quick insights and guidance based on Process Simulate data.²¹

• Industrial Copilot for Operations: Designed for the factory workshop, enabling AI tasks close to machine operation to help operators and maintenance engineers make fast, real-time decisions.²⁰

• Industrial Copilot for Senseye Predictive Maintenance: Extends capabilities for Senseye Predictive Maintenance, supporting the entire maintenance cycle (repair, prevention, prediction, optimization) with GenAI-powered insights.²⁶

Integration with Core Industrial Systems (PLC, SCADA, MES, Digital Twins):

• PLC: The Engineering Copilot for TIA Portal directly supports PLC code generation (S7-SCL) and assists with engineering tasks for Simatic PLCs.²⁵ Siemens and Audi are pioneering virtual PLCs (vPLCs) controlling production, indicating a shift towards software-defined control where AI can be more deeply integrated.²⁴

• SCADA/HMI: The Engineering Copilot assists in creating WinCC Unified HMI visualizations.²⁵

• Digital Twins: Siemens is a leader in digital twin technology. The Industrial Foundation Model (IFM) being developed with Microsoft aims to interpret and contextualize 3D models, 2D drawings, and industrial data.²⁴ The partnership with NVIDIA enhances visualization and simulation for immersive, photorealistic digital twins.²⁴

• MES: While not explicitly detailed for GenAI integration in these snippets, the overall Xcelerator platform and Industrial Copilot vision cover the entire value chain, implying MES data would be leveraged for operational insights.

Targeted Industrial Use Cases and Sectors:

• Use Cases: PLC code generation, HMI visualization creation, product design assistance, manufacturing process planning and simulation, work instruction translation, troubleshooting, predictive maintenance, operational decision support, quality control, and optimizing plant unit layouts (e.g., for hydrogen plants).²¹

• Sectors: Discrete industries, process industries, automotive, machinery, hydrogen production, infrastructure, transportation, and general manufacturing.²⁰

Strategic GenAI Technology Partnerships:

• Microsoft: A crucial partner. Siemens is collaborating with Microsoft to develop an Industrial Foundation Model (IFM) on Azure, tailored to industry-specific data.²⁴ The Engineering Copilot for TIA Portal uses Azure OpenAI services.²⁵ Teamcenter X is integrated with Microsoft Azure and Microsoft 365.²³ Siemens and Microsoft partnered to create the first AI-powered assistant for industrial operations.²²

• NVIDIA: Siemens is integrating its industrial software and automation portfolio with NVIDIA AI to boost computing capabilities for efficiency and productivity. This includes enhancing digital twins with NVIDIA Omniverse, using NVIDIA accelerated computing for simulations (Simcenter STAR-CCM+), and leveraging NVIDIA AI for the Industrial Copilot for operations (e.g., real-time video analytics).²⁴

• AWS: Strategic collaboration to drive smart and sustainable infrastructure, combining Siemens' Building X platform with AWS cloud services and AI tools like Amazon Nova and Amazon Bedrock for energy efficiency and process automation in buildings.²⁴

• Accenture: Joint development and promotion of solutions integrating Siemens Xcelerator technology with Accenture's data and AI expertise to speed up digital transformation.²⁴

Deployment Models:

• Engineering Copilot for TIA Portal: Connects local TIA Portal installations to Azure OpenAI services, implying a hybrid model where the AI processing leverages the cloud.²⁵ Access is currently a subscription model for selected customers in Europe and USA.²⁵

• Industrial Foundation Model (IFM): Being developed on the Microsoft Azure platform.²⁴

• Many solutions are part of the Siemens Xcelerator portfolio, which supports cloud, edge, and on-premise deployments, though specific GenAI copilots primarily leverage cloud AI services.

Key Announcements and Product Roadmaps (2023-2025):

• Oct 31, 2023: Siemens announced partnership with Microsoft to launch the Siemens Industrial Copilot.²⁰

• Hannover Messe 2025 ²⁴: Major announcements regarding AI partnerships with Microsoft (IFM), Accenture, NVIDIA (digital twins, Industrial Copilot for operations), and AWS (Building X). Siemens and Audi showcased virtual PLCs.

• The Engineering Copilot for TIA Portal is available for TIA Portal V19 or V20, with access currently limited.²⁵

• Expansion of Industrial Copilot with GenAI-powered maintenance offering for Senseye Predictive Maintenance (date not specified but recent context).²⁶

Siemens' approach to GenAI is characterized by its ambition to create a suite of "Industrial Copilots" that span the entire industrial lifecycle, from design to operation and maintenance.²¹ This comprehensive vision suggests a deep integration of GenAI into their core platforms like TIA Portal, NX, and Teamcenter. The development of an Industrial Foundation Model (IFM) in collaboration with Microsoft is a particularly noteworthy initiative.²⁴ Such a model, trained on industry-specific data, could significantly accelerate the development and deployment of more accurate and context-aware AI solutions for manufacturing. This addresses a key challenge in industrial AI: the need for models that understand the nuances of industrial processes and data, rather than relying on generic language models. The ability of an IFM to process and contextualize diverse industrial data types, including 3D models and technical specifications, could unlock new levels of automation in engineering and decision-making.

The strong emphasis on partnerships with major technology providers like Microsoft (for cloud AI and IFM), NVIDIA (for digital twins and accelerated computing), and AWS (for smart infrastructure) is a critical component of Siemens' strategy.²⁴ These collaborations allow Siemens to leverage cutting-edge AI infrastructure and expertise, enabling them to focus on applying these technologies to specific industrial domains. For instance, the Engineering Copilot for TIA Portal, which uses Azure OpenAI services to assist with PLC code generation and HMI design ²⁵, directly addresses the need for faster and more efficient automation engineering. The projected 60% speed-up in SCL code generation ²⁶ highlights the potential productivity gains. This strategy of embedding GenAI assistance directly into established engineering tools is likely to lower the barrier to adoption for many engineers and accelerate the creation of complex automation solutions. The move towards virtual PLCs, as demonstrated with Audi ²⁴, further signifies a future where software and AI play an even more central role in factory control, offering greater flexibility and the potential for AI-supported production.

3.3. Rockwell Automation

Overview of IA Portfolio and GenAI Strategy:

Rockwell Automation, a major player in industrial automation and information solutions, is focusing its GenAI strategy on enhancing its FactoryTalk software suite, particularly through cloud-native solutions and a strong partnership with Microsoft.17 Their aim is to improve design productivity, streamline operations, and empower the workforce by making complex automation tasks more intuitive and data-driven. The company's "State of Smart Manufacturing Report" heavily influences their messaging, highlighting AI (including GenAI) as a top technology investment area for manufacturers.30

Flagship IA Platforms and GenAI Integration:

• FactoryTalk® Software Suite: Rockwell's comprehensive software portfolio for industrial applications, spanning design, operations, maintenance, and analytics/IIoT.³¹ GenAI capabilities are being integrated into various components of this suite.

• FactoryTalk Design Studio™: A cloud-native industrial automation design environment. This is a key platform for GenAI integration, featuring the "FactoryTalk Design Studio Copilot".³¹

• FactoryTalk Optix™: A cloud-enabled HMI, IIoT, and edge computing platform. It is being enhanced with AI models, such as the FT Optix Food & Beverage model.²⁹

• Plex Smart Manufacturing Platform: A digital manufacturing system for real-time tracking and analysis of operations, acquired by Rockwell Automation.²⁸

• FactoryTalk DataMosaix™: An industrial DataOps solution for making IT, OT, and ET data available and useful.³¹

• FactoryTalk GuardianAI™: Listed under Maintenance software, but specific GenAI capabilities are not detailed in the provided snippets.³⁴

Specific GenAI-Powered Products/Tools:

• FactoryTalk Design Studio Copilot: Powered by Microsoft Azure OpenAI Service, this GenAI assistant is embedded in FactoryTalk Design Studio. It enables engineers to use natural language prompts for tasks such as product guidance, PLC code generation, code explanation, and troubleshooting. It aims to make system design faster, more intuitive, and reduce errors.²⁹ The 1.08 update introduced refined response times and an "Ask Copilot" feature for error explanations.³³

• FT Optix Food & Beverage Model: An adapted AI model leveraging Microsoft's Phi-3 small language models (SLMs), integrated into the Microsoft AI model catalog. It provides machine operators with AI-guided instructions via the FactoryTalk Optix interface, assisting in process and device operations to enhance productivity and reduce errors.²⁹

Integration with Core Industrial Systems (PLC, SCADA, MES, Digital Twins):

• PLC: FactoryTalk Design Studio Copilot directly assists with PLC code generation (Logix experience) and can model systems based on natural language prompts.³² Projects designed in FactoryTalk Design Studio can be deployed to ControlLogix or CompactLogix L8 controllers.³²

• SCADA/HMI: FactoryTalk Optix is the HMI platform where AI-guided instructions are delivered to operators (e.g., FT Optix Food & Beverage model).²⁹

• MES: Plex Smart Manufacturing Platform is Rockwell's MES offering.²⁸ While direct GenAI integration into Plex isn't explicitly detailed, the overall strategy of leveraging data from across the FactoryTalk suite implies MES data would be part of the ecosystem. ³⁴ notes MES capabilities through Plex integration with FactoryTalk Design Studio.

• Digital Twins: Rockwell mentions building the "Factory of the Future with Digital Twins" ³⁶, and FactoryTalk Logix Echo is used for code emulation ³², a component of digital twin strategies. The FactoryTalk InnovationSuite combines ML, AI, and IoT to improve industrial procedures.¹⁸

Targeted Industrial Use Cases and Sectors:

• Use Cases: PLC code generation, code explanation, troubleshooting automation projects, system modeling from natural language, product guidance, AI-guided operator instructions, demand forecasting, scheduling, procurement, predictive maintenance.²⁸

• Sectors: General manufacturing, food and beverage, automotive, consumer packaged goods, life sciences, and other industries benefiting from improved automation design and operational efficiency.²⁹ Identified as a key beneficiary of U.S. reshoring.¹⁷

Strategic GenAI Technology Partnerships:

• Microsoft: This is a cornerstone strategic collaboration. Rockwell leverages Microsoft Azure cloud and AI capabilities, specifically Azure OpenAI Service for the FactoryTalk Design Studio Copilot, and Microsoft's Phi-3 SLMs for the FT Optix Food & Beverage model.²⁹ Microsoft's Azure IoT Operations integrates with Rockwell's FactoryTalk Optix.²⁹

Deployment Models:

• FactoryTalk Design Studio: A cloud-native Software-as-a-Service (SaaS) solution, accessible via a web browser without downloads or installs.²⁹

• FactoryTalk Optix: Cloud-enabled HMI platform.³²

• The overall approach emphasizes cloud-based solutions leveraging Microsoft Azure.²⁹

Key Announcements and Product Roadmaps (2023-2025):

• Automation Fair 2023 (Nov 2023): Rockwell highlighted advancements in AI, plans to integrate AI into legacy products, and the development of an industrial metaverse in partnership with Microsoft.³⁸ The FactoryTalk Design Studio Copilot and FT Optix Food & Beverage model with Microsoft were key announcements.²⁹

• FactoryTalk Design Studio 1.08 update ³³: Introduced refined GenAI Copilot response times and "Ask Copilot" for error explanations.

• 2024 State of Smart Manufacturing Report ³⁰: Highlights that 83% of manufacturers anticipate using GenAI in 2024, and GenAI is the #1 new area for technology investment. This report heavily influences Rockwell's messaging.

Rockwell Automation's GenAI initiatives are strongly tethered to its collaboration with Microsoft, aiming to make industrial automation design and operation more intuitive and efficient, primarily through cloud-native platforms like FactoryTalk Design Studio and its embedded Copilot.²⁹ This approach is geared towards democratizing complex tasks, such as PLC programming, by enabling natural language interaction and AI-assisted code generation and troubleshooting.³² The cloud-native architecture of FactoryTalk Design Studio inherently offers advantages in collaboration, accessibility (no installation needed), and continuous updates, which are vital for rapidly evolving GenAI capabilities.³² By aligning closely with Microsoft Azure OpenAI Service, Rockwell can quickly deploy sophisticated GenAI features within a scalable cloud framework, concentrating on enhancing the user experience for engineers. This strategy suggests a clear direction towards improving developer productivity and lowering the entry barrier for designing advanced automation systems. The potential here is to significantly accelerate the adoption of model-based design and digital twin concepts by making the necessary tools more intelligent and user-friendly. However, this tight coupling with a single major cloud and AI provider also means Rockwell's GenAI innovation pace is linked to Microsoft's roadmap. Convincing customers with strong preferences for on-premise solutions or those with heightened concerns about cloud security for their design intellectual property to fully adopt these cloud-native tools will be a key factor for widespread adoption.

Beyond empowering design engineers, Rockwell's GenAI strategy extends to the shop floor, aiming to assist machine operators directly. The FT Optix Food & Beverage model, which leverages Microsoft's Phi-3 small language models, is designed to provide AI-guided instructions to operators through the FactoryTalk Optix HMI.²⁹ This indicates a broader vision of using GenAI to bridge skills gaps and enhance the effectiveness of frontline workers, a theme also echoed in their "State of Smart Manufacturing Report".³⁰ The manufacturing sector consistently faces challenges related to skilled labor shortages and the ongoing need for upskilling. GenAI offers a pathway to process complex information—such as operational manuals, best practices, and real-time data—and deliver it to operators in an easily digestible and contextualized manner, thereby improving their decision-making and task execution. This focus on enabling frontline workers suggests that Rockwell views GenAI as a technology to augment human capabilities directly at the point of operation. Such an approach could lead to improvements in quality, reductions in errors, and faster onboarding for new personnel. The integration of GenAI into HMI/operator interfaces like FactoryTalk Optix has the potential to transform the operator's role from one of mere task execution to that of a more informed, AI-supported decision-maker. This aligns with the broader Industry 4.0 trend of fostering a more connected and intelligent workforce. The ultimate success of this operator-focused GenAI will hinge on the quality of the AI models and their capacity to deliver relevant, real-time guidance without overwhelming the user.

3.4. Schneider Electric

Overview of IA Portfolio and GenAI Strategy:

Schneider Electric, a prominent figure in energy management and automation, is strategically infusing GenAI to bolster efficiency, sustainability, and innovation for its clientele and internal processes.17 Their core approach involves weaving GenAI into the EcoStruxure platform, with a significant reliance on partnerships, most notably with Microsoft for AI software capabilities and NVIDIA for AI hardware and digital twin advancements.20

Flagship IA Platforms and GenAI Integration:

• EcoStruxure™ Architecture and Platform: This is Schneider Electric's IoT-enabled, open, and interoperable backbone. GenAI functionalities are being integrated into solutions built upon EcoStruxure, targeting buildings, data centers, infrastructure, and industrial applications.³⁹

• EcoStruxure Automation Expert: A software-defined automation system. This platform is being notably enhanced with an "Automation Copilot" designed to assist engineers.¹⁷

• EcoStruxure Resource Advisor Copilot: A conversational AI tool embedded within the Resource Advisor platform. It facilitates enterprise energy and sustainability data analysis, visualization, and supports decision-making processes.³⁹

Specific GenAI-Powered Products/Tools:

• Automation Copilot (for EcoStruxure Automation Expert): Developed in collaboration with Microsoft, this generative AI assistant is engineered to help engineers swiftly create high-quality, validated PLC code and generate entire applications. It aims to elevate engineering efficiency throughout the application generation lifecycle.²⁰

• Jo Virtual Agent: An AI-driven chatbot designed to guide users towards self-service support on Schneider Electric's online platforms, offering a seamless transition to live agents when necessary.³⁹

• AI-powered home energy management feature for Wiser Home: This system employs an AI algorithm that adapts to user preferences, prevailing weather conditions, and energy tariffs to realize energy savings and reduce CO2 emissions.³⁹

• Finance Advisor: A conversational assistant tailored for financial analysts, providing precise information for accounting and other financial functions.⁴³

• Knowledge Bot: A conversational assistant for customer care representatives, designed to quickly find precise information and propose appropriate answers based on extensive internal documentation.⁴³

Integration with Core Industrial Systems (PLC, SCADA, MES, Digital Twins):

• PLC: The Automation Copilot for EcoStruxure Automation Expert is specifically engineered for PLC code generation, with the goal of assisting engineers in producing high-quality, tested, and verified code.²⁰

• SCADA/HMI: The EcoStruxure Automation Expert Platform offers a unified environment encompassing control logic, motion control, HMI, safety systems, and simulation tools.⁴⁰ Schneider Electric is also exploring how edge computing and AI can revolutionize SCADA systems, particularly in sectors like Water & Wastewater, by enabling local data processing and integrating AI-derived inferences into SCADA operations.⁴⁶

• MES: While explicit details of GenAI for MES are not extensively covered, the strategic emphasis on IT/OT convergence ⁴⁰ and comprehensive industrial data management ³⁹ suggests that MES data will be a crucial component of the ecosystem that GenAI tools can leverage. General discussions on the benefits of MES and SCADA integration also provide context.⁴⁷

• Digital Twins: A partnership with NVIDIA is aimed at fostering breakthroughs in edge AI and digital twin technologies.²⁰ Schneider Electric is developing digital twin systems based on NVIDIA Omniverse to simulate AI data center operations, specifically for designing power requirements.⁴⁸

Targeted Industrial Use Cases and Sectors:

• Use Cases: Generation of PLC code, application engineering, energy management, analysis of sustainability data, customer support, financial analysis, predictive maintenance, visual inspection, smart cooling solutions for data centers, management of microgrids, and optimization of EV charging.²⁰

• Sectors: Industry (including manufacturing, food & beverage), buildings, data centers, infrastructure, energy (encompassing renewables and microgrids), and Water & Wastewater treatment.³⁹

Strategic GenAI Technology Partnerships:

• Microsoft: A pivotal partner for GenAI initiatives. Schneider Electric is integrating Microsoft Azure OpenAI to develop solutions such as the Resource Advisor Copilot and the Automation Copilot for PLC code generation.²⁰

• NVIDIA: This partnership focuses on optimizing data center infrastructure, advancing edge AI and digital twin technologies, and launching reference designs for intelligent computing centers.²⁰ NVIDIA Omniverse is a key platform for their digital twin development.⁴⁸

• AVEVA: Schneider Electric holds a majority stake in AVEVA and mentions them as a world-leading independent software company partner for AI advisor technology and IoT/data analytics expertise.³⁹

Deployment Models:

• Resource Advisor Copilot: This is a cloud-based tool, embedded within Resource Advisor, utilizing Microsoft Azure OpenAI.³⁹

• Automation Copilot: Leverages Microsoft's GenAI technology, indicating a likely cloud-connected model for its AI processing capabilities.²⁰

• EcoStruxure solutions are generally designed as cloud-connected systems. Specific on-premise options for GenAI tools are not extensively detailed in the available information, apart from discussions on edge AI for SCADA systems.⁴⁶

• The digital twin design tool for data centers, developed with NVIDIA, will be made available to Schneider Electric's customers.⁴⁸

Key Announcements and Product Roadmaps (2023-2025):

• 2023: Announcement of a partnership with Microsoft to leverage GenAI for empowering customers and transforming internal operations.²⁰

• Hannover Messe (likely 2024 or early 2025, based on context): Demonstration of the Automation application copilot and the PLC code generation copilot developed with Microsoft. The EcoStruxure Automation Expert Platform, including the Automation Copilot, was announced with an immediate availability date of March 31, 2025.²⁰

• 2024: Announcement of a partnership with NVIDIA focusing on data center infrastructure, edge AI, and digital twins.²⁰

• February 2025: Launch of a global AI and enterprise partner ecosystem organization aimed at helping partners capitalize on the AI revolution.⁵¹

• Investment Plan (through 2027): Announced in conjunction with DISTRIBUTECH 2025, Schneider Electric plans to invest over $700 million in its U.S. operations, supporting energy and AI sectors. This includes new laboratories for power distribution for AI data centers and a Robotics & Motion Center of Excellence.⁵⁰

• BloombergNEF Summit 2025: Release of reports detailing AI's impact on U.S. electricity demand.⁵²

Schneider Electric's GenAI strategy exhibits a compelling dual focus. On one hand, they are enhancing their core industrial automation offerings, exemplified by the Automation Copilot within EcoStruxure Automation Expert for PLC code generation.²⁰ This directly addresses the needs of their traditional industrial customers by aiming to simplify engineering and improve efficiency. On the other hand, Schneider Electric is proactively addressing the burgeoning energy and infrastructure requirements of the AI industry itself, through solutions for AI-ready data centers and grid modernization.⁴⁸ This positions them not only as a consumer and integrator of GenAI for improving their own product lines but also as a critical enabler for the physical backbone of the AI industry. This dual role is quite strategic; insights gained from developing GenAI tools for industrial automation can inform their solutions for AI data centers, and conversely, their work in powering the AI industry provides early insights into future AI needs and challenges. This synergy, underpinned by key partnerships with Microsoft for software and AI capabilities ²⁰ and NVIDIA for data center and AI hardware optimization ²⁰, suggests a comprehensive approach to navigating and capitalizing on the GenAI wave.

A foundational element of Schneider Electric's GenAI integration is the emphasis on "open, software-defined automation," as highlighted with their EcoStruxure Automation Expert platform.⁴⁰ This philosophy is critical because traditional industrial automation systems have often been characterized by proprietary, hardware-centric designs, which can be slow to adapt to new software innovations like AI. By championing an open and software-defined architecture, Schneider Electric aims to create more flexible systems that can more easily integrate new technologies. This approach facilitates more rapid development cycles for AI-driven features, simplifies integration with third-party AI tools like Microsoft Azure OpenAI, and allows customers to adapt their automation systems more nimbly to evolving market demands and technological advancements. This positions EcoStruxure Automation Expert as a future-ready platform capable of readily incorporating emerging AI capabilities, potentially reducing total cost of ownership and enhancing operational resilience.⁴⁰ This strategy aligns with the broader industry trend of IT/OT convergence and the shift towards more agile, modular industrial systems, envisioning a future where AI capabilities can be seamlessly "plugged into" automation platforms. The success of this vision, however, will depend on continued industry-wide movement towards standardization and the inherent robustness and security of Schneider's software-defined architecture in demanding industrial environments.

3.5. Emerson

Overview of IA Portfolio and GenAI Strategy:

Emerson is a global technology and engineering company with a significant footprint in process automation.2 Their GenAI strategy is prominently focused on augmenting their Ovation™ automation platform, with a particular emphasis on serving the power and water industries. The core idea is to embed GenAI capabilities to enhance workforce expertise, boost operational efficiency, and deliver advanced predictive functionalities.53

Flagship IA Platforms and GenAI Integration:

• Ovation™ Automation Platform: This is Emerson's premier Distributed Control System (DCS), especially tailored for the power generation and water/wastewater treatment sectors. The latest iteration, Ovation 4.0, marks a significant step by integrating GenAI capabilities.⁵³

• DeltaV™ Distributed Control System: Another key DCS platform in Emerson's portfolio. While Ovation 4.0 is the current spearhead for their explicit GenAI announcements, DeltaV has also seen AI-related advancements, such as the DeltaV Edge Environment.⁵⁹ Emerson has noted that the new generation of AI technology, particularly Large Language Models (LLMs), is unlocking new applications like operator advisory systems for plant asset management and broader system optimization.⁵⁵

• AspenTech: Emerson's majority stake in AspenTech, a leading industrial software provider, significantly bolsters its capabilities in areas crucial for GenAI, including digital twins, advanced AI, and industrial data management.⁵⁵

Specific GenAI-Powered Products/Tools:

• Ovation™ 4.0 Automation Platform with integrated GenAI: This is the primary GenAI-infused offering highlighted in the available information. It introduces "AI assistants" designed to work collaboratively with operators. These assistants provide predictive guidance, optimize operational workflows, aid in diagnosing issues, and can suggest or even implement control actions.⁵³ While the specific name of this GenAI assistant within Ovation 4.0 is not explicitly stated in all sources ⁵³, its functionalities are clearly described. The GenAI deployment is trained on a secure foundation of proprietary knowledge-based data, aiming to augment workforce expertise and automate relevant tasks.⁵³

Integration with Core Industrial Systems (PLC, DCS, SCADA, MES, Digital Twins):

• DCS: GenAI is directly embedded into the Ovation 4.0 DCS platform.⁵³ It is engineered to operate in conjunction with real-time digital twin simulations and AI models that are trained on plant-specific historical operational and maintenance data. This synergy allows the system to recognize abnormal conditions and deviations from baseline operations.⁵⁴

• SCADA: The Ovation ecosystem includes Ovation Green SCADA and Ovation View HMI software, which serve as conduits for delivering critical data to operators.⁵³ GenAI functionalities would inherently leverage this data stream.

• PLC/Edge Control: Ovation 4.0 incorporates software-defined controllers and addresses industrial edge control for managing grid edge assets.⁵³ The Ovation Compact Controller, for instance, combines the robustness of a PLC with the sophisticated capabilities of the Ovation system.⁵⁶ While direct GenAI for PLC code generation is not a primary focus in the provided details, the AI assistants could offer guidance related to processes controlled by PLCs. Some sources note a lack of specific detail on GenAI's role in PLC/DCS configuration or code generation within Ovation.⁵³

• Digital Twins: The Ovation platform features Ovation Digital Twin capabilities, which can utilize empirical, mixed-fidelity, or high-fidelity models to suit various needs.⁵³ The GenAI in Ovation 4.0 is designed to be coupled with real-time digital twin simulation.⁵⁴

Targeted Industrial Use Cases and Sectors:

• Use Cases: Empowering the workforce through AI assistants, supporting remote operations, enabling predictive maintenance, optimizing grid performance, diagnosing operational issues, suggesting control actions, streamlining workflows, and identifying abnormal conditions proactively.⁵³

• Sectors: The GenAI capabilities within Ovation 4.0 are primarily targeted at the Power (including renewable energy sources like wind) and Water/Wastewater industries.⁵³ Emerson's broader industrial automation portfolio also serves sectors such as chemicals, refining, mining, and life sciences.⁵⁵

Strategic GenAI Technology Partnerships:

• Microsoft Azure OpenAI Service: The Ovation GenAI capabilities were initially launched leveraging Microsoft Azure's OpenAI service, making it a key technological enabler for Emerson's GenAI offerings.⁵⁴

• Emerson has indicated that Ovation GenAI will also be made available on other large language models in the future, with a focus on secure and proprietary datasets.⁵⁴ This suggests a strategy aiming for LLM flexibility or a multi-cloud/multi-model approach in the longer term.

• University of Texas at Austin: Emerson has established a partnership with the University of Texas at Austin for advanced research in AI, automation, energy, and semiconductors. This collaboration includes research into AI-enabled automation for process optimization, control, and safety, indicating a commitment to foundational AI research and talent development.⁶⁰

Deployment Models:

• The initial release of Ovation 4.0 GenAI on Microsoft Azure's OpenAI service implies a cloud-connected deployment model.⁵⁴

• The Ovation 4.0 architecture is characterized as software-defined and scalable, with support for both edge and cloud deployments.⁵³

• Emerson also offers Ovation Engineering Cloud and Simulation Cloud, which provide remote access to engineering tools and digital twin simulation capabilities.⁵³

• While some sources note a lack of specific detail on deployment models for all GenAI features ⁵³, the initial direction clearly points towards Azure OpenAI, with an outlook for broader LLM support.⁵⁴

Key Announcements and Product Roadmaps (2023-2025):

• July 29, 2024: Unveiling of the Ovation™ 4.0 Automation Platform featuring integrated GenAI.⁵⁴

• 2024: General introduction of the Ovation™ 4.0 Automation Platform with GenAI.⁵⁵

• The "Boundless Automation℠" architecture vision, introduced in 2022, laid the groundwork for advanced AI by focusing on the integration of field, edge, and cloud data.⁵⁵

• Industry commentary in March 2025 suggests that GenAI is "slow rolling" into the industry, indicating ongoing development and adoption challenges that Emerson and others are navigating.⁶¹

• Blog posts from the Emerson Society in December 2023 discussed the potential and risks associated with GenAI, including ideas like training GPT models on Emerson's extensive corpus of knowledge.⁶²

Emerson's strategy for GenAI in its process automation segment, especially for power and water industries, is centered on deeply embedding "AI assistants" within its Ovation 4.0 DCS.⁵³ This approach aims to use GenAI for sophisticated operational support, including predictive guidance and issue diagnosis. The system is designed to combine GenAI's analytical prowess with Emerson's deep domain knowledge and plant-specific data, notably through integration with real-time digital twin simulations and AI models trained on historical plant operations and maintenance data.⁵⁴ This indicates a move to make GenAI a core, intrinsic feature of the control system itself, rather than a standalone application. The goal is to enhance the inherent value of the DCS by making it more intelligent and supportive of operators, thereby potentially improving plant reliability, efficiency, and augmenting workforce expertise.⁵⁴ This could fundamentally shift the role of the DCS from a system primarily focused on control and monitoring to a proactive operational co-pilot. The success of such a system will heavily depend on the accuracy and trustworthiness of the AI assistants' recommendations, the quality of the data used for training (emphasized as a "secure foundation of knowledge-based data" ⁵⁴), and the seamlessness of human-AI interaction within the demanding control room environment. The planned support for other LLMs beyond the initial Azure OpenAI deployment ⁵⁴ also suggests a strategic intent to maintain flexibility and avoid complete dependence on a single AI provider.

The "Boundless Automation" vision articulated by Emerson ⁵⁵, which prioritizes the liberation and integration of data across field, edge, and cloud environments, serves as a critical foundation for their GenAI ambitions. Effective GenAI applications in complex industrial settings are heavily reliant on access to comprehensive, well-contextualized data. Industrial data is often fragmented and siloed, hindering the potential of advanced analytics and AI. For GenAI models to deliver accurate predictions, diagnoses, and recommendations as envisioned for the Ovation 4.0 AI assistants, they require access to a diverse range of data streams—from sensors, control systems, maintenance logs, and engineering documentation. The "Boundless Automation" architecture, aiming to break down these data silos ⁵³, is designed to provide this essential data underpinning. This indicates that Emerson's GenAI strategy is not an isolated initiative but is built upon a longer-term commitment to improving data accessibility and flow. Such an approach suggests a more mature pathway where the data infrastructure is co-developed or pre-exists to adequately support advanced AI applications. This highlights a crucial prerequisite for successful industrial GenAI: a robust data strategy and infrastructure must be firmly in place. The efficacy of "Boundless Automation" in genuinely liberating and contextualizing data will, therefore, directly influence the performance and impact of Emerson's GenAI tools.

3.6. Honeywell

Overview of IA Portfolio and GenAI Strategy:

Honeywell provides a wide array of automation and control solutions across multiple industries. Their GenAI strategy is prominently featured within the Honeywell Forge enterprise performance management platform, which aims to deliver AI-powered insights, predictive analytics, and tools for workforce empowerment, such as "Intelligent Assistants." Honeywell is actively partnering with major cloud providers to integrate advanced AI capabilities into their offerings.17

Flagship IA Platforms and GenAI Integration:

• Honeywell Forge: This enterprise performance management software solution is central to Honeywell's AI strategy. It utilizes "intelligent operations," incorporating AI-enabled applications to automate routine tasks and centralize operational decision-making. The Honeywell Forge AI Engine is designed to facilitate the rapid deployment of AI across the enterprise.⁶⁴

• Experion® PKS (Process Knowledge System): Honeywell's flagship Distributed Control System (DCS). GenAI capabilities are being connected to Experion PKS through tools like the Experion Operations Assistant and the Field Process Knowledge System.²⁰

Specific GenAI-Powered Products/Tools:

• Honeywell Forge Production Intelligence with Intelligent Assistant: This cloud-native platform integrates performance monitoring with a newly developed generative AI assistant. The Intelligent Assistant enables users (including engineers, plant managers, and business leaders) to access key insights, visualize trends, and troubleshoot production issues using natural language prompts. It is designed to summarize deviations and enhance AI insights with greater explainability.⁶⁴

• Field Process Knowledge System (PKS): This system employs generative AI technology to provide field technicians and operators with on-demand assistance. This includes easier access to essential documents, operational procedures, and critical information directly on their devices. It also automates reporting tasks, freeing up personnel for other duties.²⁰

• Experion® Operations Assistant: This tool integrates explainable AI into industrial processes to help operators efficiently discover and resolve production problems, thereby improving operational intelligence and overall system efficiency.²⁰

• TrackWise Digital: An AI-enabled quality management solution specifically for the life sciences sector. It uses Natural Language Processing (NLP) and Machine Learning (ML) for tasks like signal detection and improving operational efficiency.⁶³

• Maintenance Assist GenAI: Tailored for warehouse automation, this solution uses decades of accumulated data and knowledge to efficiently resolve maintenance issues and reduce equipment downtime. It comes pre-populated and validated with OEM data, designed for ready-to-use deployment.⁷¹

Integration with Core Industrial Systems (PLC, SCADA, MES, DCS, Digital Twins):

• DCS/SCADA: Experion PKS serves as Honeywell's DCS ⁶⁷, while Experion HS is an HMI/SCADA platform.⁶⁷ GenAI tools such as the Experion Operations Assistant and Field PKS are designed to interface with these systems, offering operator assistance and knowledge access.²⁰ The Forge Production Intelligence assistant would naturally leverage data from these underlying control and monitoring systems.

• Digital Twins: Honeywell utilizes digital twin technology to provide operational insights into future scenarios and for training purposes.⁶³ The Honeywell Process Digital Twin is a listed product offering.⁷² GenAI can enhance the interaction with and insights derived from these digital twins. The concept of "Not Autopilot but Co-pilot" ⁷³ underscores a human-machine collaboration model facilitated by explainable AI, which is highly relevant for DCS operations.

Targeted Industrial Use Cases and Sectors:

• Use Cases: Predictive maintenance, real-time intelligence for the workforce, quality management, operator assistance, troubleshooting, automation of tasks, document access, automation of reporting, and maintenance assistance for warehouse equipment.⁶³

• Sectors: Broad industrial applications including refineries, manufacturing plants, and warehouses, as well as specialized sectors like Life Sciences, Aerospace, Buildings, and Energy.⁶³

Strategic GenAI Technology Partnerships:

• Microsoft Azure: Honeywell Forge Performance+ and Sustainability+ solutions are combined with Microsoft Azure to optimize operations and accelerate the energy transformation for customers.²⁰

• Google Cloud: Honeywell is collaborating with Google Cloud to introduce Gemini AI into the industrial field. This partnership will enable Honeywell devices to process multimodal data (text, code, images, video, audio), with the first solutions anticipated in 2025.²⁰

• Qualcomm: Honeywell is deepening its cooperation with Qualcomm to integrate Qualcomm's connectivity and AI capabilities into Honeywell's existing AI applications, such as the Experion Field PKS.²⁰

• C3 AI: Honeywell is a known customer of C3 AI, and C3 AI's enterprise AI platform is available on Azure, AWS, and Google Cloud.⁷⁶ While not explicitly a GenAI development partnership for Honeywell's own products in the provided information, Honeywell may leverage or integrate with C3 AI's enterprise AI applications.

Deployment Models:

• Honeywell Forge Production Intelligence: This is a cloud-native platform.⁶⁴

• Maintenance Assist GenAI: Described as a GenAI service that is pre-populated and validated with OEM data, suggesting a cloud-based or managed service model.⁷¹

• Honeywell Forge applications are generally cloud-based, leveraging platforms such as Microsoft Azure.²⁰

Key Announcements and Product Roadmaps (2023-2025):

• February 11, 2025: Announcement of Honeywell Forge Production Intelligence, featuring an integrated generative AI assistant.⁶⁴

• October 2024: Honeywell announced a collaboration with Google Cloud to bring Gemini AI to the industrial field, with solutions expected in 2025.²⁰

• November 2024: An article titled "Industrial AI: Unlocking the Superpowers Within Your Operation" highlighted the Field PKS with GenAI capabilities.⁶³

• February 2025: Honeywell released a study on AI in Buildings, indicating that over 80% of commercial building managers plan to increase their use of AI.⁷⁴

• February 6, 2025: Honeywell announced its intention to separate its Automation and Aerospace businesses. The new standalone Honeywell Automation company will focus on AI-enabled, autonomous solutions. This separation is targeted for completion in the second half of 2026 and represents a major strategic realignment that will shape future GenAI development.⁷⁸

Honeywell's GenAI strategy is deeply intertwined with its Honeywell Forge platform, which serves as the central hub for delivering "Intelligent Assistants" and AI-driven insights across its diverse industrial segments, including process solutions, building automation, aerospace, and life sciences.⁶⁴ A notable aspect of their approach is the adoption of a multi-cloud AI partnership strategy, engaging with both Microsoft Azure ²⁰ and Google Cloud for its Gemini models.²⁰ This allows Honeywell to tap into best-of-breed GenAI capabilities from different providers, potentially offering more tailored or advanced solutions depending on the specific application or customer requirement. For example, the collaboration with Google for Gemini's multimodal capabilities (processing text, images, video, audio) ²⁰ could significantly enhance tools designed for field technicians or complex diagnostic tasks that benefit from diverse data inputs. This multi-faceted partnership approach suggests Honeywell is aiming for flexibility and access to a broader spectrum of AI innovations, rather than being locked into a single AI ecosystem. The ability to integrate specialized AI capabilities into their domain-specific tools like Field PKS or Experion Operations Assistant is intended to enhance their value proposition for customers across various sectors.

A significant thrust of Honeywell's GenAI application is centered on workforce enablement. Tools such as the Field Process Knowledge System (PKS) with GenAI ²⁰, the Experion Operations Assistant ²⁰, and the Maintenance Assist GenAI ⁷¹ are all geared towards empowering field technicians, operators, and maintenance personnel. These solutions aim to provide easier access to critical information, offer predictive insights, and automate routine tasks like reporting. The Forge Production Intelligence Intelligent Assistant further supports this by making complex data and insights accessible through natural language queries.⁶⁴ This focus directly addresses persistent challenges in the industrial sector, such as an aging workforce, the critical need for knowledge retention, and the increasing complexity of modern equipment and processes.⁶⁴ By leveraging GenAI, Honeywell seeks to process vast amounts of technical documentation, historical operational data, and real-time sensor feeds to deliver contextualized assistance, troubleshooting guidance, and predictive alerts directly to workers. This approach is not merely about automation but about augmenting human capabilities, making the workforce more efficient, safer, and more adept in complex industrial environments. This "human-machine collaboration" model ⁷³, facilitated by GenAI, could lead to more resilient and adaptive industrial operations. The success of these tools will ultimately be measured by their ability to reduce errors, shorten training cycles, and enable less experienced personnel to perform more complex tasks with confidence and accuracy. The planned separation of Honeywell's Automation business ⁷⁸ is likely to further sharpen the focus on developing and deploying such GenAI solutions specifically for industrial applications.

3.7. Mitsubishi Electric

Overview of IA Portfolio and GenAI Strategy:

Mitsubishi Electric is a global manufacturer of electrical and electronic equipment, with a robust portfolio in industrial automation that includes PLCs (MELSEC series), robots (MELFA series), CNC systems, and comprehensive factory automation solutions.1 The company's GenAI strategy is currently in an emerging phase, characterized by a focus on developing reliable and domain-specific AI under its "Maisart" (Mitsubishi Electric's AI creates the State-of-the-ART in technology) brand. A key element of this strategy is the formation of strategic partnerships, most notably a recent collaboration with Amazon Web Services (AWS), aimed at integrating AI into its Serendie™ digital platform and enhancing solutions for digital manufacturing and smart buildings.83

Flagship IA Platforms and GenAI Integration:

• MELSEC Series PLCs, MELFA Robots, CNC systems: These are core industrial automation products for Mitsubishi Electric.¹ Direct GenAI integration in the form of broad copilots for programming or design for these systems is not yet as explicitly detailed as with some competitors. Instead, the focus appears to be on embedding specific AI capabilities.

• Serendie™ Digital Platform: This is Mitsubishi Electric's platform designed to create new value by combining accumulated data and expertise. The collaboration with AWS is specifically aimed at developing AI platforms for integration into Serendie, with a focus on data utilization solutions.⁸³

• Maisart®: This is Mitsubishi Electric's proprietary AI technology brand, which encompasses a range of AI technologies including deep learning, generative AI, and big data analysis. Under Maisart, GenAI initiatives aim to empower specialized operations by leveraging deep knowledge of devices and systems, with a strong emphasis on reliability and expertise.⁸⁴

Specific GenAI-Powered Products/Tools:

• Maisart Generative AI: This system is being developed by incorporating highly reliable data, expert knowledge, and advanced information about Mitsubishi Electric's equipment. Potential applications cited include AI for customer support (providing highly reliable answers), educational support (imparting expert knowledge about complex equipment to beginners), and assistance in the operation of complex equipment.⁸⁴

• AI platforms for integration into Serendie (developed with AWS): These platforms are expected to feature AI-agent orchestration technology to support process optimization in digital manufacturing environments.⁸³

• MELSOFT VIXIO: An AI-powered visual inspection software. While described as "AI-powered" and learning from examples, it is not explicitly labeled as "Generative AI" in the source material ⁸⁶ but represents an advanced AI application in quality assurance that is configurable without requiring programming skills.

Integration with Core Industrial Systems (PLC, SCADA, MES, CNC, Robotics):

• PLC/CNC/Robotics: Direct GenAI programming assistants for MELSEC PLCs or MELFA robots are not yet prominently detailed. However, the Maisart GenAI's objective of "assisting in the operation of complex equipment" ⁸⁴ could potentially apply to these systems. Furthermore, the AWS collaboration's goal of AI-agent orchestration for digital manufacturing process optimization would inherently involve these core automation components.⁸³

• SCADA: Mitsubishi Electric offers SCADA software, notably GENESIS64™.⁸² Integration with GenAI is not explicitly detailed but is a potential area for future development, especially given the data-centric goals of the Serendie platform.

• Factory Automation Systems: The MELFA RH-CRH SCARA robots are designed for manufacturing Digital Transformation (DX) and can be combined with other software advancements like MELSOFT VIXIO (AI visual inspection) and MELSOFT Gemini (digital twins) to achieve expanded automation capabilities and cost savings.⁸⁷

Targeted Industrial Use Cases and Sectors:

• Use Cases: Customer support for equipment, educational support for complex machinery, operational assistance, process optimization in digital manufacturing, smart building solutions (focusing on energy savings, productivity, and comfort), energy management for data centers, visual inspection for quality control, supply chain optimization, and demand forecasting.⁸³

• Sectors: Manufacturing (general, automotive, food & beverage, electronics, life sciences), building automation, and energy management (with a particular emphasis on data centers).¹

Strategic GenAI Technology Partnerships:

• Amazon Web Services (AWS): A strategic collaboration, formalized by an MOU in January 2025, to leverage AWS's cloud computing and GenAI capabilities for Mitsubishi Electric's Serendie digital platform. This includes developing AI platforms, AI-agent orchestration, enhancing data center solutions, and modernizing internal IT infrastructure.⁸³

• Realtime Robotics: A collaboration focused on speeding up the programming and control of industrial robots by using Realtime Robotics' RapidPlan software with Mitsubishi Electric robots. While not explicitly GenAI, this partnership addresses advanced robot programming and motion planning.⁹¹

• It is worth noting that Mitsubishi Heavy Industries (MHI), a separate corporate entity, uses Microsoft Azure OpenAI for custom architecture ⁹², but this is distinct from Mitsubishi Electric's industrial automation GenAI efforts detailed here.

Deployment Models:

• The collaboration with AWS strongly implies cloud-based deployment for GenAI solutions developed on the Serendie platform.⁸³

• Maisart GenAI applications for customer support, education, and equipment operation could potentially be deployed in various models, including embedded systems or on-premise solutions, given Mitsubishi Electric's emphasis on deep equipment expertise.⁸⁴

• General GenAI deployment models, such as plug-and-play services, API-based access, or dedicated endpoints ⁹³, provide relevant context but are not specific to Mitsubishi Electric's currently announced plans.

Key Announcements and Product Roadmaps (2023-2025):

• January 14, 2025: Signing of an MOU with AWS for strategic collaboration in the digital domain, including GenAI initiatives.⁸³

• February 26, 2025: Mitsubishi Electric announced the development of "rapid formal verification technology for AI," targeting decision tree ensembles. This technology, part of the Maisart initiative, aims to reduce AI malfunction risks and is crucial for ensuring the reliability of AI in critical systems.⁹⁴

• January 25, 2024: Development of a behavioral-analysis AI (under Maisart) capable of analyzing manual tasks without requiring prior training data.⁹⁵

• The MELSOFT VIXIO AI-powered visual inspection software was noted in an article with a January 2024 dateline for a related product, suggesting its recent debut in the EMEA region.⁸⁶

• The ARIA (Automated Robotic Industrial Assistant) pre-engineered work cell was launched in June 2024.⁸⁰

• New MELFA RH-10CRH and RH-20CRH SCARA robots were launched in March 2025, designed to enhance industrial automation and support Digital Transformation (DX).⁸⁷

Mitsubishi Electric's approach to GenAI appears to be in a deliberate, foundational stage, prioritizing the development of highly reliable and domain-specific AI capabilities under its Maisart brand.⁸⁴ This is complemented by strategic partnerships, particularly the recent one with AWS, aimed at building AI-enabled platforms like Serendie.⁸³ Their emphasis is clearly on leveraging their profound understanding of industrial equipment and ensuring the trustworthiness of AI for specialized applications. This is evidenced by their work on "rapid formal verification technology for AI" ⁹⁴, which is critical for deploying AI in safety-conscious industrial environments. Rather than rushing to market with broad, off-the-shelf GenAI tools for general programming or design assistance, Mitsubishi Electric seems focused on ensuring that their AI outputs are accurate, reliable, and safe, especially when applied to complex machinery and critical processes where generic LLM outputs might fall short. The development of AI-agent orchestration for digital manufacturing, as part of the AWS collaboration ⁸³, hints at a future vision of more autonomous and coordinated AI systems within the factory.

A distinct aspect of Mitsubishi Electric's strategy is its dual role in the AI ecosystem, facilitated by the AWS collaboration.⁸³ While they are working to enhance their own industrial automation offerings with GenAI, they are also applying AI to improve the energy efficiency and operational stability of data centers—the very infrastructure that powers the AI revolution. Mitsubishi Electric provides key components for data centers, such as air conditioning systems, monitoring systems, and power distribution units. By integrating AI and data analytics through their AWS partnership, they aim to make these components smarter and more energy-efficient, thereby addressing the significant carbon footprint associated with the rapid growth of AI.⁸³ This positions Mitsubishi Electric not merely as a user of AI in its industrial products but also as an enabler of sustainable AI infrastructure. This dual approach could create a valuable feedback loop: insights gained from optimizing AI data centers might inform energy efficiency strategies in their other industrial solutions, and vice versa. As sustainability becomes an increasingly critical factor for AI deployments, this focus on data center energy efficiency could serve as a significant market differentiator for Mitsubishi Electric.

3.8. Yokogawa Electric

Overview of IA Portfolio and GenAI Strategy:

Yokogawa Electric is a well-established provider of industrial automation and control solutions, with a strong presence in process industries.1 Their AI strategy involves integrating artificial intelligence into their OpreX brand of solutions, focusing on enhancing asset performance management, enabling autonomous control, and providing advanced data analytics. A significant recent development in their GenAI journey is a strategic agreement with UptimeAI, aimed at incorporating generative AI capabilities into Yokogawa's asset health services to deliver more sophisticated insights and operational support.96 On April 1, 2025, Yokogawa also put into effect an AI Policy and AI Governance Code for the Yokogawa Group, underscoring their commitment to the ethical and responsible use of AI.100

Flagship IA Platforms and GenAI Integration:

• OpreX™ Brand: This is Yokogawa's comprehensive brand for its industrial automation and control solutions, encompassing control systems, measurement instrumentation, and information solutions. AI capabilities, including the newly integrated GenAI, are being developed and deployed under the OpreX umbrella.⁹⁶

• CENTUM VP DCS: Yokogawa's flagship Distributed Control System, widely used in process industries.¹⁰¹ While direct GenAI copilots for CENTUM VP are not explicitly detailed in the provided information, the data and control capabilities of this platform are fundamental for enabling advanced AI applications.

• ProSafe-RS SIS: Yokogawa's Safety Instrumented System, often integrated with the CENTUM VP DCS to ensure plant safety.¹⁰³

• e-RT3 Plus Industrial AI Platform: A Realtime OS-based machine controller that supports Python programming and AI application development. It is designed to connect local equipment to higher-level systems and cloud services, including Azure Edge Managed and AWS IoT Greengrass, facilitating AI deployment at the edge.⁹⁷

Specific GenAI-Powered Products/Tools:

• OpreX Asset Health Insights service with UptimeAI's "AI Expert: Generative AI": This is Yokogawa's most explicit GenAI offering to date. The integration of UptimeAI's platform into OpreX Asset Health Insights brings advanced Large Language Model (LLM)-based AI agents, subject matter knowledge, self-learning workflows, maintenance analysis capabilities, and industrial asset library models. The goal is to provide users with predictive insights, sophisticated root cause analysis, and actionable recommendations for optimizing plant operations, reliability, and maintenance.⁹⁶

• Autonomous Control AI Service for e-RT3 Plus: This service utilizes the Factorial Kernel Dynamic Policy Programming (FKDPP) reinforcement learning AI algorithm. While this is more aligned with traditional AI/ML for control optimization rather than GenAI, it represents a key part of Yokogawa's AI strategy for edge controllers, enabling autonomous control in areas previously reliant on manual intervention or less adaptive PID/APC control.⁹⁹

Integration with Core Industrial Systems (PLC, SCADA, MES, DCS, Digital Twins):

• DCS/SIS: The OpreX Asset Health Insights service, now enhanced with UptimeAI's GenAI, is designed to leverage data from DCS like CENTUM VP and other plant systems to provide its advanced asset management capabilities.⁹⁶ The ProSafe-RS SIS is often integrated with CENTUM VP, and data from such integrated systems would contribute to the overall data pool for AI analysis.¹⁰³

• Edge Controllers/PLC: The e-RT3 Plus platform allows AI applications, including the autonomous control AI service, to run at the edge, interacting directly with machine-level data and control loops.⁹⁷

• SCADA/MES: Yokogawa's solutions cater to SCADA and MES requirements. The data generated and managed by these systems would be vital inputs for the AI-powered analytics and GenAI tools aimed at operational excellence.

• Digital Twins: Yokogawa offers solutions like "Remote Plant Performance Operation and Remote Consulting (Digital Twin)".⁹⁷ The insights from GenAI-enhanced asset management can augment the value derived from digital twin models.

Targeted Industrial Use Cases and Sectors:

• Use Cases: Predictive maintenance, root cause analysis, operational recommendations, autonomous control, abnormal sign detection, quality estimation, optimization of production, assets, and supply chain, energy savings, and improved plant availability.⁹⁶

• Sectors: Primarily process industries including oil and gas, chemicals, materials, pharmaceuticals, food, power, cement, and renewable energy.¹

Strategic GenAI Technology Partnerships:

• UptimeAI Inc. A strategic agreement, including a capital investment by Yokogawa, to integrate UptimeAI's AI-powered platform, including its "AI Expert: Generative AI" module, into Yokogawa's OpreX Asset Health Insights service.⁹⁶ This is Yokogawa's primary announced GenAI-specific partnership.

• Cloud Providers (Azure, AWS): The e-RT3 Plus platform is certified for AWS IoT Greengrass and supports Azure Edge Managed services, indicating collaboration for edge-to-cloud AI solutions.⁹⁷ However, these are more about enabling infrastructure than co-developing GenAI applications in the snippets. General cloud AI platform comparisons show AWS, Azure, and Google Cloud as leaders.¹⁰⁷

Deployment Models:

• OpreX Asset Health Insights with UptimeAI: This is a service offering, likely cloud-connected to leverage the AI capabilities of UptimeAI's platform.⁹⁶

• Autonomous Control AI Service for e-RT3 Plus: This involves software packages for implementing AI control models on edge controllers, with access to an autonomous AI learning service, suggesting a hybrid edge-cloud model.⁹⁹

• The e-RT3 Plus platform itself supports running AI applications at the edge, with connectivity to cloud services.⁹⁷

Key Announcements and Product Roadmaps (2023-2025):

• January 24, 2025: Announcement of the strategic agreement and capital investment with UptimeAI to integrate GenAI into OpreX Asset Health Insights.⁹⁶

• April 1, 2025: Yokogawa Group AI Policy and AI Governance Code put into effect.¹⁰⁰

• February 27, 2023: Launch of the autonomous control AI service for e-RT3 Plus edge controllers (based on FKDPP reinforcement learning).⁹⁹

• Yokogawa has been actively releasing various OpreX solutions and updates throughout 2024, focusing on areas like intelligent manufacturing hubs, robot management, and open process automation, laying the groundwork for broader AI integration.¹⁰⁹

Yokogawa's GenAI strategy, particularly highlighted by its recent partnership with UptimeAI ⁹⁶, signals a focused effort to bring advanced AI-driven operational intelligence to its core process industry customers. The integration of UptimeAI's "AI Expert: Generative AI" module into Yokogawa's OpreX Asset Health Insights service is a significant step. This collaboration aims to move beyond traditional predictive analytics by incorporating LLM-based AI agents capable of understanding complex operational issues, performing root cause analysis, and providing actionable recommendations in a more intuitive manner.⁹⁶ This approach suggests that Yokogawa is looking to GenAI to not only process data but also to interpret it and communicate insights in a way that mimics human expertise, thereby augmenting the capabilities of plant engineers and operators. The emphasis on "self-learning workflows" and a rich "subject matter knowledge" base within the UptimeAI platform indicates a system designed to continuously improve and adapt to specific plant environments.

The establishment of a formal AI Policy and AI Governance Code by Yokogawa, effective April 1, 2025 ¹⁰⁰, further underscores a commitment to deploying AI technologies, including GenAI, in a responsible and ethical manner. This governance framework is crucial for building trust with customers, especially in critical process industries where safety and reliability are paramount. While the policy itself doesn't detail specific GenAI product roadmaps, it sets the guiding principles for their development, emphasizing safe, appropriate, and value-driven AI applications. This foundational work on governance, combined with targeted GenAI integrations like the one with UptimeAI, suggests a measured but strategic approach. Yokogawa appears to be prioritizing the enhancement of high-value services like asset performance management with GenAI, rather than immediately launching broad, general-purpose AI assistants for all its platforms. This targeted strategy, focusing on areas where GenAI can provide clear operational benefits like reduced maintenance costs and optimized reliability, aligns well with the needs of their established customer base in sectors such as oil and gas, chemicals, and power. The e-RT3 Plus platform's support for edge AI and cloud connectivity ⁹⁷ also provides a flexible infrastructure for deploying various AI solutions, including future GenAI applications that may require both local processing and cloud-based intelligence.

3.9. FANUC

Overview of IA Portfolio and GenAI Strategy:

FANUC Corporation is a global leader specializing in factory automation, particularly renowned for its CNC (Computer Numerical Control) systems, industrial robots, and ROBOMACHINEs (ROBODRILL, ROBOCUT, ROBOSHOT).17 FANUC's AI strategy has traditionally focused on enhancing the precision, efficiency, and intelligence of its core products through embedded AI and machine learning algorithms, such as AI Servo Tuning and AI Contour Control for CNCs, and advanced vision systems (iRVision) for robotics.111 While explicit announcements regarding broad "Generative AI" assistants or copilots for programming are less prominent compared to some software-centric IA vendors, FANUC is actively leveraging AI in its solutions to address complex manufacturing challenges, including in warehousing and logistics automation.113

Flagship IA Platforms and GenAI Integration:

• FANUC CNC Systems: These controllers are equipped with smart adaptive processing algorithms using AI functions like AI smart contour control, nano-smoothing, learning control, and axis acceleration/jerk control.¹¹¹

• FANUC Industrial Robots: Integrated with advanced vision systems (iRVision, 3DV sensors) and AI for tasks like box detection, palletizing, and machine tending.¹¹²

• FANUC FIELD system (FANUC Intelligent Edge Link & Drive system): An open platform for manufacturing aimed at connecting various automation equipment and enabling advanced analytics and application development. While not explicitly detailed with GenAI in the provided snippets, FIELD system is designed to collect and analyze data, which is a prerequisite for advanced AI applications..¹⁵¹

• R-50iA Controller: FANUC's new robot controller, showcased with capabilities like native Python code execution on the controller, Software PLC for cell control, and HMI functionality, indicating a move towards more software-driven and AI-ready control.¹¹⁵ An "AI-driven iPC" is mentioned in conjunction with this controller for palletizing/depalletizing tasks.¹¹⁴

Specific GenAI-Powered Products/Tools:

• The provided materials focus more on applied AI (machine learning, computer vision) within FANUC's hardware and control systems rather than distinct, named Generative AI software tools or copilots for general programming or design in the way other vendors have announced.

• The "AI-driven iPC" mentioned with the R-50iA controller ¹¹⁴ suggests advanced processing capabilities, but specific GenAI functionalities are not detailed.

• While FANUC offers CNC programming and simulation software like CNC Guide and Manual Guide i ¹¹⁶, these are not described as GenAI-powered in the snippets.

Integration with Core Industrial Systems (CNC, Robotics, FIELD system):

• CNC & Robotics: AI is deeply integrated into FANUC CNCs for motion control and machining optimization.¹¹¹ Robots utilize AI with vision systems for object recognition, depalletizing, and other tasks.¹¹³ FANUC provides solutions for seamless integration between its robots and CNCs (Robot ON-SITE, Robot G-CODE, Robot CONNECT).¹¹⁸

• FIELD system: Designed to connect machines and enable data-driven applications, which could include AI-powered analytics or future GenAI tools.

• The new R-50iA controller supports native Python execution, which is a common language for AI development, potentially enabling more sophisticated AI algorithms to run directly on the controller.¹¹⁵

Targeted Industrial Use Cases and Sectors:

• Use Cases: High-precision machining (milling, turning, grinding), 5-axis machining, complex parts manufacturing, material removal, spot and arc welding, pick and pack, machine tending, palletizing/depalletizing, order fulfillment, label inspection, automated warehouse solutions.¹¹¹

• Sectors: Automotive, aerospace, general manufacturing, machine tools, warehousing and logistics, medical, electronics.¹¹⁰

Strategic GenAI Technology Partnerships:

• The provided snippets do not highlight major strategic partnerships specifically for "Generative AI" development in the same way as other vendors (e.g., with Microsoft Azure OpenAI, Google Cloud AI, or AWS AI for co-developing GenAI assistants). FANUC has a history of integrating technologies from partners like NVIDIA for AI acceleration in other contexts, but specific GenAI co-development partnerships are not detailed here.¹²²

• BMW uses FANUC robots with agentic control systems (though the agentic system provider isn't specified as FANUC itself).¹²⁴

Deployment Models:

• FANUC's AI capabilities are largely embedded within their controllers (CNC, robot controllers) and associated software, implying on-premise or edge deployment.¹¹¹

• The FIELD system supports edge computing and connectivity to cloud services, allowing for hybrid deployment models for data analytics and applications.

• The "AI-driven iPC" ¹¹⁴ would also be an on-premise/edge component.

Key Announcements and Product Roadmaps (2023-2025):

• ProMat 2025 (March 2025): FANUC showcased automated warehouse solutions leveraging AI, vision technologies, and robotics, including applications with the new R-50iA controller and AI-driven iPC.¹¹³

• Automate 2025 (May 2025): FANUC planned to showcase cutting-edge robotics and automation solutions, including collaborative robots, the R-50iA controller with Python execution, and various AI-enhanced applications like AMR kitting and vision-guided painting.¹¹²

• The focus in these recent showcases is on applied AI for enhanced robotic capabilities (vision, mobility, task execution) and controller intelligence, rather than generative AI for programming or design assistance.

FANUC's strength lies in its deep integration of AI into the core functionalities of its CNC and robotic systems, primarily focusing on enhancing performance, precision, and operational intelligence rather than offering broad GenAI-based programming assistants at this stage.¹¹¹ The AI capabilities evident in their CNCs, such as AI Contour Control and AI Servo Tuning, are designed to optimize machining processes in real-time, directly impacting product quality and production efficiency.¹¹¹ Similarly, in robotics, the use of AI with advanced 3D vision systems for tasks like bin picking, palletizing with difficult-to-decipher box edges, and mobile robot navigation demonstrates a commitment to solving complex physical automation challenges through intelligent perception and control.¹¹³ This embedded AI approach ensures that intelligence is close to the action, enabling rapid responses and robust performance in demanding industrial environments.

The introduction of the new R-50iA robot controller, with features like native Python execution and Software PLC capabilities ¹¹⁵, signals a significant step towards more open and software-driven control architectures. While not explicitly labeled "Generative AI," the ability to run Python code directly on the controller opens avenues for deploying more sophisticated custom AI algorithms, potentially including those developed using GenAI techniques for specific tasks or analytics. The mention of an "AI-driven iPC" working in conjunction with this controller for complex tasks like palletizing in challenging lighting conditions ¹¹⁴ further suggests an increasing role for advanced computational intelligence at the edge. FANUC's strategy appears to be one of incrementally building higher levels of intelligence and autonomy into their existing product lines, leveraging AI to enhance their core competencies in precision motion control and robotic execution. This contrasts with some competitors who are more visibly promoting GenAI-powered conversational interfaces for programming or design. FANUC's path seems to prioritize AI that directly augments the physical capabilities and operational decision-making of their machines on the factory floor.

4. Emerging and Niche GenAI Players in Industrial Automation

Beyond the established IA giants, a vibrant ecosystem of emerging companies and niche solution providers is contributing to the GenAI revolution in industrial automation. These players often focus on specific applications or leverage novel AI approaches.

4.1. GenAI-First Companies Targeting Industrial Use Cases

Several companies with a primary focus on Generative AI are developing solutions applicable to the industrial sector.

• OpenAI: While not industry-specific, their advanced LLMs like GPT-4o are being integrated by IA vendors and enterprises into industrial applications for tasks like chatbot systems, content production, and automation functions through APIs.⁹²

• Anthropic: Known for its Claude AI models, focuses on reliable and safe AI systems. Their conversational assistants can be adapted for specialized industrial knowledge query and support.¹²⁶

• C3 AI: Specializes in enterprise AI, offering a platform and applications for asset reliability, inventory optimization, and supply chain management. They partner with major cloud providers and have customers like Honeywell.⁸ Their C3 Generative AI tools are designed to surface and act on insights from industrial data.

• Google DeepMind: Develops advanced AI models like Gemini, which are being adopted by IA vendors (e.g., Honeywell, GE Appliances) for multimodal industrial applications.²⁰

• Stability AI: Provides open-source generative AI models like Stable Diffusion, enabling developers to create custom AI tools, potentially for industrial design visualization or synthetic data generation for training quality control systems.¹²⁶

4.2. Niche Solution Providers

These companies often provide specialized GenAI tools or platforms for specific industrial automation challenges:

• Tulip Interfaces: A frontline operations platform provider that has integrated GenAI capabilities to empower manufacturers.

• Frontline Copilot™: An in-app AI chat feature that allows operators to ask questions and receive step-by-step answers synthesized from SOPs, manuals, and troubleshooting guides in their native language. It aims to reduce downtime by providing real-time assistance directly within the work interface.¹²⁸ Outset Medical and DMG MORI are cited as users.¹²⁹

• AI Composer™: A GenAI tool that converts static documents (PDFs, SOPs, work instructions) into interactive, no-code Tulip apps in minutes, significantly reducing app development time.¹²⁸ Early user testing showed up to 80% savings in manual development time.¹³¹

• AI Insights: Allows engineers and supervisors to query production data using natural language and receive fast, visual, and actionable answers, lowering the barrier to data analysis.¹²⁸

• Tulip emphasizes secure AI, ensuring customer data privacy and not using it to train outside models. They partner with cloud providers like Microsoft and AWS for their AI infrastructure.¹³⁰ They announced AI Composer at Hannover Messe 2025 (April 2025) with general availability expected in Summer 2025.¹³²

• UptimeAI: Provides an AI-based operational excellence platform. Their "AI Expert: Generative AI" module, featuring LLM-based AI agents and self-learning workflows, is being integrated into Yokogawa's OpreX Asset Health Insights service for predictive insights and root cause analysis in process industries.⁹⁶

• DatumLabs: Offers niche-oriented GenAI model development, customizing solutions for specific industry standards and objectives, including integrating models like ChatGPT and Claude 3 into existing workflows.¹³⁵

• Appinventiv: An AI development firm that highlights GenAI use cases in manufacturing such as predictive maintenance, supply chain optimization, and quality control. They emphasize partnering with AI development firms for tailored solutions.¹³⁶

• Aglowid IT Solutions: Discusses practical GenAI applications on the shop floor, such as turning old manuals into work steps, planning maintenance by simulating wear scenarios, generating synthetic data for AI inspection tools, and enabling chat-based support for workers.¹³⁸

• XMPro: Focuses on building reliable and scalable GenAI virtual assistants for industrial and operational use cases, addressing accuracy through knowledge grounding and embedding AI within data pipelines.¹³⁹

4.3. Startups in Robotics and Industrial Control

A new wave of startups is leveraging GenAI to revolutionize how industrial robots and control systems are programmed and operated:

• T-Robotics: This US-Norwegian startup (founded 2024) develops physical AI models (ActGPT) that allow operators to program industrial robots using natural conversation while maintaining precision through industry-specific skill models. Their approach aims to significantly reduce programming time and optimize performance. T-Robotics won ABB's AI Startup Challenge in 2024 and secured $5.4M in seed funding. They expect to launch their first commercial application with ABB in 2025.¹⁴ Their ActGPT platform combines natural language instructions, no-code programming, and a digital twin for commissioning, alongside an AI-driven control model with pre-trained skills and neural network adaptability.¹⁴¹

• Mbodi AI: A New York-based startup (founded 2024) whose AI platform (MbodiOS) enables robots to learn and adapt to new tasks in real-time through written/spoken natural language and demonstration. This is particularly aimed at flexible automation for high-mix, low-volume production. Mbodi AI also won ABB's AI Startup Challenge in 2024 and will collaborate with ABB, expecting a commercial application launch in 2025.¹⁴ Their system uses a hybrid architecture combining generative AI with classical robotics techniques, enabling real-time adaptation and learning with actions executed in under 0.5 seconds.¹⁴⁴ They have received accelerator/incubator funding from Synerleap, Mozilla Ventures, and Betaworks.¹⁴⁸

These emerging players are often more agile and can focus on highly specific industrial pain points, driving innovation from the ground up. Their solutions, whether standalone or integrated into larger vendor platforms, are crucial for accelerating the adoption and practical application of GenAI in the diverse landscape of industrial automation.

5. Cross-Vendor Analysis and Market Trends

The integration of Generative AI into industrial automation is not uniform across all major vendors; however, several compelling trends and common approaches are emerging.

5.1. GenAI Adoption Maturity and Focus Areas

Vendors like Siemens, Rockwell Automation, Schneider Electric, ABB, and Honeywell have made significant strides in announcing and, in some cases, deploying GenAI-powered "copilots" or "assistants."

• Siemens showcases a broad vision with its Industrial Copilot suite, aiming to cover the entire value chain from design (Design Copilot NX) and engineering (Engineering Copilot for TIA Portal for PLC/HMI code generation) to manufacturing and maintenance.²¹

• Rockwell Automation is heavily focused on its FactoryTalk Design Studio Copilot for PLC code generation and explanation, leveraging its Microsoft partnership.³² They are also extending AI to operator guidance with the FT Optix Food & Beverage model.²⁹

• Schneider Electric is developing its Automation Copilot for PLC code generation within EcoStruxure Automation Expert and the Resource Advisor Copilot for energy/sustainability, also in close collaboration with Microsoft.²⁰

• ABB has launched GenAI tools like My Measurement Assistant+ for device maintenance and the Industrial Knowledge Vault for expertise retention, both leveraging Microsoft Azure OpenAI and their Genix platform.⁶

• Honeywell is embedding its Intelligent Assistant within Honeywell Forge Production Intelligence for natural language interaction with operational data and has GenAI in tools like Field Process Knowledge System.⁶³

• Emerson is integrating GenAI into its Ovation 4.0 platform for the power and water industries, featuring AI assistants for operator support and predictive guidance, initially using Microsoft Azure OpenAI.⁵³

• Mitsubishi Electric and Yokogawa Electric appear to be in earlier, more foundational stages of GenAI deployment for broad IA platforms, though both have significant AI initiatives. Mitsubishi is partnering with AWS for its Serendie platform and developing its Maisart GenAI for specialized applications.⁸³ Yokogawa has partnered with UptimeAI to bring GenAI to its OpreX Asset Health Insights.⁹⁶

• FANUC, while a leader in AI for CNC and robotics performance (e.g., AI Servo Tuning, iRVision), has less explicit public information on broad GenAI-powered programming assistants compared to the others, focusing more on embedded AI for machine optimization and task execution.¹¹¹

The common focus areas include:

• Code Generation and Engineering Assistance: Simplifying PLC, HMI, and automation logic development (Siemens, Rockwell, Schneider).

• Operator and Maintenance Support: Providing real-time guidance, troubleshooting, and access to knowledge (ABB, Honeywell, Emerson, Tulip, T-Robotics, Mbodi AI).

• Data Analysis and Insights: Enabling natural language querying of complex industrial data (Honeywell, ABB, Tulip).

• Knowledge Management: Capturing and democratizing expert knowledge (ABB Industrial Knowledge Vault).

5.2. Role of Partnerships with Hyperscalers and Specialized AI Firms

Partnerships are proving critical for IA vendors to rapidly integrate advanced GenAI capabilities.

• Microsoft Azure (OpenAI): This is a dominant partnership theme. Siemens, Rockwell Automation, Schneider Electric, ABB, Emerson, and Honeywell all have significant collaborations leveraging Azure OpenAI services for their copilot and assistant offerings.⁶ This allows IA vendors to build upon state-of-the-art LLMs without developing them from scratch.

• AWS: Mitsubishi Electric has a strategic MOU with AWS for GenAI integration into its Serendie platform and data center solutions.⁸³ Siemens also partners with AWS for smart building solutions.²⁷

• Google Cloud: Honeywell is collaborating with Google Cloud to integrate Gemini AI for multimodal applications.²⁰ GE Appliances (a Haier company, formerly part of GE) uses Google's Gemini for its Flavorly AI app.¹²⁷

• NVIDIA: Siemens and Schneider Electric have partnerships with NVIDIA for digital twin technology, accelerated computing for simulation, and AI-driven data center optimization.²⁰

• Specialized AI Firms: Yokogawa's partnership with UptimeAI ⁹⁶ and ABB's AI Startup Challenge winners T-Robotics and Mbodi AI ¹⁴ exemplify collaborations with niche AI companies to bring specific expertise.

These partnerships enable IA vendors to accelerate their GenAI roadmaps, access cutting-edge AI models and infrastructure, and focus on domain-specific applications.

5.3. Dominant Deployment Models (Cloud, Edge, Hybrid)

The deployment models for GenAI in industrial automation are evolving:

• Cloud-Native/Cloud-Connected: Many of the prominent GenAI copilots and assistants (e.g., Rockwell's FactoryTalk Design Studio Copilot, Schneider's Automation Copilot, Honeywell Forge Production Intelligence) are cloud-native or heavily rely on cloud-based AI services (primarily Azure OpenAI) for their processing power and access to LLMs.³² This facilitates scalability, continuous updates, and access to powerful models.

• Edge AI: There's a strong recognition of the need for edge processing, especially for real-time control, low-latency decision-making, and data privacy/security.

• Siemens' Engineering Copilot for TIA Portal connects local installations to cloud AI, representing a hybrid approach.²⁵ Their Industrial Copilot for Operations is also envisioned for the workshop.²⁰

• Yokogawa's e-RT3 Plus platform supports AI applications at the edge.⁹⁷

• Schneider Electric discusses edge computing and AI for SCADA systems.⁴⁶

• FANUC's AI capabilities are largely embedded in its edge controllers.¹¹¹

• Hybrid Models: A combination of edge and cloud is emerging as the most practical approach for many industrial GenAI applications. Edge devices can handle local data processing, real-time inference for specific tasks, and data pre-processing, while the cloud provides the heavy lifting for training large models, complex queries, and centralized analytics. ABB's Genix platform, for example, supports deployment across edge, on-premise, and cloud.⁴

5.4. Challenges and Future Outlook

Despite the rapid advancements, several challenges remain for widespread GenAI adoption in industrial automation:

• Data Quality, Security, and Governance: GenAI models require vast amounts of high-quality, contextualized industrial data. Ensuring data security, privacy (especially with cloud-based models), and proper governance is paramount.⁵⁴ Yokogawa's AI Policy and Governance Code is an example of addressing this.¹⁰⁰

• Reliability and Trustworthiness: For critical industrial applications, AI outputs must be highly reliable, explainable, and trustworthy. "Hallucinations" or inaccuracies from GenAI can have severe consequences. Mitsubishi Electric's focus on formal verification for AI highlights this concern.⁹⁴

• Integration with Legacy Systems: Integrating GenAI with existing, often decades-old, industrial infrastructure (PLCs, SCADA, MES) can be complex.⁴⁶

• Skills Gap: While GenAI aims to simplify tasks, there's still a need for personnel skilled in AI, data science, and managing these new systems. GenAI itself is also seen as a tool to bridge existing skills gaps.³⁰

• Cost and ROI Justification: Implementing GenAI solutions requires investment, and demonstrating clear ROI can be challenging, especially in early adoption phases.¹³⁶

• Ethical Considerations: Ensuring responsible AI development and deployment is crucial.¹⁰⁰

Future Outlook:

The future of GenAI in industrial automation looks promising, with trends pointing towards:

• More Sophisticated Copilots: Assistants will become more context-aware, proactive, and capable of handling more complex multi-step tasks across the entire lifecycle.

• Hyper-Personalization: GenAI will enable more tailored solutions, from custom product designs to personalized operator guidance and training.

• Autonomous Operations: While full autonomy is a longer-term vision, GenAI will accelerate the journey by enabling more intelligent decision-making and adaptive control systems (e.g., Siemens' vPLCs with Audi ²⁴, Yokogawa's autonomous control AI ⁹⁹).

• Democratization of AI: GenAI tools, especially those with natural language interfaces, will make AI capabilities accessible to a broader range of industrial personnel, not just data scientists.

• Enhanced Human-Machine Collaboration: GenAI will foster closer and more intuitive collaboration between humans and machines, augmenting human capabilities rather than simply replacing them.²¹ Startups like T-Robotics and Mbodi AI are pushing the boundaries here.¹⁴⁰

• Focus on Industrial Foundation Models: Efforts like Siemens and Microsoft's IFM ²⁷ could lead to powerful, industry-specific base models that accelerate the development of tailored GenAI applications.

The trajectory suggests a continued deepening of GenAI integration, moving from initial assistance-based applications to more embedded and eventually autonomous functionalities, profoundly reshaping industrial processes and operational paradigms.

6. Conclusion

The integration of Generative AI into industrial automation platforms and tools is rapidly moving from a conceptual possibility to a tangible reality, with major vendors and innovative startups alike demonstrating significant progress. The overarching trend is the development of AI-powered "copilots" and intelligent assistants designed to augment human capabilities, streamline complex engineering tasks, enhance operational decision-making, and unlock new efficiencies across the industrial value chain.

Key strategic directions are evident:

1. Leveraging Hyperscaler Partnerships: Established IA vendors are overwhelmingly partnering with cloud hyperscalers—primarily Microsoft Azure (and its OpenAI services), but also AWS and Google Cloud—to access state-of-the-art LLMs and scalable AI infrastructure. This allows them to accelerate GenAI feature development and focus on domain-specific applications rather than building foundational models from scratch.

2. Improving Engineering and Design Efficiency: A primary focus for vendors like Siemens, Rockwell Automation, and Schneider Electric is the application of GenAI to simplify and accelerate the design and programming of automation systems, particularly PLC code generation and HMI development. This aims to reduce development time, minimize errors, and make sophisticated automation accessible to a broader range of engineers.

3. Empowering the Frontline Workforce: Companies like ABB, Honeywell, and Emerson, along with emerging players like Tulip Interfaces, are developing GenAI tools to provide real-time operational support, troubleshooting assistance, and knowledge access to plant operators and maintenance personnel. This addresses critical industry challenges such as skills gaps and knowledge retention.

4. Data-Driven Operational Excellence: GenAI is being used to analyze vast amounts of industrial data, offering insights through natural language queries and enabling more predictive and proactive approaches to maintenance, quality control, and overall process optimization.

5. The Rise of Specialized and Edge AI: While many GenAI tools are cloud-connected, there is a clear trend towards embedding AI at the edge (within controllers and local systems) for real-time applications and data security. Furthermore, niche AI firms and startups are driving innovation in specific areas like natural language robotic programming and real-time skill acquisition for robots.

However, the path to widespread GenAI adoption in industry is not without its challenges. Concerns around data security, the reliability and trustworthiness of AI-generated outputs in critical systems, integration with legacy infrastructure, and the need for new skill sets are all significant considerations that vendors and end-users must address. The development of robust AI governance frameworks, as seen with Yokogawa, and a focus on formal verification methods for AI, as highlighted by Mitsubishi Electric, will be crucial for building confidence and ensuring responsible deployment.

Looking ahead, the continued evolution of GenAI, including the development of more sophisticated industrial foundation models and multimodal AI capabilities, promises to further deepen its impact. The journey from AI-assisted operations to more autonomous systems will be incremental but transformative. The ability of GenAI to learn, adapt, and collaborate with human experts will be a defining characteristic of the next generation of industrial automation, paving the way for more resilient, efficient, and intelligent manufacturing and process industries. The strategic investments and partnerships being forged today are laying the groundwork for this AI-driven future.

Works cited

1. Top 10 industrial automation companies in the world - Aeliya Marine Tech, accessed May 6, 2025, https://aeliyamarinetech.com/blogs/updates/top-10-industrial-automation-companies-in-the-world

2. Major Players - Industrial Automation And Control Systems Industry, accessed May 6, 2025, https://www.coherentmarketinsights.com/blog/insights/major-players-industrial-automation-and-control-systems-industry-2214

3. ABB Genix™ Industrial IoT and AI Suite | Process Automation, accessed May 6, 2025, https://new.abb.com/process-automation/genix

4. ABB Ability™ Genix, accessed May 6, 2025, https://new.marketplace.ability.abb/s/products/process-automation/abb-ability-genix?

5. ABB Genix™ Industrial IoT and AI Platform Suite architecture, accessed May 6, 2025, https://new.abb.com/process-automation/genix/genix-architecture

6. ABB simplifies industrial device maintenance with Generative AI | News center, accessed May 6, 2025, https://new.abb.com/news/detail/124533/abb-simplifies-industrial-device-maintenance-with-generative-ai

7. ABB embraces Azure OpenAI Service to help make industrial sector leaner and cleaner | Microsoft Customer Stories, accessed May 6, 2025, https://www.microsoft.com/en/customers/story/19773-abb-group-azure

8. Top 10 AI Manufacturing Platforms - AI Magazine, accessed May 6, 2025, https://aimagazine.com/top10/top-10-ai-manufacturing-platforms

9. ABB simplifies industrial device maintenance with Generative AI - Microsoft News, accessed May 6, 2025, https://news.microsoft.com/de-ch/2025/03/25/abb-simplifies-industrial-device-maintenance-with-generative-ai/

10. ABB launches ABB Ability™ Industrial Knowledge Vault, a generative AI solution to safeguard expertise and empower workforces | News center, accessed May 6, 2025, https://new.abb.com/news/detail/124645/abb-launches-abb-ability-industrial-knowledge-vault-a-generative-ai-solution-to-safeguard-expertise-and-empower-workforces

11. ABB debuts gen AI 'knowledge vault' to protect, streamline Industry 4.0 knowhow, accessed May 6, 2025, https://www.rcrwireless.com/20250331/industry-4-0/abb-gen-ai-knowledge-vault

12. Tailored GenAI Solution Helps ABB Drives Improve Efficiency - Tietoevry, accessed May 6, 2025, https://www.tietoevry.com/en/success-stories/2025/genai-solution-abb-drives/

13. 'Eyes, hands, brains and mobility' will define robotics beyond 2025 | News center | ABB, accessed May 6, 2025, https://new.abb.com/news/detail/123778/prsrl-eyes-hands-brains-and-mobility-will-define-robotics-beyond-2025

14. ABB Robotics names T-Robotics and Mbodi as AI Startup Challenge Winners | News center, accessed May 6, 2025, https://new.abb.com/news/detail/122287/abb-robotics-names-t-robotics-and-mbodi-as-ai-startup-challenge-winners?trk=public_post_comment-text

15. AI-powered energy management helps industries outrun | News center - ABB, accessed May 6, 2025, https://new.abb.com/news/detail/124213/ai-powered-energy-management-helps-industries-outrun

16. ABB to Unleash the Power of OmniCore at Automate 2025, accessed May 6, 2025, https://www.automate.org/robotics/news/abb-to-unleash-the-power-of-omnicore-at-automate-2025

17. Top 10 Industrial Automation Companies in 2025 - HKMAYBO, accessed May 6, 2025, https://www.hkmaybo.com/blog/detail/top-10-industrial-automation-companies-in-2025

18. Top 10 Industrial Control & Factory Automation Companies Paving the Way in 2024, accessed May 6, 2025, https://extrapolate.com/blog/top-10-industrial-control-factory-automation-leaders-2024

19. Top 10 Industrial Control & Factory Automation Companies Paving the Way in 2024, accessed May 6, 2025, https://www.extrapolate.com/blog/top-10-industrial-control-factory-automation-leaders-2024

20. Everything Can Be AI, Industrial Automation Accelerates Change, accessed May 6, 2025, https://www.sango-automation.com/news/everything-can-be-ai-industrial-automation-ac-84161662.html

21. Siemens Industrial Copilot - Siemens Global, accessed May 6, 2025, https://www.siemens.com/global/en/products/automation/topic-areas/artificial-intelligence-in-industry/industrial-copilot.html

22. Industrial Copilots: Generative AI-powered value chain optimization - Siemens, accessed May 6, 2025, https://www.siemens.com/global/en/products/automation/topic-areas/industrial-ai/industrial-copilot.html

23. Siemens and Microsoft, accessed May 6, 2025, https://www.sw.siemens.com/en-US/partners/find-a-partner/microsoft/

24. Siemens accelerates path toward AI-driven industries through innovation and partnerships, accessed May 6, 2025, https://press.siemens.com/global/en/pressrelease/siemens-accelerates-path-toward-ai-driven-industries-through-innovation-and

25. Siemens Industrial Copilot for Engineering - ID: 109955813 - Industry Support Siemens, accessed May 6, 2025, https://support.industry.siemens.com/cs/document/109955813/siemens-industrial-copilot-for-engineering?dti=0&lc=en-WW

26. Siemens expands Industrial Copilot with New generative AI-powered Maintenance Offering, accessed May 6, 2025, https://press.siemens.com/global/en/pressrelease/siemens-expands-industrial-copilot-new-generative-ai-powered-maintenance-offering

27. Siemens Announces AI Partnerships with Microsoft, Accenture, NVIDIA, and AWS, accessed May 6, 2025, https://www.arcweb.com/blog/siemens-announces-ai-partnerships-microsoft-accenture-nvidia-aws

28. Mapping 4,000 global industrial automation projects - IoT Analytics, accessed May 6, 2025, https://iot-analytics.com/industrial-automation-projects/

29. Rockwell and Microsoft Strategic collaboration | Industrial Ethernet Book, accessed May 6, 2025, https://iebmedia.com/news/tech-updates/rockwell-and-microsoft-strategic-collaboration/

30. Vision to Reality: Industrial Gen-AI Revolution | Rockwell Automation | UK, accessed May 6, 2025, https://www.rockwellautomation.com/en-gb/company/news/blogs/ai-revolution-2024.html

31. FactoryTalk Software - Rockwell Automation, accessed May 6, 2025, https://www.rockwellautomation.com/en-us/products/software/factorytalk.html

32. FactoryTalk Design Studio with Copilot - Microsoft AppSource, accessed May 6, 2025, https://appsource.microsoft.com/en-us/product/web-apps/rockwellautomationinc.rockwell_factorytalk_design_studio?tab=overview

33. FactoryTalk Design Studio - ROTEC, accessed May 6, 2025, https://rotec.bg/software/design/factorytalk-design-studio/

34. FactoryTalk Design Studio | FactoryTalk | UK - Rockwell Automation, accessed May 6, 2025, https://www.rockwellautomation.com/en-gb/products/software/factorytalk/design-studio.html

35. Rockwell Automation and Microsoft Deliver on a Shared Vision to Accelerate Industrial Transformation, accessed May 6, 2025, https://www.rockwellautomation.com/en-gb/company/news/press-releases/Rockwell-Automation-and-Microsoft-Deliver-on-a-Shared-Vision-to-Accelerate-Industrial-Transformation.html

36. Design and Build New Capacity with Rockwell Automation, accessed May 6, 2025, https://www.rockwellautomation.com/en-cz/capabilities/new-capacity.html

37. Rockwell Automation and Microsoft Deliver on a Shared Vision to Accelerate Industrial Transformation, accessed May 6, 2025, https://www.rockwellautomation.com/en-us/company/news/press-releases/Rockwell-Automation-and-Microsoft-Deliver-on-a-Shared-Vision-to-Accelerate-Industrial-Transformation.html

38. Generative AI, the Industrial Metaverse, and Robotics Innovations at Rockwell Automation Fair 2023 - IDC, accessed May 6, 2025, https://www.idc.com/getdoc.jsp?containerId=US50030323

39. Artificial Intelligence solutions and AI use cases | Schneider Electric USA, accessed May 6, 2025, https://www.se.com/us/en/work/solutions/artificial-intelligence/solutions.jsp

40. ml-eu.globenewswire.com, accessed May 6, 2025, https://ml-eu.globenewswire.com/Resource/Download/f1ea85f8-1904-4328-b86c-683ab4f52d07

41. Schneider Electric drives Generative AI productivity and sustainability solutions by integrating Microsoft Azure OpenAI, accessed May 6, 2025, https://www.se.com/ca/en/about-us/newsroom/news/press-releases/schneider-electric-drives-generative-ai-productivity-and-sustainability-solutions-by-integrating-microsoft-azure-openai-655f799c5279d6c16108ba9d

42. Transforming Energy Systems with Artificial Intelligence Perspectives from Schneider Electric - The European Files, accessed May 6, 2025, https://www.europeanfiles.eu/non-classe/transforming-energy-systems-with-artificial-intelligence-perspectives-from-schneider-electric

43. Schneider Electric drives Generative AI productivity and sustainability solutions by integrating Microsoft Azure OpenAI, accessed May 6, 2025, https://www.se.com/hk/en/about-us/newsroom/news/press-releases/schneider-electric-drives-generative-ai-productivity-and-sustainability-solutions-by-integrating-microsoft-azure-openai-655c55e37567efb7820d4354

44. Top Articles of 2024, #3: AI Co-Pilot Added to Schneider Electric's and Siemens's PLC Programming Suites | OEM Magazine, accessed May 6, 2025, https://www.oemmagazine.org/engineering/automation/article/22929300/top-articles-of-2024-3-ai-copilot-added-to-schneider-electrics-and-siemenss-plc-programming-suites

45. AI in energy. AI in industry | Schneider Electric USA, accessed May 6, 2025, https://www.se.com/us/en/work/solutions/artificial-intelligence/

46. How edge computing and AI can revolutionize SCADA systems—use cases in the Water & Wastewater industry - Schneider Electric Blog, accessed May 6, 2025, https://blog.se.com/industry/2024/09/10/how-edge-computing-and-ai-can-revolutionize-scada-systems-use-cases-in-the-water-wastewater-industry/

47. Benefits of integrating a MES system with SCADA - Control Engineering, accessed May 6, 2025, https://www.controleng.com/benefits-of-integrating-a-mes-system-with-scada/

48. Schneider Electric plugs into AI's power hunger with Nvidia digital twin tech - The Register, accessed May 6, 2025, https://www.theregister.com/2025/03/19/schneider_electric_nvidia_digital_twin/

49. Schneider Electric AI Solutions - Overview - WWT, accessed May 6, 2025, https://www.wwt.com/go/CtehV5Zeo

50. Schneider Electric Plans to Invest Over $700 million in the U.S., Supporting Energy & AI Sectors and Job Growth, accessed May 6, 2025, https://www.se.com/us/en/about-us/newsroom/news/press-releases/schneider-electric-plans-to-invest-over-700-million-in-the-u-s-supporting-energy-ai-sectors-and-job-growth-67bdeb3ee4475a5955011b6a

51. Schneider Electric Launches Global AI Ecosystem Organization To Help Partners Capture AI Opportunity - CRN, accessed May 6, 2025, https://www.crn.com/news/data-center/2025/schneider-electric-launches-global-ai-ecosystem-organization-to-help-partners-capture-ai-opportunity

52. Schneider Electric Outlines Pathways for a Modern, Resilient Grid to Power America's AI-Driven Future, accessed May 6, 2025, https://www.se.com/us/en/about-us/newsroom/news/press-releases/schneider-electric-outlines-pathways-for-a-modern-resilient-grid-to-power-america%E2%80%99s-ai-driven-future-680fe42e9699f5ef930877b6

53. Ovation 4.0 | Emerson US, accessed May 6, 2025, https://www.emerson.com/en-us/automation/brands/ovation/ovation-4

54. Emerson's Transformative GenAI Automation Delivers Powerful New Tool for Power and Water Industries | EMR Stock News, accessed May 6, 2025, https://www.stocktitan.net/news/EMR/emerson-s-transformative-gen-ai-automation-delivers-powerful-new-taozzeqxzd7h.html

55. Accelerating Industrial Innovation for the Future | Emerson US, accessed May 6, 2025, https://www.emerson.com/en-us/innovations/accelerating-industrial-innovation-for-the-future

56. Ovation | Emerson NL, accessed May 6, 2025, https://www.emerson.com/nl-nl/automation/ovation

57. Ovation | Emerson US, accessed May 6, 2025, https://www.emerson.com/en-us/automation/ovation

58. Explore Emerson Australia & New Zealand Newsletter September Issue A word from Boris Gabin Proven Result Selected Products,, accessed May 6, 2025, https://www.emerson.com/documents/automation/anz-newsletter-september-2024-issue-en-au-10154676.pdf

59. Accelerating Industrial Innovation for the Future | Emerson SG, accessed May 6, 2025, https://www.emerson.com/en-sg/innovations/accelerating-industrial-innovation-for-the-future

60. Emerson Partnership Bolsters UT Expertise in Semiconductors and AI - UT Austin News, accessed May 6, 2025, https://news.utexas.edu/2025/02/25/emerson-partnership-bolsters-ut-expertise-in-semiconductors-and-ai/

61. Generative AI Slow Rolls into Industry | Emerson US, accessed May 6, 2025, https://www.emerson.com/en-us/news/2025/03-generative-ai-slow-rolls-into-industry

62. Introduction to Emerson and AI, accessed May 6, 2025, https://emersonsociety.org/introduction-to-emerson-and-ai/

63. Industrial AI: Unlocking the Superpowers Within Your Operation, accessed May 6, 2025, https://www.honeywell.com/us/en/news/2024/11/industrial-ai-unlocking-the-superpowers-within-your-operation

64. Honeywell Unveils Innovative AI Assistant, accessed May 6, 2025, https://automation.honeywell.com/us/en/news/press-releases/2025/honeywell-unveils-innovative-ai-assistant

65. Accelerate Your AI Journey with Honeywell, accessed May 6, 2025, https://www.honeywell.com/us/en/ai

66. Honeywell Forge, accessed May 6, 2025, https://www.honeywell.com/us/en/solutions/honeywell-forge

67. SCADA - Honeywell Process Solutions, accessed May 6, 2025, https://process.honeywell.com/us/en/products/control-and-supervisory-systems/scada

68. Experion® PKS - Honeywell Process Solutions, accessed May 6, 2025, https://process.honeywell.com/us/en/products/control-and-supervisory-systems/scada/experion-pks

69. Honeywell Launches AI Assistant for Industrial Operators - Enterprise IT World, accessed May 6, 2025, https://www.enterpriseitworld.com/honeywell-launches-ai-assistant-for-industrial-operators/

70. Honeywell unveils innovative AI assistant for industrial operators in Honeywell Forge Production Intelligence - CRN, accessed May 6, 2025, https://www.crn.in/news/honeywell-unveils-innovative-ai-assistant-for-industrial-operators-in-honeywell-forge-production-intelligence/

71. Digital Services | Honeywell Intelligrated, accessed May 6, 2025, https://automation.honeywell.com/us/en/services/warehouse-automation/digital-services

72. Industrial Operations - Honeywell Process Solutions, accessed May 6, 2025, https://process.honeywell.com/us/en/solutions/industrial-operations

73. autonomous plant - Honeywell Process Solutions, accessed May 6, 2025, https://process.honeywell.com/content/dam/process/en/documents/downloads/hps-wpr-end-to-end-autonomous-plant-a4-en2.pdf

74. Honeywell Study Reveals More Than 80% of Commercial Building Managers Plan to Increase the Use of AI to Optimize Operations, accessed May 6, 2025, https://www.honeywell.com/us/en/press/2025/02/honeywell-study-reveals-more-than-80-of-commercial-building-managers-plan-to-increase-the-use-of-ai-to-optimize-operations

75. How AI Enables Autonomous Industrial Operations - Honeywell, accessed May 6, 2025, https://www.honeywell.com/us/en/automation/ai-autonomous-industrial-operations-whitepaper

76. C3 AI + Microsoft Azure​, accessed May 6, 2025, https://c3.ai/partners/microsoft-azure-partnership/

77. Meet Our Global Strategic Partners | C3 AI, accessed May 6, 2025, https://c3.ai/partners/

78. Honeywell Announces Intent to Separate Automation and Aerospace, Enabling the Creation of Three Industry-leading Companies, accessed May 6, 2025, https://www.honeywell.com/us/en/press/2025/02/honeywell-announces-portfolio-update

79. What Does Honeywell Breakup Mean for Smart Buildings, AI Data Centers and Sustainable IT Services Partners?, accessed May 6, 2025, https://sustainabletechpartner.com/news/what-does-honeywell-breakup-mean-for-smart-buildings-ai-data-centers-and-sustainable-it-services-partners/

80. Product - Robotic Machine Tending Solution | Mitsubishi Electric Automation, accessed May 6, 2025, https://www.automate.org/products/mitsubishi-electric-automation-inc/aria

81. Programmable Controllers MELSEC | Mitsubishi Electric Automation, accessed May 6, 2025, https://us.mitsubishielectric.com/fa/en/products/cnt/programmable-controllers/

82. Programmable Controllers MELSEC | Products | MITSUBISHI ELECTRIC Factory Automation, accessed May 6, 2025, https://www.mitsubishielectric.com/fa/products/cnt/plc/

83. MITSUBISHI ELECTRIC News Releases Mitsubishi Electric and ..., accessed May 6, 2025, https://www.mitsubishielectric.com/news/2025/0114-a.html

84. Generative AI | Maisart | MITSUBISHI ELECTRIC Global website, accessed May 6, 2025, https://www.mitsubishielectric.com/rd/maisart/generative-ai/index.html

85. Deep learning | Maisart | MITSUBISHI ELECTRIC Global website, accessed May 6, 2025, https://www.mitsubishielectric.com/rd/maisart/deep-learning/

86. Manufacturing Processes with AI-Powered Visual Inspection, accessed May 6, 2025, https://www.ien.eu/article/manufacturing-processes-with-ai-powered-visual-inspection/

87. Mitsubishi Electric's New Robot Range Supports Manufacturing DX | RoboticsTomorrow, accessed May 6, 2025, https://www.roboticstomorrow.com/news/2025/03/03/mitsubishi-electrics-new-robot-range-supports-manufacturing-dx/24342/

88. Top Generative AI Use Cases by Industry - InData Labs, accessed May 6, 2025, https://indatalabs.com/blog/generative-ai-use-cases-by-industry

89. Automotive equipment | Products & solutions | MITSUBISHI ELECTRIC UNITED STATES, accessed May 6, 2025, https://us.mitsubishielectric.com/en/products-solutions/automotive-equipment/index.html

90. Mitsubishi Electric, AWS Join Forces to Drive AI Innovation - The Fast Mode, accessed May 6, 2025, https://www.thefastmode.com/technology-solutions/39085-mitsubishi-electric-aws-join-forces-to-drive-ai-innovation

91. Mitsubishi Electric Automation and Realtime Robotics Speed Programming and Deployment Time for Industrial Robots, accessed May 6, 2025, https://rtr.ai/mitsubishi-electric-automation-and-realtime-robotics-speed-programming-and-deployment-time-for-industrial-robots/

92. Azure OpenAI Service, accessed May 6, 2025, https://azure.microsoft.com/en-us/products/ai-services/openai-service

93. Choosing the right deployment option for your GenAI project - Fonction Labs, accessed May 6, 2025, https://fonctionlabs.com/blog/choosing-deployment-for-generative-ai

94. Mitsubishi Electric Develops Rapid Formal Verification Technology for AI, accessed May 6, 2025, https://www.mitsubishielectric.com/news/2025/0226.html

95. Maisart | MITSUBISHI ELECTRIC Global website, accessed May 6, 2025, https://www.mitsubishielectric.com/rd/maisart/index.html

96. Yokogawa and UptimeAI Deliver Operational Excellence through AI ..., accessed May 6, 2025, https://www.automation.com/en-us/articles/january-2025/yokogawa-uptimeai-operational-excellence-ai-asset

97. Industrial AI Platform | Yokogawa Electric Corporation, accessed May 6, 2025, https://www.yokogawa.com/solutions/products-and-services/control/control-devices/real-time-os-based-machine-controllers/ert3-ai-platform/

98. AI Product Solutions | Yokogawa America, accessed May 6, 2025, https://www.yokogawa.com/us/solutions/products-and-services/measurement/data-acquisition-products/ai-product-solutions/

99. Yokogawa Launches Autonomous Control AI Service for Use with Edge Controllers, accessed May 6, 2025, https://www.yokogawa.com/us/news/press-releases/2023/2023-02-27/

100. Yokogawa Formulates AI Policy and Group AI Governance Code ..., accessed May 6, 2025, https://www.yokogawa.com/in/news/briefs/2025/2025-04-01/

101. CENTUM VP DCS | Yokogawa America, accessed May 6, 2025, https://www.yokogawa.com/us/solutions/products-and-services/control/control-and-safety-system/distributed-control-systems-dcs/centum-vp/

102. Distributed Control System (DCS) | Yokogawa America, accessed May 6, 2025, https://www.yokogawa.com/us/solutions/products-and-services/control/control-and-safety-system/distributed-control-systems-dcs/

103. ProSafe-RS Safety Instrumented System - Yokogawa, accessed May 6, 2025, https://www.yokogawa.com/us/solutions/products-and-services/control/control-and-safety-system/safety-instrumented-systems-sis/process-safety-system-prosafe-rs/

104. Integrated CENTUM VP and ProSafe-RS Systems Ensure Nonstop Operation of ADU/DKU Processes | Yokogawa Electric Corporation, accessed May 6, 2025, https://www.yokogawa.com/library/resources/references/integrated-centum-vp-and-prosafe-rs-systems-ensure-nonstop-operation-of-adu-dku-processes/

105. Yokogawa and UptimeAI Forge Business and Capital Partnership to Deliver Operational Excellence through AI-Powered Asset Performance Management, accessed May 6, 2025, https://www.uptimeai.com/resources/yokogawa-and-uptimeai-partnership/

106. Yokogawa Releases White Paper Outlining Scenarios for the Year 2040, accessed May 6, 2025, https://www.yokogawa.com/news/press-releases/2025/2025-02-27/

107. Generative AI Cloud Platforms: AWS, Azure, or Google Cloud?, accessed May 6, 2025, https://cloud.folio3.com/blog/generative-ai-cloud-platforms-aws-azure-or-google-cloud/

108. Comparing Generative AI Offerings From Major Cloud Providers - Megaport, accessed May 6, 2025, https://www.megaport.com/blog/comparing-generative-ai-offerings-from-major-cloud-providers/

109. 2024 Press Releases | Yokogawa America, accessed May 6, 2025, https://www.yokogawa.com/us/news/press-releases/2024/

110. Do you FANUC? - Version 2, accessed May 6, 2025, https://www.fanuc.eu/campaign/do-you-fanuc-version-2

111. Automation Solutions for Any Manufacturing Application - FANUC America, accessed May 6, 2025, https://www.fanucamerica.com/solutions

112. Innovating Tomorrow: FANUC to Showcase Cutting-Edge Robotics and Automation Solutions at Automate 2025 | RoboticsTomorrow, accessed May 6, 2025, https://www.roboticstomorrow.com/news/2025/04/29/innovating-tomorrow-fanuc-to-showcase-cutting-edge-robotics-and-automation-solutions-at-automate-2025/24660

113. FANUC Showcases Automated Warehouse Solutions at ProMat 2025, accessed May 6, 2025, https://www.fanucamerica.com/news-resources/fanuc-america-press-releases/2025/03/05/fanuc-showcases-automated-warehouse-solutions-at-promat-2025

114. FANUC Showcases Automated Warehouse Solutions at Promat 2025, accessed May 6, 2025, https://www.prnewswire.com/news-releases/fanuc-showcases-automated-warehouse-solutions-at-promat-2025-302393294.html

115. FANUC to Showcase Robotics and Automation Solutions at ..., accessed May 6, 2025, https://www.fanucamerica.com/news-resources/fanuc-america-press-releases/2025/04/28/fanuc-to-showcase-cutting-edge-robotics-and-automation-solutions-at-automate-2025

116. CNC Programming & Simulation Software Solutions - FANUC America, accessed May 6, 2025, https://www.fanucamerica.com/products/cnc/cnc-software/programming-simulation-software

117. Complex Machining for the Automotive Industry - FANUC, accessed May 6, 2025, https://www.fanuc.eu/industry/complex-machining-automotive-industry

118. Robot and CNC Integration - FANUC America, accessed May 6, 2025, https://www.fanucamerica.com/products/cnc/robot-and-cnc-integration

119. Robotics & Automation for the Automotive Industry | FANUC Global, accessed May 6, 2025, https://www.fanuc.eu/eu-en/industry/robotics-automation-automotive-industry

120. Precision Loading and Micron-Level Machining with FANUC Solutions, accessed May 6, 2025, https://www.fanuc.eu/case-studies/precision-loading-and-micron-level-machining-fanuc-solutions

121. Case Studies - Find more information here - FANUC, accessed May 6, 2025, https://www.fanuc.eu/case-studies

122. AI partners | Google Cloud, accessed May 6, 2025, https://cloud.google.com/partners/ai

123. Build AI-enabled applications with Azure AI and NVIDIA | Microsoft Azure Blog, accessed May 6, 2025, https://azure.microsoft.com/en-us/blog/build-ai-enabled-applications-with-azure-ai-and-nvidia/

124. Reimagined Manufacturing Operations with Agentic AI and Agents - XenonStack, accessed May 6, 2025, https://www.xenonstack.com/blog/agentic-ai-manufacturing

125. FANUC Showcases Automated Warehouse Solutions at Promat 2025 - Rockingrobots, accessed May 6, 2025, https://www.rockingrobots.com/fanuc-showcases-automated-warehouse-solutions-at-promat-2025/

126. The 10 Best Generative AI Development Companies - Awesome Technologies Inc, accessed May 6, 2025, https://awesometechinc.com/generative-ai-development-companies/

127. GE Appliances Named “Smart Appliance Company of the Year” in 2025 IoT Breakthrough Awards Program, accessed May 6, 2025, https://pressroom.geappliances.com/news/ge-appliances-named-smart-appliance-company-of-the-year-in-2025-iot-breakthrough-awards-program

128. How Generative AI is Transforming Manufacturing: Top Use… | Tulip, accessed May 6, 2025, https://tulip.co/blog/generative-ai-manufacturing/

129. Optimize Your Manufacturing: How AI Enhances Troubleshooting… | Tulip, accessed May 6, 2025, https://tulip.co/blog/ai-troubleshooting-manufacturing/

130. AI Copilot for Manufacturing: Enhancing Operations with Artificial Intelligence, accessed May 6, 2025, https://tulip.co/blog/ai-manufacturing-copilot/

131. Introducing AI Composer: Instantly Turn SOPs into Interactive Apps - Tulip Interfaces, accessed May 6, 2025, https://tulip.co/blog/introducing-ai-composer/

132. Tulip Announces AI Composer to Instantly Transform Documents into Interactive Apps, accessed May 6, 2025, https://tulip.co/press/ai-composer-announcement/

133. Manufacturing Dashboards - Tulip Interfaces, accessed May 6, 2025, https://tulip.co/production-management/manufacturing-dashboards/

134. Artificial Intelligence Built for Operations - Tulip Interfaces, accessed May 6, 2025, https://tulip.co/platform/artificial-intelligence/

135. Generative AI Tools for Automation and Creativity | DatumLabs, accessed May 6, 2025, https://www.datumlabs.io/services/gen-ai

136. AI in Manufacturing: Use Cases and Examples - Appinventiv, accessed May 6, 2025, https://appinventiv.com/blog/ai-in-manufacturing/

137. Generative AI in Manufacturing: 10 Use-Cases for Innovation - Appinventiv, accessed May 6, 2025, https://appinventiv.com/blog/generative-ai-in-manufacturing/

138. Generative AI in Manufacturing: The Future of Smart Factories - Aglowid IT Solutions, accessed May 6, 2025, https://aglowiditsolutions.com/blog/generative-ai-in-manufacturing/

139. How to Build Reliable and Scalable GenAI Virtual Assistants for Industry - XMPRO, accessed May 6, 2025, https://xmpro.com/how-to-build-reliable-and-scalable-genai-virtual-assistants-for-industry/

140. Natural language robotics start-ups win ABB AI Challenge - Drives & Controls, accessed May 6, 2025, https://drivesncontrols.com/natural-language-robotics-start-ups-win-abb-ai-challenge/

141. T-robotics - Engine Ventures, accessed May 6, 2025, https://engineventures.com/companies/t-robotics

142. Teradyne Robotics to debut AI Accelerator-powered solutions at NVIDIA GTC 2025, accessed May 6, 2025, https://www.universal-robots.com/news-and-media/news-center/teradyne-robotics-to-debut-ai-accelerator-powered-solutions-at-nvidia-gtc-2025/

143. T-robotics Secures $5.4M Seed Funding and Applies AI to How Industrial Robots Understand, Learn, and Adapt to Complex Manufacturing Environments - Business Wire, accessed May 6, 2025, https://www.businesswire.com/news/home/20241217749409/en/T-robotics-Secures-%245.4M-Seed-Funding-and-Applies-AI-to-How-Industrial-Robots-Understand-Learn-and-Adapt-to-Complex-Manufacturing-Environments

144. Mbodi AI enables robots to learn skills via natural language, accessed May 6, 2025, https://www.therobotreport.com/rbr50-company-2025/mbody-ai-enables-robots-to-learn-skills-via-natural-language/

145. Mbodi AI | Making Robots Smarter, Faster, accessed May 6, 2025,

https://www.mbodi.ai/

1. ABB Robotics Crowns AI Startup Challenge 2024 Winners - News - Control.com, accessed May 6, 2025, https://control.com/news/abb-robotics-crowns-ai-startup-challenge-2024-winners/

2. From Ocean Depths to Factory Floors: Robotics Innovations Shaping the Future - Lucid Bots, accessed May 6, 2025, https://lucidbots.com/robot-rundown/ocean-depths-factory-floors

3. Mbodi 2025 Company Profile: Valuation, Funding & Investors - PitchBook, accessed May 6, 2025, https://pitchbook.com/profiles/company/596003-41

4. Microsoft: AI in Action, accessed May 6, 2025, https://news.microsoft.com/ai-in-action/

5. GE Aerospace rolls out generative AI platform to 52000 employees - Technology Record, accessed May 6, 2025, https://www.technologyrecord.com/article/ge-aerospace-rolls-out-generative-ai-platform-to-52000-employees

accessed December 31, 1969, https://www.fanuc.eu/eu-en/technologies/field-syste

m

If you follow cybersecurity closely, you’ve probably heard of Ghost Emperor. Also known as Salt Typhoon, FamousSparrow, or UNC2286, this Chinese state-sponsored threat group has quietly become one of the most sophisticated players in the cyber landscape. Over the years, they have evolved from targeting Southeast Asian governments to compromising major U.S. telecommunications companies. With tools like the Demodex rootkit and advanced endpoint detection and response (EDR) evasion techniques, they’ve shown a remarkable ability to persist undetected in critical systems for extended periods.

Subscribe now

Major Operations: The Anatomy of a Ghost

Ghost Emperor is not just another Advanced Persistent Threat (APT). Their operations have been both strategic and bold, especially their attacks on U.S. telecom giants such as AT&T, Verizon, and Lumen Technologies. These breaches, discovered in late 2024, allowed them access to sensitive customer data, including call records, and possibly even compromised wiretap systems—a serious threat to U.S. national security.

In September 2024, the Wall Street Journal reported on Salt Typhoon's infiltration of U.S. internet service providers, putting the security of numerous officials at risk. This wasn’t just a wake-up call—it was an alarm bell for the entire industry. Beyond telecommunications, Ghost Emperor has carried out attacks across Southeast Asia, targeting government networks in countries like Malaysia, Thailand, Vietnam, and Indonesia between 2020 and 2021.

Their attacks haven’t been limited to telecoms. Ghost Emperor has also targeted law enforcement communication systems, which could compromise sensitive police operations and investigations. In August 2024, they reappeared with an updated version of their Demodex rootkit, highlighting their commitment to continuously improving their tools and techniques.

State-Sponsored and Here to Stay

There is little doubt that Ghost Emperor is backed by the Chinese government. Evidence shows clear links to China’s Ministry of State Security and collaboration with other Chinese threat groups, like Volt Typhoon and Flax Typhoon. Their operations align perfectly with Chinese strategic interests, making it evident that Salt Typhoon is part of a broader, coordinated effort to expand China’s influence through cyber means.

The Arsenal: Ghost in the Machine

Ghost Emperor’s toolkit is impressively advanced. The Demodex rootkit is one of their key assets—a multi-stage malware that infiltrates deep into the Windows kernel, evading defenses such as Driver Signature Enforcement. Their software can employ legitimate Microsoft tools, perform dynamic function loading, and encrypt configurations, all while disguising itself as multimedia traffic.

To make detection even harder, Ghost Emperor hosts its command-and-control (C2) traffic on Amazon Web Services (AWS) servers. This tactic makes their traffic blend in with legitimate cloud activity, complicating the work of security analysts trying to identify malicious behavior.

Countermeasures: Building Stronger Walls

How do we defend against groups like Ghost Emperor? We need to go beyond basic cybersecurity protections. Advanced endpoint detection and response (EDR) systems are crucial, along with implementing the principle of least privilege to minimize potential damage. Regular penetration tests, better segmentation of network traffic, and consistent employee training to recognize sophisticated phishing tactics are also key defenses.

However, playing defense is not enough. Organizations must take a proactive stance. Leveraging threat intelligence feeds to stay ahead of emerging threats and having a well-prepared incident response plan are essential. Reaction time makes all the difference when combating a group this advanced.

We also need to better identify our most vulnerable critical infrastructure companies and ensure they receive the resources necessary to defend against advanced threats. By levying fines on multi-billion-dollar corporations that fail to meet cybersecurity standards, we can use those funds to strengthen the defenses of our critical infrastructure across the board.

Ghost Emperor and the Bigger Picture: Critical Infrastructure

Salt Typhoon is part of a growing wave of APTs targeting critical infrastructure. They aren’t the only ones; groups like Volt Typhoon have targeted the U.S. energy and transportation sectors, while Russia’s ELECTRUM has aimed at Ukraine’s energy grid. These groups are not interested in quick financial gains; they are embedding themselves in systems that could be pivotal during future conflicts.

The impact of these groups extends beyond a single incident. Every compromised telecom network or power grid leaves vulnerabilities that others can exploit. The risks are very real and immediate, with serious implications for national security and economic stability.

The Policy Failure: Why Red Lines Don’t Work in Cyber

For years, policymakers have relied on the idea of "red lines" in cyberspace, assuming that adversaries would avoid crossing certain thresholds. Ghost Emperor’s operations show that these red lines are largely meaningless in the context of today’s cyber warfare. APT groups thrive on the ambiguity of international norms, pushing the boundaries without triggering direct retaliation.

The difficulty of attribution adds to the problem. Gray zone tactics are slow, incremental, and often below the threshold of traditional conflict, making it hard for defenders to justify a decisive response. We need adaptive deterrents—graduated responses that align with the scale and type of threat we’re facing.

We need better attribution technology, stronger international cooperation, and a focus on resilience. Relying on outdated reactive strategies will only encourage further attacks. Instead, we need to build systems that can withstand long-term attacks and aren’t afraid to impose meaningful costs on the attackers.

Share

No More Ghost Stories

We need to stop acting like our old methods of deterrence are effective. Ghost Emperor has demonstrated that their patience, adaptability, and technical skills can outmaneuver outdated cybersecurity policies. A comprehensive, resilience-oriented strategy that includes proactive engagement is our best bet for keeping them at bay. Otherwise, we’re just telling ghost stories—warning each other of dangers without ever taking real action to confront them.

The challenge of attributing harmful outputs to specific large language models (LLMs) presents a significant cybersecurity concern, encompassing technical barriers, implementation challenges, and the need for robust attribution systems. As reported by arXiv, discerning when and how to attribute in LLMs is fraught with inherent difficulties, highlighting the complexity of this pressing issue in AI security.

Technical Barriers to Attribution

Formal language theory constraints pose fundamental limitations to LLM attribution, as overlapping language classes make unique identification mathematically impossible in certain cases. This challenge is exacerbated by model architecture complexities, including:

• Fine-tuning processes creating convergent output patterns across different base models

• Transfer learning effects blurring boundaries between model signatures

• Architectural similarities producing statistically indistinguishable outputs

Additionally, the computational infeasibility of analyzing massive amounts of LLM output further complicates attribution efforts, even with powerful resources at hand.

Advanced Attack Vectors

Sophisticated adversaries employ network obfuscation techniques to mask the origin of malicious content, utilizing proxy chains and other complex routing mechanisms. Recent research has revealed a new category of attribution evasion called Generation Without Attribution (GWA), where techniques actively suppress model-specific signatures while generating outputs. These advanced attack vectors significantly complicate the task of tracing harmful content back to its source. For instance, the Hide and Seek algorithm demonstrates the ability to accurately identify LLM families with a 72% success rate, highlighting both the progress and ongoing challenges in this field.

Emerging Countermeasures

Researchers are exploring innovative solutions to address the LLM attribution challenge. Watermarking techniques, traditionally used for images, are being adapted for textual content generated by LLMs. The InvisMark framework shows promise with its high-capacity payload embedding, robust resistance to manipulation, and imperceptible alterations to original content. A hybrid approach combining watermarking with fingerprinting techniques and Content Credentials could further strengthen attribution efforts by binding unique identifiers to specific content, mitigating forgery attempts. These emerging countermeasures aim to provide a multi-layered defense against malicious use of LLMs while maintaining model performance and usability.

Future Research Directions

Addressing the complex issue of LLM attribution requires ongoing research and collaboration. Key areas for future investigation include developing resistant watermarking schemes specifically tailored for text-based outputs, as current techniques are primarily adapted from image watermarking. Creating robust detection mechanisms for Generation Without Attribution (GWA) attempts is crucial to counter this emerging threat. Additionally, establishing standardized attribution protocols across the AI industry will be essential for effective implementation and widespread adoption. These research directions aim to enhance the security and accountability of LLM systems while maintaining their utility and performance in various applications.

Blog post organizaed using NotebookLM

Bulut, Muhammed Fatih et al. “TIPS: Threat Actor Informed Prioritization of Applications using SecEncoder.” (2024).

Xu, Rui et al. “InvisMark: Invisible and Robust Watermarking for AI-generated Image Provenance.” (2024).

In our previous discussion, we explored the complex nature of Gray Zone Cyber threats and their significant implications for critical infrastructure. We layed out the definition of these threats, examined their key characteristics, and highlighted the strategic objectives that drive them. We emphasized the crucial role of critical infrastructure companies as both potential targets and essential partners in national security.

Now, as we continue our exploration of this critical topic, we turn our attention to the tangible impacts of Gray Zone Cyber threats. In this second part of our series, we will examine in detail the consequences these threats pose not only to critical infrastructure companies but also to society at large.

The Impact on Critical Infrastructure and Society

The impacts of Gray Zone Cyber threats on critical infrastructure companies are multifaceted and potentially severe, extending far beyond the immediate technical challenges of an attack. These consequences can be categorized into three primary areas: operational disruptions, financial losses, and reputational damage.

Operational Disruptions and Service Outages represent one of the most immediate and visible impacts of Gray Zone cyberattacks on critical infrastructure. These attacks have the potential to cause significant interruptions to essential services and operations. For instance, an attack on energy grids could lead to widespread power outages, while disruptions to transportation systems could paralyze supply chains and impede the movement of goods and people. Similarly, attacks on financial networks could halt transactions and create economic chaos. The ripple effects of such disruptions can be far-reaching, impacting not only the targeted company but also millions of citizens who rely on these services in their daily lives.

Examples:

Targeting of Viasat's satellite broadband service | CFR Interactives

Exclusive: France seeks FBI help in probe of high-speed train sabotage hours before Olympics | Reuters

FBI found Huawei equipment in Midwest could disrupt US nuclear communications: CNN (thehill.com)

The Financial Losses and Recovery Costs associated with Gray Zone cyberattacks can be substantial and long-lasting. These economic consequences manifest in various forms, including direct business interruption losses, the often-considerable expenses involved in restoring systems and data, and potential legal liabilities arising from the breach. The 2007 cyberattacks on Estonia serve as a stark example of the financial vulnerability even technologically advanced nations face in the realm of Gray Zone cyber operations. These attacks resulted in millions of dollars in damages, underscoring the potential scale of economic impact on critical infrastructure companies.

Example:

Compromise of Saudi Aramco and RasGas - Estimated 40 Million in damages

https://www.industrialcybersecuritypulse.com/facilities/throwback-attack-norsk-hydro-gets-hit-by-lockergoga-ransomware/

Estimated 75 Million in damages

Equally significant is the Reputational Damage and Erosion of Trust that can result from successful cyberattacks. In an era where public confidence is crucial, a major security breach can severely tarnish a company's reputation and undermine trust in its ability to secure critical services. This loss of confidence is not a transient issue; it can have enduring consequences that extend far beyond the immediate aftermath of an attack. The erosion of trust can negatively impact customer relationships, potentially leading to loss of business and market share. It can also shake investor confidence, affecting the company's financial stability and future growth prospects. Moreover, the damage to brand value can be substantial and long-lasting, requiring significant time and resources to rebuild.

Example:

German drug giant Bayer breached by Chinese hacking group Wicked Panda: report | CyberScoop

It's important to note that these impacts are often interrelated and can create a cascading effect. For example, operational disruptions lead to financial losses, which in turn can damage reputation. Similarly, reputational damage can result in loss of customers and further financial impact.

Understanding these potential impacts is crucial for critical infrastructure companies in developing comprehensive risk management strategies. It underscores the need for robust cybersecurity measures, resilient systems, and effective crisis management plans. Moreover, it highlights the importance of transparent communication and stakeholder engagement in maintaining trust and mitigating reputational damage in the event of an attack.

Crisis Management and Incident Response Resources:

Information Security Policy Templates | SANS Institute

Establish ICS4ICS Program Processes | Tools for Incident Management | ICS4ICS

By fully comprehending the wide-ranging impacts of Gray Zone Cyber threats, critical infrastructure companies can better prepare themselves to face these challenges, protect their assets and stakeholders, and contribute more effectively to national security efforts in this complex threat landscape.

Societal Impacts

The impacts of Gray Zone Cyber threats extend far beyond the immediate consequences for critical infrastructure companies, reaching deep into the fabric of society. These threats have the potential to erode trust, cause social disruption, and even contribute to political instability. Let's examine these societal impacts in detail.

Erosion of Trust in Government and Institutions is a significant consequence of successful Gray Zone cyberattacks on critical infrastructure. This erosion of trust is not limited to government entities; it can extend to other institutions, potentially impacting social cohesion and fueling political instability. When citizens lose faith in the systems and structures designed to protect them, it can lead to a broader breakdown of societal trust and cooperation.

Social Disruptions and Public Fear are direct outcomes of Gray Zone cyberattacks that target essential services. When people suddenly find themselves unable to access healthcare, financial services, or reliable information, it can create widespread panic and disrupt social order. These disruptions go beyond mere inconvenience; they can fundamentally undermine people's sense of security and well-being. The uncertainty and hardship caused by such attacks can have long-lasting effects on public morale and social stability.

Gray Zone actors often exploit and exacerbate existing Social and Political Divides to amplify the effects of their attacks. By targeting vulnerabilities in social cohesion, these actors can deepen existing tensions and create new fault lines within society. Disinformation campaigns, which frequently accompany cyberattacks, play a crucial role in this process. These campaigns spread false narratives, sow confusion, and can significantly undermine political stability. By exploiting existing social and political cleavages, Gray Zone actors can create a more divided and consequently more vulnerable society.

The cumulative effect of these societal disruptions contributes to Undermining National Security and International Order. Gray Zone cyber operations, by their nature, operate in the ambiguous spaces between peace and war, exploiting gaps in international law and challenging accepted norms of state behavior. This makes it increasingly difficult for nations to deter future aggression or mount effective collective defense responses. As these threats blur the lines between domestic and international security, they pose significant challenges to the established international order and traditional concepts of national security.

Understanding these broader societal impacts is crucial for several reasons:

1. It underscores the need for a whole-of-society approach to cybersecurity, involving not just government and critical infrastructure companies, but also civil society organizations and individual citizens.

2. It highlights the importance of building societal resilience, not just technical resilience, in the face of these threats. This includes fostering critical thinking skills to combat disinformation and strengthening social cohesion to withstand attempts to exploit social divisions.

3. It emphasizes the need for transparent communication and public education about these threats. By understanding the nature and potential impacts of Gray Zone cyber operations, citizens can be better prepared and more resilient in the face of attacks.

4. It underscores the importance of international cooperation and the development of new norms and accountability mechanisms in cyberspace to address these evolving threats.

Conclusion

The potential impacts of Gray Zone cyberattacks on both critical infrastructure companies and society at large underscore the pressing need for a comprehensive and collaborative approach to resilience. This conclusion serves to emphasize the imperative for proactive measures and cooperation across various sectors to effectively address these evolving threats.

The multifaceted nature of Gray Zone cyber threats demands a multi-pronged strategy:

Enhanced Cybersecurity Measures are the first line of defense for critical infrastructure companies. Although it would be easy for me to stand here and say that these companies need to implement robust cyber security plans and cutting edge technology. The reality is that these companies often do not have the resources or technical staff available to implement those policies and processes. Let alone install the equipment. The majority of them need to start at the basics of simple log collection and alerting, inventory management, integrating incident response into their existing disaster recovery plans. A great resource for this would be the SANS 5 Critical Controls as they are designed to fit into any scenario and guide you through the process.

Information Sharing and Collaboration form a cornerstone of effective defense against Gray Zone cyber threats. Real-time information sharing between government agencies, cybersecurity experts, and critical infrastructure companies is vital for early threat detection, coordinated response efforts, and the development of effective countermeasures. This collaborative approach allows for a more agile and informed response to emerging threats.

Resources:

National Council of ISACs (nationalisacs.org) ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.

Home (infragard.org) InfraGard is a partnership between the Federal Bureau of Investigation (FBI) and members of the private sector for the protection of U.S. Critical Infrastructure

On a broader scale, Strengthening International Norms and Cooperation is essential to address the challenges posed by Gray Zone conflict. This requires a concerted international effort to establish clear norms of behavior in cyberspace, develop robust mechanisms for attribution and accountability, and foster cooperation between nations. Such efforts are crucial to deter aggression and uphold a rules-based international order in the digital realm.

The societal impacts of Gray Zone cyber threats also highlight the need for public education and awareness campaigns. By fostering a more informed and cyber-aware citizenry, we can build societal resilience against disinformation and social disruption tactics often employed in conjunction with cyberattacks.

Sources:

Doppelganger - Media clones serving Russian propaganda - EU DisinfoLab

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure | CISA

114 (3rd Quarter 2024) The Future of Great Power Competition Civilian Harm Mitigation and Response Cognitive Warfare

In today's interconnected world, the concept of Gray Zone Cyber threats has emerged as a particular concern for critical infrastructure companies and national security alike. These threats occupy a murky space between peace and outright warfare, leveraging the ambiguity of cyberspace to advance geopolitical objectives without triggering conventional military responses.

This multi-part blog delves into the complex nature of Gray Zone Cyber threats, particularly as they pertain to critical infrastructure. We explore their definition, key characteristics, and the strategic objectives that drive them. More importantly, we examine why understanding these threats is crucial for critical infrastructure companies, highlighting their role as both potential targets and essential partners in national security.

From the challenges of attribution to the exploitation of international norms, and from asymmetric warfare tactics to the far-reaching consequences of successful attacks, we provide a comprehensive overview of this evolving threat landscape. Our discussion aims to equip critical infrastructure stakeholders with the knowledge needed to enhance their security postures, contribute effectively to collective defense efforts, and navigate the complexities of this new frontier in geopolitical conflict.

As we unpack these crucial concepts, we invite readers to consider the broader implications of Gray Zone Cyber threats and the collective responsibility we share in safeguarding our critical infrastructure against these sophisticated, strategically motivated attacks.

Defining Gray Zone Cyber Threats

When defining Gray Zone Cyber threats, it's essential to consider the convergence of several key concepts:

The term "Gray Zone" refers to a distinct operational space in international relations that exists between peace and conventional warfare. This domain is characterized by ambiguity, where both state and non-state actors employ coercive and subversive tactics to achieve political objectives while intentionally remaining below the threshold that would typically provoke a traditional military response.

In this context, cyber operations encompass a range of activities conducted in cyberspace, designed to disrupt, degrade, or destroy computer systems, networks, and the information they contain. These operations are particularly well-suited to Gray Zone tactics due to the inherent challenges in attributing attacks and the potential for plausible deniability by the perpetrators.

Critical infrastructure, meanwhile, comprises the essential systems and assets that underpin a nation's economy, security, and well-being. These sectors, which range from energy and finance to healthcare and transportation, are heavily reliant on digital technologies, making them vulnerable to cyberattacks.

Considering these elements, we can define Gray Zone Cyber threats targeting critical infrastructure companies as malicious cyber activities, often state-sponsored or state-sanctioned, that aim to disrupt or degrade critical infrastructure systems and services to advance geopolitical objectives without provoking open warfare.

These threats operate in a space of strategic ambiguity, leveraging the difficulties of attribution and the interconnected nature of modern digital systems to achieve their goals while minimizing the risk of direct confrontation.

Characteristics of the Threat

When examining the characteristics of Gray Zone Cyber Threats to Critical Infrastructure, several key aspects emerge that define their nature and impact:

Ambiguous Attribution is a hallmark of these threats. The process of identifying the perpetrators behind Gray Zone Cyberattacks is often complex and time-consuming, complicated by the use of sophisticated techniques and the involvement of proxy actors. This inherent ambiguity allows hostile entities to operate with a degree of plausible deniability, thereby making it challenging to trigger international consequences or invoke collective defense mechanisms such as NATO's Article 5.

Another significant characteristic is the Exploitation of Norms. Gray Zone Cyberattacks frequently take advantage of the absence of well-established international norms and accountability mechanisms in cyberspace. These operations often operate within the ambiguous areas of international law and accepted state behavior, exploiting the lack of clear guidelines and enforcement mechanisms.

These threats also represent a form of Asymmetric Warfare. In this context, adversaries with potentially weaker conventional military capabilities can leverage cyber tools to target a nation's critical infrastructure, potentially inflicting significant economic, social, or political damage. This approach allows less powerful actors to challenge stronger opponents by exploiting vulnerabilities in increasingly digitized and interconnected systems.

It's crucial to understand that Gray Zone Cyberattacks against critical infrastructure are driven by Strategic Objectives. These are not random acts of vandalism or isolated criminal activities. Rather, they are deliberate and calculated components of broader geopolitical strategies designed to weaken adversaries, advance national interests, or coerce policy changes.

Some examples of these strategic objectives include:

1. Undermining Confidence in Government: By disrupting essential services such as power grids or financial systems, these attacks can erode public trust in a government's ability to ensure the security and well-being of its citizens.

2. Creating Economic Disruption: Attacks on critical infrastructure can have far-reaching consequences, disrupting supply chains, financial markets, and business operations, thereby imposing significant economic costs on the targeted nation.

3. Sowing Social Discord: Through the creation of fear, uncertainty, and hardship, Gray Zone Cyberattacks can exacerbate existing social divisions and undermine political stability within the targeted society.

These characteristics collectively define the nature of Gray Zone Cyber Threats to Critical Infrastructure, highlighting their complexity, strategic significance, and potential for wide-ranging impacts on national security and societal stability.

Importance For Critical Infrastructure

The importance of understanding Gray Zone Cyber threats for critical infrastructure companies cannot be overstated. This knowledge is crucial for several interconnected reasons that directly impact both corporate and national security.

Firstly, critical infrastructure companies must recognize their position as primary targets in this new landscape of geopolitical conflict. The heightened risk they face from Gray Zone Cyber threats necessitates a fundamental shift in their approach to security. This elevated threat level demands that these companies develop and maintain robust, adaptive security postures and resilience strategies that go beyond traditional cybersecurity measures.

Moreover, it's imperative for critical infrastructure companies to acknowledge and embrace their role as civilian partners in national security. This partnership entails more than just implementing security measures; it requires proactive engagement with government agencies, active participation in information sharing networks, and involvement in collective defense initiatives. By doing so, these companies not only protect their own interests but also contribute significantly to the overall security fabric of the nation.

The nature of Gray Zone Cyber threats also necessitates the adoption of asymmetric defensive strategies by critical infrastructure companies. This approach goes beyond merely strengthening cybersecurity measures. It involves building comprehensive resilience into systems and operations, creating redundancies to ensure continuity of service, and developing the capacity to rapidly recover from attacks. These strategies are essential in mitigating the potential impact of Gray Zone Cyber threats and ensuring the continued operation of critical services even in the face of sophisticated attacks.

Free Resources to get start with building more defencible architecture in your OT and IT environments.

• The Five ICS Cybersecurity Critical Controls (sans.org)

• Implementing a Defensible Architecture

Understanding Gray Zone Cyber threats can help critical infrastructure organizations more effectively allocate resources and prioritize security investments. By recognizing the strategic objectives behind these threats, companies can better anticipate potential attack vectors and develop more targeted and effective defense mechanisms.

Furthermore, this understanding enables critical infrastructure companies to play a more informed and active role in shaping policy and regulatory frameworks. As key stakeholders, their insights and experiences can be invaluable in developing more effective national and international responses to Gray Zone Cyber threats.

In conclusion, by thoroughly understanding the nature and implications of Gray Zone Cyber threats, critical infrastructure companies can significantly enhance their ability to protect their assets, contribute meaningfully to national security efforts, and effectively mitigate the risks po

sed by this increasingly prevalent form of geopolitical conflict. This knowledge empowers them to not only defend against current threats but also to adapt and prepare for the evolving challenges of the future cybersecurity landscape.

Sources

• Fitton, O. (2016).  Cyber Operations and Gray Zones: Challenges for NATO. Connections: The Quarterly Journal. 15(2), 109-119

• International Security Advisory Board (ISAB) (2017). Report on Gray Zone Conflict

• The National Intelligence Council. (2024). Conflict in the Gray Zone: A Prevailing Geopolitical Dynamic Through 2030

• The National Intelligence Council. (2024). Updated IC Gray Zone Lexicon: Key Terms and Definitions

I want to start off by saying that there is no way to know that this is legitamet, I wanted to share this with everyone as a cautionary tale and a visual representation of the criminals that sell access to every day small businesses. The alarmingly low price underscores the critical point that even if you think your systems are resiliant and your cybersecurity program is mattured your still only as secure as your weakest link. In this case a potentially compromised supplier.

Screen shot taken from the WWH-CLUB-FORUM post on July 23, 2024

The Offer Details

The listing, dated July 23, 2024, reveals:

• Target: An Iranian company with 1,001-5,000 employees

• Sectors affected: Retail & Distribution, Water Treatment, Wastewater Treatment, Oil, Gas, Petrochemicals, Building and Road Construction

• Access type: RDP (Remote Desktop Protocol)

• Privileges: Local Admin

• Number of compromised hosts: 30+

• Antivirus: Kaspersky (deactivated)

• Price: $250

Why This Matters

The low cost of entry presents a significant threat multiplier. In this case enough information was gathered on the target organization to market the detailes to potential buyers. One might also attribute the low cost to quick turn and burn or potentially a desparation move on the part of the hacker.

Low Barrier to Entry: At $250, this access is within reach of a wide range of malicious actors, from amateur hackers to state-sponsored groups.

High-Value Target: The compromised company's involvement in water treatment, oil and gas, and construction makes it a prime target for sabotage or espionage.

Potential for Cascading Failures: Given the interconnected nature of critical infrastructure, a breach could have far-reaching consequences beyond the initial target.

Deactivated Security: The listing indicates that Kaspersky antivirus is deactivated, suggesting other security measures may also be compromised.

Immediate Action Items for Professionals

This event serves as a reminder that regular testing of access, RDP, VPN, and other systems is crucial, not just during the annual pen test. To enhance your security posture, it's essential to regularly review the level of access provided to third-party vendors. This includes scrutinizing the level of access they need and ensuring it's limited to what they require, when they require it.

Implementing proper Identity Access Management (IAM) is also critical. IAM helps restrict access to specific times and scopes, minimizing the attack surface. By doing so, you can reduce the risk of unauthorized access and limit the damage in case of a breach.

Open conversations with the business teams you support are vital in staying informed about potential security concerns. Regular discussions with Finance, Contracts, HR, and Operations teams can provide valuable insights into new projects or contractors that may require additional access. These conversations can also help you stay ahead of potential security risks and identify areas that need improvement.

Furthermore, it's essential to maintain a list of third-party suppliers your business deals with on a yearly basis. This allows you to cross-reference potential compromises that could impact your organization. By doing so, you can mitigate the risks associated with supply chain disruptions, such as a critical part or service being affected by a ransomed business partner. It is also important to recognize that a third-party vendor could be used as a pivot into your organization, even if they're not a profitable target themselves.

The Bigger Picture

This incident is not isolated. The same broker is offering access to a Turkish motor vehicle manufacturing company for $300, indicating a pattern of targeting industrial and infrastructure entities across the region.

Conclusion

The ease with which access to a critical infrastructure company was sold on the dark web serves as a stark reminder of the ever-present threat of cyber attacks. The low barrier to entry, high-value target, and potential for cascading failures make this a cautionary tale that cannot be ignored.

It's clear that no organization is immune to the risks of cyber attacks. Even with a mature cybersecurity program, a single weak link can bring down the entire system. It's crucial that we remain vigilant and proactive in our approach to cybersecurity, recognizing that the threat landscape is constantly evolving.

By taking immediate action to review access, implement proper Identity Access Management, and foster open conversations with business teams, we can reduce the risk of unauthorized access and limit the damage in case of a breach. It's time for us to rethink our approach to cybersecurity and prioritize the protection of our critical infrastructure.

There is one class of people that we talk about that target civilian critical infrastructure, and we just call them assholes.

Rob Lee (CEO Dragos) S4x24 Main Stage Interview With Rob Lee

In May 2024, the industrial cybersecurity landscape faced a series of significant challenges, underscoring the urgent need for robust security measures.

• Kaspersky's ICS CERT predictions highlighted persistent ransomware threats, cosmopolitical hacktivism, and new risks in logistics and transportation.

• High-profile incidents, such as the Ransomhub attack on a Spanish slaughterhouses SCADA system, further emphasized these vulnerabilities.

• Rockwell Automation issued an urgent advisory for disconnecting ICS from public internet access due to heightened geopolitical tensions.

• Meanwhile, the U.S. EPA and White House warned water utilities about escalating cyber threats from Iran and China.

• Additionally, the ongoing Israel-Hamas conflict saw hacktivist groups like Cyb3r Dragonz and ByteBlitz targeting Israeli infrastructure, adding to the complex threat landscape.

Kaspersky Forecasts ICS Threats

Kaspersky released their ICS CERT Predictions for 2024, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights about offensive cybersecurity, and new logistics and transportation risks.

Ransomware is predicted to remain the top concern for industrial businesses in 2024. Last year, ransomware attacks solidified their status as the largest information security threat, disrupting not just digital systems but also leading to significant real-world consequences. Official statements from affected organizations revealed that 18% of ransomware attacks on industrial businesses led to a halt in the production or delivery of various products, including medical devices, power grids, and transportation systems.

Recent incidents targeting Automated Tracking Systems in the Red Sea and the Indian Ocean, as well as the 2020 cyberattack on Iran's Shahid Rajaee port terminal, highlight system vulnerabilities that need to be addressed. The increasing prevalence of ransomware attacks means organizations must be prepared with not only strong preventative measures but also comprehensive response strategies.

Companies should consider investing in services like threat intelligence and incident response, as well as conducting regular backups of critical data in off-premise storage facilities. Employee training is equally crucial, as many ransomware attacks stem from successful phishing attempts or social engineering tactics.

The Kaspersky predictions also highlight the need for organizations to stay informed about the latest cybersecurity trends and threats specific to their industry. This involves monitoring the geopolitical landscape for potential risks, as well as keeping abreast of new attack vectors and vulnerabilities that could be exploited by malicious actors.

Strengthening Water Utility Cybersecurity

In May 2024, the U.S. Environmental Protection Agency (EPA) and the White House issued urgent warnings to water utilities nationwide about the growing threat of cyber attacks from hackers affiliated with Iran and China. These adversaries are increasingly targeting drinking water and wastewater systems in an effort to sabotage critical infrastructure.

The cyber attacks against water utilities are escalating in both severity and frequency. Hackers aligned with Iran's Islamic Revolutionary Guard Corps (IRGC) have carried out malicious attacks against U.S. drinking water systems, exploiting default manufacturer passwords that facilities had neglected to change. China's state-sponsored Volt Typhoon group has also compromised the IT systems of multiple drinking water utilities in the U.S. and its territories in a pattern of behavior that extends beyond typical cyber espionage.

Federal agencies assess with high confidence that these threat actors are pre-positioning to potentially disrupt critical infrastructure operations in the event of geopolitical tensions or military conflicts. Water and wastewater systems are seen as attractive targets because they are lifeline critical infrastructure but often lack the resources and technical capacity to implement top-tier cybersecurity practices.

More than 70% of water systems inspected by the EPA do not fully comply with requirements in the Safe Drinking Water Act, and some have critical vulnerabilities like default passwords and easily compromised single logins. The EPA issued an enforcement alert emphasizing that the severity of the cyber threats against water utilities has reached a point where additional action is critical.

To bolster their cyber defenses, the EPA and White House are urging water utilities to take immediate steps like:

• Auditing IT systems to identify and address vulnerabilities

• Ensuring all systems have up-to-date antivirus and anti-malware software

• Installing security patches on a monthly basis

• Implementing secure remote access practices

• Segregating networks and controlling access based on job functions

• Monitoring networks for suspicious activity

By implementing these basic cyber hygiene practices, water utilities can improve their ability to prevent, detect, respond to, and recover from cyber incidents. However, many water utilities, especially smaller systems, lack IT and security specialists to help them launch effective cybersecurity programs. User-friendly resources and guidance from the EPA and CISA aim to assist utilities in getting started and knowing where to turn for support in enhancing their cyber resilience.

Cyb3r Dragonz and ByteBlitz Target Israel

In May 2024, the ongoing conflict between Israel and Hamas led to an increase in cyber threats as hacktivist groups pivoted their attacks to target Israel. Two prominent groups, Cyb3r Dragonz and ByteBlitz, shifted their focus from Turkey to Israel amid the escalating tensions.

Cyb3r Dragonz, a pro-Russian hacktivist collective known for targeting India in the past, launched a series of DDoS attacks against over 30 Israeli government websites. The group also claimed to have stolen sensitive documents from Israel's national electricity authority and the Dorad power plant, although some experts believe these claims may be fabricated.

Meanwhile, ByteBlitz, a group that emerged in the days following the outbreak of the Israel-Hamas conflict, defaced several Israeli websites with "Free Palestine" messages. The group's limited prior activity suggests it was formed specifically in response to the current hostilities.

Security analysts warn that while hacktivist attacks may not have a significant impact on the overall threat landscape, they contribute to the chaos and unpredictability of the situation. Disinformation and panic fueled by these attacks can lead to unintended consequences, with some digital actors thriving on the turmoil itself.

As the conflict between Israel and Hamas persists, the threat of Iranian cyber attacks also looms large. Organizations are advised to remain vigilant against spearphishing attempts and educate employees on the risks associated with these attacks. Implementing robust cybersecurity measures is crucial to safeguarding critical infrastructure and assets amid the heightened geopolitical tensions in the region.

Rockwell Urges ICS Disconnection

In May 2024, Rockwell Automation issued an urgent advisory urging customers to disconnect all industrial control systems (ICSs) not intended to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. The company emphasized the need for immediate action due to "heightened geopolitical tensions and adversarial cyber activity globally."

Rockwell Automation advised users to determine whether they have devices accessible over the internet and, if so, cut off connectivity for those not meant to be left exposed. The company stressed that users should never configure their assets to be directly connected to the public-facing internet, as removing that connectivity proactively reduces the attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors.In addition to disconnecting exposed ICS devices, Rockwell Automation required organizations to ensure they have adopted the necessary mitigations and patches to secure against several critical vulnerabilities impacting their products, including:

• CVE-2021-22681 (CVSS score: 10.0)

• CVE-2022-1159 (CVSS score: 7.7)

• CVE-2023-3595 (CVSS score: 9.8)

• CVE-2023-46290 (CVSS score: 8.1)

• CVE-2024-21914 (CVSS score: 5.3)

• CVE-2024-21915 (CVSS score: 9.0)

• CVE-2024-21917 (CVSS score: 9.8)

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also shared the alert, recommending that users and administrators follow appropriate measures outlined in the guidance to reduce exposure. This aligns with a 2020 joint advisory from CISA and the National Security Agency (NSA) warning of malicious actors exploiting internet-accessible operational technology (OT) assets to conduct cyber activity that could pose severe threats to critical infrastructure.

Ransomhub, a nascent ransomware-as-a-service (RaaS) operation, has allegedly compromised the supervisory control and data acquisition (SCADA) system of a Spanish slaughterhouses bioenergy plant that processes slaughterhouse waste, underscoring the growing threat of cybercrime targeting industrial control systems (ICS) in critical infrastructure sectors.

Ransomhub's Attack on Matadero de Gijón's SCADA System

Ransomhub claimed unauthorized access to the SCADA system controlling the digester and heating processes at Matadero de Gijón's bioenergy plant, which converts slaughterhouse waste into biogas. The group provided screenshots showing their ability to manipulate these critical industrial controls. While the exact scope of the breach is unclear, with estimates ranging from 15 GB to 400 GB of data, the compromised SCADA system poses significant operational risks. Ransomhub, which emerged in February 2024 as a RaaS operation, utilizes Golang and C++ for its locker component and employs a combination of asymmetric (x25519) and symmetric (AES256, ChaCha20, XChaCha20) cryptographic algorithms to efficiently encrypt victim data. The group's targeting of ICS environments using stolen VNC credentials purchased from Initial Access Brokers on Russian forums highlights the growing interest of ransomware actors in exploiting the vulnerabilities of connected OT systems.1

RansomHub TTPs

Here is a detailed analysis of the Ransomhub ransomware group and their tactics, techniques and procedures (TTPs):

• Ransomhub is a relatively new ransomware-as-a-service (RaaS) operation that emerged in February 2024. They were first announced on the RAMP cybercriminal forum by a user named "koley".

• Ransomhub's ransomware is written in Golang and C++. It supports encryption on Windows, Linux, ESXi and MIPS architectures. The ransomware uses a combination of asymmetric (x25519) and symmetric (AES256, ChaCha20, XChaCha20) cryptographic algorithms.

• The Ransomhub encryptor has some similarities to the ALPHV/BlackCat ransomware in its configuration, such as requiring a strong passphrase to decrypt an embedded config. However, there are also significant differences, with Ransomhub employing additional obfuscation measures not seen in ALPHV.

• Ransomhub follows a RaaS model where the core group develops the ransomware and leases it to affiliates. A unique aspect is that Ransomhub pays the affiliates first (90% of ransom payments), who then pay Ransomhub (10%) - a different model from most other RaaS operations.

• The group has strict rules for affiliates, including prohibiting attacks on non-profits and entities in CIS states. Affiliates who violate the rules are banned. This resembles the approach of some other prominent Russian-speaking ransomware groups.

• Since claiming their first victim in February, Ransomhub has been scaling up their operations rapidly. As of April 2024, they had compromised 45 victims across multiple countries, with the US being most heavily targeted. At this growth rate, Ransomhub is poised to become one of the most prolific ransomware groups.

• There are theories that Ransomhub may be linked to the ALPHV/BlackCat group, potentially as a rebrand after ALPHV's disappearance. This is based on similarities in their rules, targets, and the timing of ALPHV closing down their operation. However, technical analysis shows significant differences in the ransomware code, so a direct connection remains unconfirmed.

• Ransomhub has been connected to the high-profile attack on Change Healthcare, which was initially compromised by an ALPHV affiliate. After ALPHV allegedly conducted an "exit scam" without paying the affiliate, the affiliate (known as "Notchy") appears to have taken the stolen data to Ransomhub to extort the victim a second time.

In summary, while Ransomhub is a newer entrant to the ransomware ecosystem, they have quickly established themselves as a major threat with a technically sophisticated offering and a growing affiliate network. Their unique payment model and targeting of high-value sectors like healthcare make them a group to watch closely. While some of their TTPs resemble other RaaS groups, particularly from the Russian-speaking cybercriminal community, they also show distinct characteristics. Ransomhub's meteoric rise underscores the continued evolution and diversification of the ransomware landscape.2 3 4 5

The proposal to establish a U.S. Cyber Force as an independent military service has generated significant debate among policymakers, military officials, and cybersecurity experts. This discussion revolves around the need to address the growing cyber threats and the current organizational challenges within the U.S. military's cyber operations. Here is a detailed analysis of the proposed Cyber Force service, including its potential benefits, drawbacks, and the current state of U.S. cyber operations.

Background and Current Structure

U.S. Cyber Command (USCYBERCOM)

USCYBERCOM is a unified combatant command of the U.S. Department of Defense (DoD) responsible for cyberspace operations. It was established to centralize command of cyberspace operations, strengthen DoD cyberspace capabilities, and integrate and bolster DoD's cyber expertise. USCYBERCOM oversees several key components, including the Cyber National Mission Force (CNMF), Cyber Combat Mission Force, and Cyber Protection Force, which collectively conduct offensive, defensive, and support operations in cyberspace.

Cyber Mission Force (CMF)

The CMF is USCYBERCOM's action arm, consisting of 133 teams that execute the command's mission to direct, synchronize, and coordinate cyberspace operations in defense of U.S. national interests. These teams are organized into National Mission Teams, Combat Mission Teams, Cyber Protection Teams, and National Support Teams, each with specific roles in cyber defense and offense.

Proposal for a U.S. Cyber Force

Rationale for a Separate Cyber Force

Proponents argue that the current structure, where each military service provides personnel for cyber operations, leads to inconsistencies and inefficiencies. They believe that a dedicated Cyber Force would provide a more focused and effective approach to cyber operations by centralizing recruitment, training, and command under one service.

Key Arguments for a Cyber Force:

1. Focused Training and Recruitment: A dedicated Cyber Force would have its own training and education programs, allowing for the recruitment and retention of the best cyber talent.

2. Operational Efficiency: Centralizing cyber operations under one command could reduce bureaucratic inefficiencies and improve the speed and effectiveness of responses to cyber threats.

3. Enhanced Capabilities: A Cyber Force would be better equipped to develop and maintain advanced cyber capabilities, ensuring the U.S. remains competitive in the cyber domain.

Potential Drawbacks

Critics of the proposal highlight several concerns, including the potential for increased costs and bureaucratic duplication. They argue that the existing structure, with USCYBERCOM overseeing cyber operations, can be improved without creating a new service.

Key Arguments Against a Cyber Force:

1. Cost: Establishing a new military service would be expensive, requiring significant investment in infrastructure, personnel, and training programs.

2. Duplication of Efforts: A new Cyber Force might duplicate existing capabilities within the military services, leading to inefficiencies and potential conflicts over jurisdiction.

3. Bureaucratic Challenges: Creating a new service could introduce additional layers of bureaucracy, potentially slowing down decision-making and operational responses.

Current Developments and Future Prospects

Legislative and Policy Actions

The U.S. Senate has taken steps towards exploring the feasibility of a Cyber Force. The 2024 National Defense Authorization Act includes provisions for the Department of Defense to study the creation of a cyber-specific military service. This study, conducted by the National Academy of Public Administration, is expected to provide insights into the potential benefits and challenges of establishing a Cyber Force.

Budget and Resource Allocation

USCYBERCOM has recently gained enhanced budgetary control, allowing it to directly allocate resources for cyber operations. This includes a significant increase in its budget for fiscal year 2024, aimed at improving cyber capabilities and readiness. The budget includes funding for additional Cyber Mission Force teams and investments in next-generation encryption and zero trust architecture.

Expert Opinions and Recommendations

Several experts and retired military officials have voiced support for the creation of a Cyber Force, citing the need for a more focused and specialized approach to cyber operations. However, there is also caution from some quarters about the potential challenges and the need for careful consideration before making such a significant organizational change.

Conclusion

The proposal to establish a U.S. Cyber Force as an independent military service is a complex and multifaceted issue. While there are compelling arguments for creating a dedicated service to address the growing cyber threats and improve operational efficiency, there are also significant concerns about the costs, potential duplication of efforts, and bureaucratic challenges. The ongoing studies and legislative actions will provide further insights into the feasibility and potential impact of this proposal, shaping the future of U.S. cyber operations.

Infrasec Alliance is committed to providing in-depth analysis and insights into the latest developments in cybersecurity. Stay tuned for more updates and expert opinions on this evolving topic.

Understanding the MQTT Messaging Model

MQTT employs a publish/subscribe architecture, which decouples message producers (publishers) from consumers (subscribers) through a central broker. This model allows for efficient and scalable communication, crucial for IoT applications where resources and bandwidth are limited.

Key Components:

• Publishers: Devices or applications that send messages to the broker.

• Subscribers: Devices or applications that receive messages from the broker based on their subscriptions to specific topics.

• Broker: A server that manages message distribution, categorizing data into topics and forwarding messages to subscribers.

• Topics: Labels used to categorize messages, allowing subscribers to receive only the information relevant to them.

How it Works

Simple Pub Sub Architecture source: researchgate.net1

1. Publishers send messages to the broker, tagged with specific topics.

2. The broker categorizes these messages by topics.

3. Subscribers subscribe to specific topics to receive relevant messages.

4. When a message is published on a subscribed topic, the broker delivers it to all subscribers interested in that topic.

Benefits of the Publish/Subscribe Model:

• Decoupling: Reduces bottlenecks and optimizes network performance by eliminating direct connections between clients and publishers.

• Efficiency: Minimizes network traffic and battery consumption by only communicating when state changes occur.

• Scalability: Supports communication between millions of devices through a central broker, ideal for large-scale IoT deployments.

• Targeted Communication: Ensures efficient data delivery by allowing subscribers to receive only the messages relevant to them.

MQTT: A Double-Edged Sword

While MQTT's efficiency and scalability are advantageous for IoT, these same characteristics can be exploited by threat actors for malicious purposes. MQTT's publish/subscribe architecture, lightweight nature, and support for Quality of Service (QoS) levels create vulnerabilities that can be harnessed for covert command-and-control (C2) communication, botnet creation, and data exfiltration.

Exploitation Techniques:

• Publish/Subscribe Architecture: Attackers can publish commands to specific topics subscribed to by compromised devices, facilitating covert C2 communication.

• Lightweight and Scalable: Allows malicious actors to create large-scale botnets with minimal resource consumption, making detection difficult.

• QoS Levels: Ensures reliable data exfiltration from compromised devices, even over unreliable networks.

• Persistent Sessions: Maintains communication with C2 servers despite temporary network disruptions, enabling continuous control.

• Bi-directional Communication: Allows for the injection of malicious code into devices from C2 servers, expanding the reach of botnets.

• Security Through Authentication and Encryption: Often inadequately implemented, with weak credentials and unencrypted connections providing entry points for unauthorized access.

Mustang Panda

Mustang Panda, also known as HoneyMyte and Bronze President, is a China-based cyberespionage group first identified by CrowdStrike in April 2017. The group targets various countries and industries, primarily focusing on political, governmental, and non-profit sectors. Mustang Panda's strategic objectives align with the interests of the Chinese government, often targeting organizations with spearphishing campaigns and exploiting legitimate tools for malicious purposes. Source2

Mustang Panda's Exploitation of MQTT:

• Early Identification: Mustang Panda was first identified targeting an unnamed U.S.-based think tank. Over time, the group expanded its reach to entities in Mongolia, Myanmar, Pakistan, and more, using unique tactics and tools like Poison Ivy and PlugX Remote Access Tools (RATs).

• Infection Vector: The attack typically begins with a spearphishing email containing a malicious zip archive. This archive includes a Windows Shortcut file (.lnk) that, when executed, deploys malware such as PlugX or Cobalt Strike.

• Use of MQTT for C2: Mustang Panda is believed to be one of the first groups to publicly use MQTT specifically for C2 communication. By leveraging MQTT, Mustang Panda can maintain persistent, covert communication with compromised devices, ensuring reliable data exfiltration and control.

MQsTTang

In early 2023, Mustang Panda introduced a new backdoor named MQsTTang, showcasing their innovative approach to using MQTT for C2 communication. This malware is part of the group's ongoing effort to explore new technology stacks and improve their operational stealth.3

MQsTTang's Exploitation of MQTT:

4 Simplified network graph of the communication between the backdoor and C&C server

• C2 Communication: MQsTTang uses MQTT to communicate with its C2 server. The malware connects to a public MQTT broker operated by EMQX, disguising its traffic as legitimate IoT communication and enhancing resilience against detection and takedown efforts.

• Message Encoding: Communication between the malware and the server involves MQTT messages with payloads encoded in a specific format: the content is base64 encoded, XORed with a hardcoded string, and base64 encoded again. This adds a layer of obfuscation to the data being exchanged.

• Tasks and Persistence: MQsTTang executes a series of tasks upon infection, including starting C2 communication, creating persistence copies, and establishing registry keys for startup execution. The malware uses unique MQTT topics for each infected client, further complicating detection efforts.

WailingCrab

WailingCrab, also known as WikiLoader, is a sophisticated, multi-component malware first observed in December 2022. Delivered primarily by the initial access broker Hive0133, WailingCrab has targeted organizations in Italy and beyond with email campaigns using themes such as overdue deliveries or shipping invoices. The malware's advanced tactics include the use of MQTT for C2 communication, leveraging the protocol's bidirectional capabilities to inject shellcode directly into compromised devices. 5

WailingCrab's Exploitation of MQTT:

• Stealth and Anti-Analysis Techniques: WailingCrab employs multiple components, including a loader, injector, downloader, and backdoor, each designed to evade detection. The latest version of this malware detected in September of 2023 has been updated to remove the need for storing payloads via discord and now soley relies on using MQTT for dropping payloads.

• Use of MQTT for C2: Since mid-2023, WailingCrab's backdoor component has used MQTT for C2 communication, employing the third-party broker broker.emqx[.]io to hide the true address of the C2 server. This tactic allows WailingCrab to blend its traffic with normal IoT traffic, evading detection by security teams. 6

• Advanced Tactics: WailingCrab's use of MQTT includes sending shellcode payloads directly from the C2 via MQTT's bidirectional communication. This method bypasses traditional download paths and executes the payload within the compromised device, further increasing the malware's stealth and effectiveness.

Mitigating MQTT Security Risks

To protect IoT deployments from MQTT exploitation, organizations must implement robust security measures. Key strategies include:

• Multi-Layered Security: Incorporate encryption, authentication, and authorization at multiple levels.

• Robust Authentication: Use X.509 certificates and centralized mechanisms like OAuth 2.0 to verify client identities.

• Granular Authorization: Define fine-grained policies on brokers, restricting access based on user roles.

• Intrusion Detection: Deploy systems to monitor network traffic for malicious MQTT activity, identifying anomalies and known malware signatures.

• Security Best Practices: Adhere to the latest MQTT security protocols and practices.

• Regular Security Audits: Conduct periodic assessments to identify and remediate vulnerabilities and misconfigurations.

To wrap up, it is crucial for organizations to have a comprehensive understanding of their IoT environments, including recognizing normal behavior patterns and maintaining detailed inventories of hardware and protocols. This foundational knowledge is essential for identifying anomalies and potential threats. Additionally, conducting comprehensive vendor risk assessments when selecting an MQTT broker platform is vital to ensure the security and reliability of the chosen service. Adopting the latest MQTT standard, MQTT 5.0, provides enhanced features and security improvements that are critical for protecting IoT ecosystems.

By implementing these robust security measures, such as multi-layered security, strong authentication, continuous monitoring, and adopting the latest standards, organizations can effectively mitigate the risks associated with MQTT. These proactive steps are essential for safeguarding IoT ecosystems against sophisticated cyber threats, including those posed by groups like Mustang Panda and WailingCrab. Adopting these strategies not only enhances security but also ensures the resilience and reliability of critical IoT deployments.

Some additinal resources on this topic

MQTT Specification

Mitre ATT&CK Mustang Panda Navigator