Artificial Intelligence and Critical Infrastructure: When a Tool Becomes a Threat

3. apríla 2026

Artificial intelligence is changing the rules of the game in critical infrastructure protection. It is no longer merely an aid in defence — it is also becoming a weapon in the hands of attackers. The question is no longer whether AI will enter the critical infrastructure environment, but how quickly we can prepare for this change.


AI Is No Longer an Experiment


Just two years ago, artificial intelligence was, for most organisations, more of a conference topic than an operational reality. In 2026, the situation is fundamentally different. AI is moving from laboratories directly into the control systems, monitoring centres, and decision-making processes upon which the functioning of critical infrastructure depends. Energy grids, transport systems, water utilities, and telecommunications operators — all of these sectors are increasingly deploying machine learning algorithms for optimisation, predictive maintenance, and process automation.


This development brings undeniable advantages: faster anomaly detection, more efficient resource management, and the ability to process volumes of data that human operators would be unable to handle. At the same time, however, it opens a new chapter of vulnerabilities for which many organisations are not prepared.


A double-edged sword


According to the Allianz Risk Barometer 2026, artificial intelligence has risen year-on-year from tenth to second place among the greatest global business risks. Cyber incidents remain in first place for the fifth consecutive year, and it is precisely AI that is pushing them to a new level of sophistication.


The problem is that AI is not merely a defensive tool. The very same technology that helps detect a cyber attack in its early stages can also enable an attacker to craft a more convincing phishing email, automate vulnerability scanning, or generate deepfake content to manipulate employees of critical infrastructure operators. The new generation of attacks is faster, more covert, and capable of adapting to defensive mechanisms in real time.


Where the greatest risks lie


For critical infrastructure, AI poses a threat across several key areas.


The first is dependence on external suppliers of AI solutions. Organisations increasingly rely on models and services provided by third parties, creating new links in the supply chain that can be exploited. The uncritical adoption of AI models from unverified sources opens the door to attacks that may be extremely difficult to detect.


The second area is data manipulation. AI systems are only as reliable as the quality of the data on which they were trained. Targeted contamination of training data can lead a control system to make flawed decisions — for example, incorrectly assessing the state of an energy grid or ignoring signals of an impending equipment failure.


The third — and perhaps least discussed — threat is the automation of social engineering. Generative AI is capable of producing perfectly personalised messages, fabricated voice recordings, or videos that can be used to manipulate operators and technicians within critical infrastructure. In an environment where a single wrong decision can trigger cascading consequences, this risk is exceptionally serious.


The European and Slovak dimension


The European Union is responding to these challenges through the regulatory framework of the AI Act, which is gradually coming into effect. Rules for high-risk AI systems — which include systems deployed in critical infrastructure — will enter into full force between 2026 and 2027. Organisations will be required to document how they use AI, manage risks, and ensure compliance with the new requirements.


In Slovakia, this context is all the more significant given that Act No. 367/2024 Coll. on Critical Infrastructure and the approved National Cybersecurity Strategy for 2026–2030 are establishing a new regulatory framework. Connecting these two lines — the protection of critical infrastructure and the regulation of artificial intelligence — is becoming a necessity.


"Artificial intelligence is a reality in the critical infrastructure environment today, not a distant vision. Organisations that underestimate its risks expose themselves to threats that traditional security procedures cannot address. The key lies in a systemic approach — from the security of the AI solutions supply chain, through data protection, to the education of the people who work with these technologies on a daily basis," states Tibor Straka, President of the Critical Infrastructure Association of the Slovak Republic.


Preparedness as an investment, not a cost


The answer to growing risks is not the rejection of artificial intelligence. On the contrary, it is its responsible and secure deployment. This requires several parallel steps: building internal competencies in AI security, thorough classification and documentation of deployed AI systems, regular review of supplier relationships, and above all, investment in employee education.



Experience from other areas of critical infrastructure — from GPS signal protection to resilience against extreme weather events — demonstrates that the most effective defence is diversification and preparedness. The same principle applies to AI: organisations that build the capacity to identify risks and respond to them in a timely manner will be in a fundamentally stronger position than those that wait for the first incident.


Did you know…?


  • According to the Allianz Risk Barometer 2026 survey, 42 per cent of respondents identified cyber incidents as the greatest risk. This is the highest score in the history of this ranking.
  • Artificial intelligence ranked second as the greatest security risk, identified by 32 per cent of respondents — moving from 10th to 2nd place among global business risks in a single year.
  • Generative AI is now estimated to be used by more than one billion users worldwide, making it the fastest-adopted digital technology in history.
  • The European AI Act classifies AI systems in critical infrastructure as high-risk, which brings stricter requirements for their security and transparency.


Artificial intelligence is becoming an inseparable part of the critical infrastructure environment. With this comes responsibility — not only technological, but also strategic and organisational. That is precisely why it is essential for critical infrastructure entities to approach this topic comprehensively and with the support of expert partners. The Critical Infrastructure Association of the Slovak Republic (AKI SR) provides its members with a platform for the exchange of experience, access to expert knowledge, and support in implementing security measures — including those related to the deployment of, and protection against, artificial intelligence.

3. júla 2026
Another article in the series in which we present the essential services of critical infrastructure under Act No. 367/2024 Coll. on Critical Infrastructure. 
3. júla 2026
Ďalší článok zo série, v ktorej predstavujeme základné služby kritickej infraštruktúry podľa zákona č. 367/2024 Z. z. o kritickej infraštruktúre.
30. júna 2026
The strategic partnership between the Critical Infrastructure Association of the Slovak Republic and the Indian government organization Centre for Development of Telematics (C-DOT) has generated significant media attention in India as well. The topic of cooperation in quantum technologies, digital security, and critical infrastructure protection has appeared in several Indian media outlets and on professional platforms.
30. júna 2026
Strategické partnerstvo medzi Asociáciou kritickej infraštruktúry Slovenskej republiky a indickou vládnou organizáciou Centre for Development of Telematics (C-DOT) vyvolalo výrazný mediálny ohlas aj v Indii. Téma spolupráce v oblasti kvantových technológií, digitálnej bezpečnosti a ochrany kritickej infraštruktúry sa objavila vo viacerých indických médiách a na odborných platformách.
25. júna 2026
The Slovak Republic and the Republic of India are expanding cooperation in the field of digital security and advanced cryptographic technologies. On the occasion of the visit of the Prime Minister of the Republic of India, Narendra Modi, to Slovakia, the Critical Infrastructure Association of the Slovak Republic (AKI SR) and the Indian government organization Centre for Development of Telematics (C-DOT) signed a Memorandum of Understanding, which establishes a foundation for the joint development and implementation of quantum-safe technologies and the protection of critical infrastructure.
25. júna 2026
Slovenská republika a Indická republika rozširujú spoluprácu v oblasti digitálnej bezpečnosti a pokročilých kryptografických technológií. Asociácia kritickej infraštruktúry Slovenskej republiky (AKI SR) a indická vládna organizácia Centre for Development of Telematics (C-DOT) podpísali pri príležitosti návštevy predsedu vlády Indickej republiky Narendru Modiho na Slovensku Memorandum o porozumení, ktoré vytvára základ pre spoločný vývoj a implementáciu kvantovo bezpečných technológií a ochranu kritickej infraštruktúry.
24. júna 2026
The recent disruption to rail operations in Germany, which was related to a problem in the GSM-R communication system, is an important warning for the whole of Europe. It shows that the security and continuity of critical infrastructure today does not depend only on physical assets, tracks, stations, vehicles, or technical equipment. Equally important are communication, data, control, and information systems, without which safe and reliable operations cannot be ensured.
24. júna 2026
Nedávny výpadok železničnej prevádzky v Nemecku, ktorý súvisel s problémom v komunikačnom systéme GSM-R, je dôležitým upozornením pre celú Európu. Ukazuje, že bezpečnosť a kontinuita kritickej infraštruktúry dnes nezávisí iba od fyzických objektov, tratí, staníc, vozidiel alebo technických zariadení. Rovnako dôležité sú komunikačné, dátové, riadiace a informačné systémy, bez ktorých nie je možné zabezpečiť bezpečnú a spoľahlivú prevádzku.
22. júna 2026
The Ministry of Economy of the Slovak Republic and the Critical Infrastructure Association of the Slovak Republic signed a Memorandum of Cooperation on Monday, 22 June 2026, with the aim of strengthening cooperation in the field of resilience of the critical infrastructure of the Slovak Republic and ensuring the continuity of the provision of essential services.
22. júna 2026
Ministerstvo hospodárstva Slovenskej republiky a Asociácia kritickej infraštruktúry Slovenskej republiky podpísali v pondelok 22. júna 2026 Memorandum o spolupráci, ktorého cieľom je posilnenie spolupráce v oblasti odolnosti kritickej infraštruktúry Slovenskej republiky a zabezpečovania kontinuity poskytovania základných služieb.