Why AI in OT Needs Zero Trust, Not Blind Faith

In 1942, Isaac Asimov wrote a short story called Runaround. In it, he laid out three laws of robotics:

• A robot may not injure a human being or, through inaction, allow a human to come to harm.

• A robot must obey orders from humans, unless those orders conflict with the first law.  

• A robot must protect its own existence, so long as that doesn't conflict with the first two.

Eighty years later, those rules still frame how we think about machines operating alongside people. And the uncomfortable truth is that they’ve aged better than most of our security frameworks.

Today, AI agents are going rogue. The stories making headlines now involve real systems. We’re seeing AI systems that, when told to complete a task, find shortcuts their designers never intended.

They’re doing what they were told to do, but they’re doing it in ways no one approved. That gap is a Zero Trust one.  

In OT environments like factories, energy grids, and water treatment plants, that gap carries consequences measured in lives and livelihoods. Deploying AI without Zero Trust controls already in place is how critical infrastructure becomes a liability.

OT security was simpler until it wasn’t

There was a time when OT systems were straightforward to secure. That simplicity was itself a form of protection.

Then came Industry 4.0.  

Connectivity became the goal, including just-in-time supply chains, real-time monitoring, and system integration across the enterprise. OT and IT converged. And as those environments got smarter, they got more exposed.  

The attack surface that was once a walled-off island became a peninsula connected to everything.

Bad actors noticed, and so did regulators.  

Frameworks like IEC 62443, the NIST Cybersecurity Framework, and Five Eyes guidance on OT security have all been updated or released recently to address this shift. They share a common thread that you have to know what you have, understand what it’s doing, and be explicit about what can talk to what.

Zero Trust is the guardrail AI needs

At RSAC a few years ago, nearly every booth mentioned Zero Trust. This year, many of the same ones mentioned their trusted AI.

Those two messages don’t coexist comfortably. You can’t demand Zero Trust architecture and simultaneously ask for blanket confidence in autonomous systems. Frankly, it’s a contradiction.

AI agents and autonomous robots need guardrails. They need precise, enforceable limits on what they can access, what they can communicate with, and what actions they’re permitted to take.  

That’s exactly what a Zero Trust strategy grounded in microsegmentation provides. And in OT environments specifically, host-based microsegmentation is becoming the standard approach.  

Firewalls alone can’t deliver the granularity these environments require. As OT systems modernize, running Windows IoT, Linux, and containerized workloads, implementing granular policy control is more achievable than it was even five years ago.

OT risk is greater than most organizations think

Speed is the enemy of security right now. Organizations see competitors deploying AI-driven automation, and they want to move fast.  

But we’re in a post-Mythos world. You can’t out-detect or out-patch an AI-powered adversary. What you can do is restrict the blast radius before an incident happens by isolating environments, enforcing least-privilege access, and containing the damage before it spreads to your most critical systems.

The vendor who tells you their AI solution is risk-free is not your partner in this. When something goes wrong, the fine, the liability, and the operational fallout land on your organization.  

The fact is that you can’t outsource risk.

The laws Asimov wrote in 1942 were fiction. The principle behind them, that autonomous systems must operate within strict, human-defined limits, has become the most urgent design requirement in modern cybersecurity.