AI is being adopted everywhere right now, especially in sectors like food and agriculture. Most organisations focus on the obvious benefits: efficiency, optimisation, better decision-making.

From inside a SOC, the reality is less polished.

Attackers are adopting AI just as quickly, and they are not using it to improve productivity. They are using it to move faster, scale harder, and get closer to your security controls than most teams are comfortable admitting.

AI is not a defender-only advantage. It is a shared weapon.

‍

Attackers Are Using AI to Study Your Security Limits

One of the more surprising developments we’ve seen lately is how threat actors are leveraging AI to understand security tooling itself.

This is not just about generating phishing emails. Attackers are using AI to read large volumes of documentation and work out where the limits of security tools sit, especially in legacy environments.

If you are running older monitoring rules with predictable thresholds, AI will find them. It can infer exactly how many login failures trigger an alert. It can learn where detection starts and where it doesn’t. It helps attackers understand the “dead ends”, how close they can get without triggering response.

This is something SOC teams are tackling daily, and it keeps operations on fire right now. It is not theoretical. It is happening. Organisations must validate their detection capabilities and security maturity against real-world attack techniques, not assumed controls, and ensure they can identify, contain, and respond before impact occurs.

AI has become an accelerator for reconnaissance. It compresses the time it takes to find weaknesses, and it does it at scale.

‍

Food and Agriculture Has a Bigger Attack Surface Than Most People Think

Food and agriculture adds another layer of complexity because AI is increasingly embedded into operational environments.

These organisations are pulling telemetry data from IoT devices, SCADA systems, and production nodes. AI maps that data, identifies patterns, predicts yield quality, and advises on efficiency improvements.

The business value is clear.

But the security implication is also clear: when AI becomes part of production operations, the attack surface expands quickly. To understand the security risks, you first need to understand how deeply AI is being embedded into the sector.

‍

Defenders Need AI Too, But Not as an Autopilot

On the defensive side, AI is becoming inevitable, but not because it replaces analysts.

We do not leverage AI to take final response actions. That is not the point.

The real value is speed and focus.

SOC analysts deal with enormous volumes of alerts across SIEM, VDR, NDR, and other platforms. Each technology has its own query language. Even with decades of experience, writing correlation queries takes time.

For a senior analyst, building the right query can take 5–10 minutes. Then you analyse results, then you write another query, and so on.

AI removes that delay. It can run correlation searches instantly, analyse the data in seconds, and pinpoint where defences actually fail and resources should focus.

That directly reduces triage and response time. The analyst still makes the judgement call, but AI accelerates everything around it.

AI does not replace expertise. It amplifies it.

‍

The Blind Spot Problem AI Helps Reveal Faster

Supply chain complexity creates blind spots, and many organisations do not have full visibility of what exists in their environment.

In one example from the food sector, a company had vendor-owned servers on-site that they did not even know existed. Those assets were outside monitoring scope. There were no EDR agents, no AV agents, and no logs being sent.

When those servers were turned on, ransomware was already present.

What helped was behavioural analytics and machine learning. AI detected suspicious traffic patterns and flagged that something bad was happening, even before the full picture was clear. Deeper investigation suggested ransomware propagation, and it turned out to be WannaCry, an old ransomware, but still sitting inside the environment.

That is the uncomfortable reality. AI cannot fix unknown infrastructure, but it can help reveal it faster than traditional monitoring alone.

‍

Phishing and Fraud Have Become More Convincing With AI

Even with all the tools in the world, phishing remains one of the first vectors for ransomware.

AI has accelerated this dramatically.

Attackers can research supply chains, understand vendor relationships, and generate convincing fraud narratives.

Imgaine: a finance employee receives an email that looks legitimate. A delivery has been made, but banking details have changed, here is the new IBAN, please transfer the payment.

They check LinkedIn, the person exists, the company looks real, and the money is gone.

There have been fraud cases involving not tens of thousands, but millions.

You can invest heavily in security tools, but one person clicking a link can still compromise an environment, especially if that user has privileged access.

‍

The Takeaway Deploying AI Is Inevitable Governing It Is Not Optional

AI is inevitable in operational technology. The efficiency gains are too large, and adoption is accelerating.

But governance, visibility, and security controls have to move just as quickly. Organisations need to map AI use cases against regulatory requirements, food safety obligations, and GDPR sensitivity.

Attackers are already using AI to move faster.

Defenders need to do the same, not by handing response decisions to machines, but by using AI to sharpen focus, reduce triage time, and detect behaviour that humans alone will miss at scale.

Because whether organisations are ready or not, AI is already shaping the threat landscape.