With Physical AI, companies need to rethink the safety, robustness and design of their systems. While classic control systems such as programmable logic controllers (PLCs) are based on clear, deterministic logic, physical AI applications operate in open problem spaces. They interpret unstructured sensor data, derive context-dependent decisions from it and then act in the physical world. The close integration of perception, decision-making logic and action creates new points of attack and requires enhanced security concepts.

NTT DATA has identified five particularly relevant risks and suitable countermeasures:

1. vulnerable sensors

The problem: sensors form the basis for most physical AI applications, for which cameras, force or position sensors provide the necessary data. If these are manipulated or altered by external influences, the system can make incorrect decisions. In industrial environments, even seemingly trivial factors such as unusual lighting conditions, dust or electromagnetic interference have a direct impact on the sensor technology. There is also a risk of targeted manipulation by criminals.

Countermeasures: To minimize risks, companies can use the sensor fusion approach, in which data from several sensors is compared with each other. It also makes sense to use tests that automatically detect inconsistent or conspicuous measured values. In addition, the redundancy of critical sensors, regular calibration and the monitoring of anomalies in real time can significantly increase the robustness of physical AI systems.

2. attacks on AI models

The problem: in addition to the sensor technology, the underlying AI models can also represent points of attack, e.g. through prompt injections. Manipulated training data or incorrect model updates can lead to the system systematically making incorrect decisions. Such manipulations or errors are often difficult to detect because the results still appear plausible.

Countermeasures: Controlled training pipelines, careful validation of training data and continuous monitoring of model decisions help to detect anomalies at an early stage. In addition, versioning the models and auditing the training processes can ensure the integrity of the AI models.

3. new attack surfaces through networking

The problem: many physical AI systems are integrated into highly networked architectures. They communicate with cloud platforms, edge systems and remote maintenance interfaces. This networking increases flexibility, but at the same time expands the attack surface. Compromised access or insecure interfaces can be used to manipulate systems in a targeted manner or gain control over physical processes.

Countermeasures: Traditional security mechanisms remain central here: zero-trust architectures, consistent network segmentation and secure update processes reduce risks. In addition, continuous monitoring of communication channels and comprehensive logging of access are necessary in order to detect and limit unauthorized activities at an early stage.

4. separation of safety and security

The problem: In industrial automation, safety (protection against errors and accidents) and security (protection against attacks) have long been considered separately. However, physical AI is increasingly breaking down this separation. Systems operate in open environments that are difficult to fully model and often work directly with humans, for example in collaborative applications or cobots. Incorrect or manipulated decisions can therefore have immediate physical consequences. A system can be formally designed to be "safe" and yet become dangerous due to unexpected or influenced behavior.

Countermeasures: An integrated approach to safety and security right from the system development stage is key. This includes combined risk and threat analyses, robust fallback strategies and clearly defined safe states. Plausibility checks and redundancies in sensor data can help to limit misinterpretations. At the same time, systems must be designed in such a way that they remain controllable even in the event of unsafe or incorrect AI decisions, for example through safe operating modes or physical emergency mechanisms.

5. unexpected situations in real environments

The problem: Physical AI systems have to deal with unpredictable situations: unusual objects, damaged sensors or changing environmental conditions. These scenarios can only be partially mapped in training, but can be crucial for system stability.

Countermeasures: Extensive simulations and stress tests in which systems are deliberately confronted with unusual situations. Anomaly detection, adaptive algorithms and continuous learning also help physical AI applications to react reliably even in unforeseen environments. In addition, data flywheels, i.e. a self-reinforcing cycle of data, product improvement and use, enable continuous learning.

"Security cannot be added retrospectively with physical AI"

"Physical AI will find its way into more and more areas in the coming years, from autonomous machines to robotics and intelligent infrastructures. This also increases the responsibility to make these systems robust and secure from the outset," explains Oliver Köth, Managing Director Technology & Innovation DACH at NTT DATA. "Security can therefore not be added to physical AI as an afterthought, but must be an integral part of the architecture, training and operation."

"Physical AI will find its way into more and more areas in the coming years, from autonomous machines to robotics and intelligent infrastructures. This also increases the responsibility to make these systems robust and secure from the outset," explains Oliver Köth, Managing Director Technology & Innovation DACH at NTT DATA. "Security can therefore not be added to physical AI as an afterthought, but must be an integral part of the architecture, training and operation."