Misconfigured AI could shut down critical infrastructure in a G20 nation by 2028, warns Gartner

Misconfigured AI could shut down a G20 nation, says Gartner

Rapid rollout into cyber-physical systems raises outage risk, Gartner warns The next blackout to plunge a G20 nation into chaos might not come courtesy of cybercriminals or bad weather, but from an AI system tripping over its own shoelaces. Analyst firm Gartner warned this week that misconfigured artificial intelligence embedded in national infrastructure could shut down critical services in a major economy as soon as 2028, delivering the kind of disruption usually blamed on hostile governments or catastrophic natural events. The prediction centers on the rapid adoption of AI in cyber-physical systems, which Gartner defines as "systems that orchestrate sensing, computation, control, networking, and analytics to interact with the physical world (including humans)." Gartner's warning isn't really about attackers taking over AI tools - it's about what happens when everything is working as intended... until it isn't. More operators are allowing machine learning systems to make real-time decisions, and those systems can respond unpredictably if a setting is changed, an update is pushed, or flawed data is entered. Unlike traditional software bugs that might crash a server or scramble a database, errors in AI-driven control systems can spill into the physical world, triggering equipment failures, forcing shutdowns, or destabilizing entire supply chains, Gartner warns. "The next great infrastructure failure may not be caused by hackers or natural disasters but rather by a well-intentioned engineer, a flawed update script, or a misplaced decimal," cautioned Wam Voster, VP Analyst at Gartner. Power grids are an obvious stress test. Energy firms now rely heavily on AI to monitor supply, demand, and renewable generation. If the software malfunctions or misreads data, sections of the network could go dark, and repairing damaged grid hardware is rarely a quick process. The same creeping automation is turning up in factories, transport systems, and robotics, where AI is slowly taking over decisions that used to involve a human looking mildly concerned at a dashboard. Gartner's bigger worry is how quickly AI is being deployed where mistakes don't just crash software; they break real things. AI is turning up in systems where failures can shut down physical infrastructure, yet the models themselves aren't always fully understood, even by the teams building them. That makes it difficult to predict how they'll react when something unexpected happens or when routine updates are released. "Modern AI models are so complex they often resemble black boxes," said Voster. "Even developers cannot always predict how small configuration changes will impact the emergent behavior of the model. The more opaque these systems become, the greater the risk posed by misconfiguration. Hence, it is even more important that humans can intervene when needed." While regulators have spent years focusing on cybersecurity threats to operational technology, Gartner's forecast suggests the next wave of infrastructure risk could be self-inflicted rather than adversary-driven. ®

Gartner Predicts Misconfigured AI Could Shut Down Critical Infrastructure in a G20 Nation by 2028

Implement Safe Override Modes: For all critical infrastructure CPS, include a secure "kill-switch" or other override mechanisms accessible only to authorized operators, so humans retain ultimate control even during full autonomy. Digital Twins: Develop a full-scale digital twin of the systems supporting critical infrastructure for realistic testing of updates and changes to configurations before deployment. Real-Time Monitoring: Mandate real-time monitoring with rollback mechanisms for changes made to AI in CPS, while also ensuring the creation of national AI incident response teams.

Gartner Predicts Misconfigured AI May Shut Down Critical Infra in a G20 Nation

The report says such an eventuality could happen with an involuntary coding error in the AI used to load balance a power grid for example. The next great infrastructure failure may not be caused by hackers or natural disasters but rather by a well-intentioned engineer, a flawed update script, or a misplaced decimal. Business insights company Gartner predicts that such an occurrence happening over the next two years could be caused by misconfigured AI within the cyber physical systems (CPS). "The next great infrastructure failure may not be caused by hackers or natural disasters but rather by a well-intentioned engineer, a flawed update script, or a misplaced decimal," says Wam Voster, VP Analyst at Gartner. In case you're wondering what a CPS is, it is nothing but the engineered systems in the backdrop that orchestrates sensing, computation, control, networking and analytics to interact with the physical world, which includes other systems as well as humans. Per Gartner CPS encompasses operational tech, industrial control systems, automation and control systems as well as industrial internet of things, robots, drones etc. Voster says, "Modern AI models are so complex they often resemble 'black boxes. Even developers cannot always predict how small configuration changes will impact the emergent behaviour of the model." The more opaque these systems become, the greater the risk posed by misconfiguration. Hence, it is even more important that humans can intervene when needed, he says while highlighting why the next great infrastructure failure may not be caused by hackers or natural disasters but by something associated to AI. "It could be "a well-intentioned engineer, a flawed update script, or a misplaced decimal" Voster says a secure 'kill-switch' or override mode accessible only to authorised operators is essential for safeguarding national infrastructure from unintended shutdowns caused by an AI misconfiguration. Gartner says a misconfigured AI could autonomously shut down vital services, misinterpret sensor data or trigger unsafe actions. This could cause physical damage or large scale disruption of services that could result in a threat to public safety and economic stability by compromising control of systems like power grids or manufacturing units. Voster notes that modern power networks rely heavily on AI for real-time load-balancing of generation and consumption. A predictive model that got misconfigured by mistake might end up interpreting demand as instability. This could trigger grid isolation or load shedding across large parts of a city or an entire region or even a country. "Modern AI models are so complex they often resemble 'black boxes that even developers cannot always predict how small configuration changes will impact the emergent behaviour of the model. The more opaque these systems become, the greater the risk posed by misconfiguration. Hence, it is even more important that humans can intervene when needed.," Voster says. The Gartner report recommends risk mitigation efforts to be undertaken by the CISOs that include implementing safe override modes, creating digital twins and ensuring real-time monitoring of functions. The first of these involves including a "kill switch" or other override mechanisms for all critical infrastructure CPS. This should be accessible to authorized personnel so that humans ultimately are in control in spite of full AI autonomy. Creating a digital twin of the system supporting such critical infrastructure is another way to avoid disaster, the note says adding that real-time monitoring with rollback mechanisms for changes made to the AI should be made mandatory for such systems.