Gartner Predicts That by 2028 Misconfigured AI Will Shut Down National Critical Infrastructure in a G20 Country

Gartner, Inc., a business and technology insights company, predicts that by 2028, misconfigured AI in cyber physical systems (CPS) will shut down national critical infrastructure in a G20 country.

Gartner defines CPS as engineered systems that orchestrate sensing, computation, control, networking and analytics to interact with the physical world (including humans). CPS is the umbrella term to encompass operational technology (OT), industrial control systems (ICS), industrial automation and control systems (IACS), industrial Internet of Things (IIoT), robots, drones, or Industrie 4.0.

“The next great infrastructure failure may not be caused by hackers or natural disasters but rather by a well-intentioned engineer, a flawed update script, or a misplaced decimal,” said Wam Voster, VP Analyst at Gartner. “A secure ‘kill-switch’ or override mode accessible only to authorized operators is essential for safeguarding national infrastructure from unintended shutdowns caused by an AI misconfiguration.”

Misconfigured AI can autonomously shut down vital services, misinterpret sensor data or trigger unsafe actions. This can result in physical damage or large-scale service disruption, posing direct threats to public safety and economic stability by compromising control of key systems like power grids or manufacturing plants.

For example, modern power networks rely on AI for real-time balancing of generation and consumption. A misconfigured predictive model could misinterpret demand as instability, triggering unnecessary grid isolation or load shedding across entire regions or even countries.

“Modern AI models are so complex they often resemble ‘black boxes,’” said Voster. “Even developers cannot always predict how small configuration changes will impact the emergent behavior of the model. The more opaque these systems become, the greater the risk posed by misconfiguration. Hence, it is even more important that humans can intervene when needed.”

To mitigate risks, Gartner recommends that chief information security officers (CISOs) must:

• Implement Safe Override Modes: For all critical infrastructure CPS, include a secure “kill-switch” or other override mechanisms accessible only to authorized operators, so humans retain ultimate control even during full autonomy.

• Digital Twins: Develop a full-scale digital twin of the systems supporting critical infrastructure for realistic testing of updates and changes to configurations before deployment.

• Real-Time Monitoring: Mandate real-time monitoring with rollback mechanisms for changes made to AI in CPS, while also ensuring the creation of national AI incident response teams.

Gartner clients can learn more in Predicts 2026: Emergent Critical Risks of AI in CPS Security.

Learn how to navigate the infrastructure modernization path in the complimentary Gartner roadmap Modern Infrastructure: Built for Tomorrow’s Business Demands.

Gartner is the world authority on AI

Gartner is the indispensable partner to C-Level executives and technology providers as they implement AI strategies to achieve their mission-critical priorities. The independence and objectivity of Gartner insights provide clients with the confidence to make informed decisions and unlock the full potential of AI. Clients across the C-Level are using Gartner's proprietary AskGartner AI tool to determine how to leverage AI in their business. With more than 2,500 business and technology experts, 6,000 written insights, as well as more than 1,000 AI use cases and case studies, Gartner is the world authority on AI. More information can be found here.

Gartner Security & Risk Management Summit 

Gartner analysts will present the latest insights for security and risk management leaders at the Gartner Security & Risk Management Summits, taking place March 9-10 in Mumbai, March 16-17 in Sydney, June 1-3 in National Harbor, MD, July 22-24 in Tokyo, August 4-5 in Sao Paulo and September 22-24 in London. Follow news and updates from the conferences on X and LinkedIn using #GartnerSEC.