It is time for companies to fulfil their corporate responsibilities

Smart factories need smart security to reap the benefits and avoid the risks

The integration of AI into manufacturing represents a veritable revolution. It offers manufacturers impressive benefits in terms of efficiency, productivity, knowledge sharing and cost reductions. For Serge Thibault, VP of Information Security at Poka, whilst the potential of AI in manufacturing is vast, without appropriate security measures at the enterprise level, it can quickly become an operational and reputational risk. These powerful AI tools bring with them critical security and compliance issues. This presents manufacturing companies with the question of how they can harness the benefits of AI without compromising data security or operational integrity. Serge Thibault highlights the crucial role of platforms for connected employees. They mitigate the risks associated with AI implementation – from handling customer data to transparency and protection strategies.

Let’s take a closer look at the dilemma of benefits versus risks. Investment in artificial intelligence (AI) in the German manufacturing industry is growing rapidly. The sector is expected to generate revenue of US$2,765.8 million by 2030. The German government’s ‘AI Action Plan’ and the ‘Artificial Intelligence Innovation Park’ initiative play a key role in promoting the integration of AI into manufacturing. The German government has allocated €1.75 billion to fund AI-related research, development and application.

However, the more the industry invests in AI technology, the more vulnerable it becomes.

Cyberattacks cost the German economy a staggering €148 billion per year. In 2025, the manufacturing sector saw a 56% rise in ransomware attacks, making it the hardest-hit industry. As the manufacturing industry forms the foundation for a number of other sectors – particularly the automotive, aerospace and food and beverage industries – cyber incidents at manufacturing companies have far-reaching implications for other sectors, exacerbating production disruptions and supply chain issues.

Cyberattacks can cost millions and almost always damage a company’s reputation, investor and consumer confidence, and supply chains. As manufacturing companies drive the adoption of AI, they must therefore develop robust cybersecurity strategies to protect their systems, ensure business continuity and maintain the trust of their customers and business partners.

Smarter factories present a larger attack surface – cybersecurity must protect against AI vulnerabilities

Production facilities are now more complex and decentralised than ever, and legacy systems are not advanced enough to fend off modern hackers. To make matters worse, the introduction of AI tools brings with it a whole host of new threats. AI already influences many aspects of the manufacturing process today. Whether in staff training, security monitoring, data collection or the AI robots on the factory floor: manufacturing companies have become more connected and intelligent – and more vulnerable.

As AI-supported workflows rely on data, sensors and networks, the attack surface for cyberattacks has expanded. Hundreds or thousands of connected devices are potential entry points for hackers and other threats. Often, plans to introduce AI tools are implemented more quickly than the necessary security measures. Yet today it is more important than ever to effectively ensure governance, compliance and general security in manufacturing.

Consider, for example, the use of technologies for connected workers. AI-driven applications simplify access to key information, improve global communication and accelerate value creation through the automatic conversion of digital content. However, there are also important security considerations that must be taken into account to protect the data these systems work with.

Protecting proprietary production data ensures secure, isolated and compliant AI processing

Production data is extremely sensitive, as it contains trade secrets, detailed information about manufacturing processes and a wealth of customer data. When implementing AI technologies, the crucial question is therefore whether production data will ever be passed on to external AI providers.

Here, too, the statistics speak for themselves: in 2024, more than 40% of hacking claims were attributable to external providers.

Customer data should not be used to train AI models. It must only be processed by the SaaS provider and must never be shared with external providers of AI models. All inputs, outputs and embeddings must take place within a secure infrastructure that is operated, monitored and controlled by the SaaS provider. Only in this way can data sovereignty, data protection and compliance be fully guaranteed.

Modern platforms for connected workers solve this problem by processing all data in secure environments such as AWS and complying with strict data residency laws. As prompts and responses are also processed entirely within the AWS environment, manufacturers can utilise powerful AI capabilities on the shop floor whilst reliably adhering to strict requirements regarding data protection, control and compliance.

AI error minimisation and safety measures for manufacturing

In manufacturing, the safety and accuracy of AI outputs are of the utmost importance, as errors here can quickly lead to real-world hazards. Manufacturers should therefore ensure that AI responses are checked for safety and correctness, professionally formulated and tailored to the specific context. To minimise the risk of unsafe or incorrect AI outputs in manufacturing, companies should implement a multi-tiered system of guardrails and validation checks:

• Content filtering at input: Use of AI guardrails to block unsafe content before it enters the model. Examples include filters that detect and remove hate speech, insults, discriminatory content, sexual content and depictions glorifying violence.
• Prompt injection and detection of malicious inputs: Inputs are assessed in advance to detect malicious intent or leaks in system prompts.
• Few-shot prompting: Prompts include examples of acceptable/unacceptable questions to encourage safe behaviour.
• Secure processing of prompts and responses: Process all AI interactions in a secure, customised environment. Encrypt logs at rest and in transit. Enforce strict access controls. This ensures that prompts, responses and telemetry are auditable but can never be used to train the AI.
• Retrieval-Augmented Generation (RAG) for output grounding: Ground every AI response in verified, client-specific source content. If no relevant context is available, configure the model to return ‘No answer’ rather than risking hallucinations.
• Avoiding bias, obscenities and scope drift: Integrate mechanisms to review output for inappropriate or biased language. Ensure that responses remain confined to the client’s data. Ensure professional phrasing.
• Human-in-the-Loop (HITL) review: For highly critical outputs, such as safety protocols or complex work instructions, you should implement a workflow where a qualified human expert reviews and approves the AI-generated content before it is finalised. This provides a safety net to detect the smallest errors or contextual nuances that automated systems can easily miss.
• Multilingualism and cultural safety: Automatically adapt the response language to the input. Use localisation or translation in different contexts to maintain clarity and cultural relevance.
• Purple teaming and internal testing: Regularly conduct specialised simulations of adversarial attacks to assess and improve protection against prompt injection.

AI must take on corporate responsibility – through transparency, fairness and compliant responses

In the age of embedded AI, responsibility for corporate governance principles clearly lies with the SaaS provider. Customers in demanding environments such as manufacturing expect more than just powerful features. They demand secure, compliant and trustworthy AI. This responsibility includes a verifiable foundation for security and data integrity, validated by rigorous, independent audits, and adherence to industry best practices.

However, true AI governance extends deep into the product itself. The provider is obliged to build in technical guardrails that ensure transparency, fairness and compliance with established operational and security standards. Systems that use Retrieval-Augmented Generation (RAG) to base AI responses exclusively on a customer’s verified knowledge base prevent dangerous ‘hallucinations’ and ensure that all outputs are contextually accurate.

For the provider, assuming this responsibility is a strategic imperative. By proactively incorporating ethical controls and robust governance, a simple tool is transformed into a trusted, strategic asset. In this way, SaaS providers not only reduce their customers’ legal and reputational risks; they also build the trust that is essential for safe, sustainable adoption and long-term operational excellence.

A safer and smarter future for AI in manufacturing

The integration of AI offers immense benefits to the manufacturing industry – from optimised processes to empowering entire workforces. Yet this promise is accompanied by increased risks.

As factories and manufacturing processes become increasingly connected and intelligent, manufacturers and their solution providers must ensure that the right processes are in place. Only then can they mitigate cyber threats and data privacy risks and respond effectively to ethical challenges.

By adopting advanced technologies for connected workers that prioritise data security, implementing robust cybersecurity protocols, and vetting AI solutions for security and fairness, manufacturers can safely leverage the growing range of AI applications in manufacturing. To achieve this, AI must reflect the requirements of corporate responsibility.