Authors

• Splunk

  • Ewald Munz, Head of Manufacturing, Automotive and Sustainability EMEA
  • Sahil Gupta, EMEA Partner Technical Manager AWS

• AWS

  • Sanjay Mahato, Global Partner Development Specialist Manufacturing
  • Rajesh Gomatam, Principal Solutions Architect, AWS Industry and Partner Solutions CoE

• Nozomi Networks

  • Adam Markham, Technology Alliances Director

A New Era on the Factory Floor

At Hannover Messe 2026, the world’s largest manufacturing fair, one message rang out louder than any other: Industrial AI and physical AI are reshaping what a factory is. Intelligence is no longer confined to enterprise software; it now lives inside machines, robots, autonomous vehicles, and cyber-physical systems operating in real-time on the production line. This shift promises autonomy, adaptive production, and entirely new business models. It also creates a security problem that did not exist before: AI systems are now physical assets, and physical assets are now AI systems. Neither IT security tools nor traditional OT controls were designed for what comes next.

Physical AI refers to systems designed to directly perceive, reason, and act in real-world environments – integrating sensors, actuators, and cyber physical systems to create intelligence that operates in the physical world, not just the digital one.

Industrial AI combines digital and physical AI specifically to enhance industrial operations, leveraging real-time data, predictive analytics, and machine learning to optimize processes and enable autonomous decision-making.

These properties, namely autonomy, real-time decision-making, and direct actuation on the physical world, are what make Physical AI valuable. They are also what make it a category of asset that many security tools were never designed to protect.

The introduction of Physical and Industrial AI into manufacturing workflows is the latest step in the manufacturing industry’s AI journey. Notably, this introduction has been near exponential in adoption and impact as GenAI and Agentic AI are integrated into the global manufacturing industry.

The global Physical AI market - encompassing autonomous robots, self-driving vehicles, humanoid systems, industrial automation, wearables, smart infrastructure, and AI-enabled medical and agricultural systems is forecasted to grow from approximately $383 billion in 2026 to $3.3 trillion by 2040 – representing one of the largest technology market expansions in history according to Research and Markets.

The best-kept Physical AI secret in the industry is Amazon’s more than one million warehouse robots which are already in operation since 2012. Proteus, Amazon’s first fully autonomous mobile robot, navigates freely alongside human workers without safety cages — a real-world demonstration that Physical AI is already running at scale.

Industrial AI and Physical AI are the new North Star of digital transformation for manufacturers. What makes this shift uniquely challenging from a security perspective is not just the scale of connectivity but the nature of what is now connected.

From Efficiency Gains to Expanded Attack Surfaces

The first wave of AI adoption in manufacturing focused on efficiency use cases such as process automation, automated quality inspection and energy optimization according to Cisco’s 2026 State of Industrial AI Report.

These efficiency-focused use cases are certainly valuable but remain contained. In contrast, typical Industrial AI and Physical AI use cases differ because they:

• Embed decision-making directly into OT assets — robots, PLCs, AGVs, and cobots
• Connect cloud-trained models to physical actuation, where a compromised inference can cause physical harm or operational downtime
• Multiply data flows across IT, OT, and cloud, dissolving the boundaries that traditional security architectures relied upon

The result is an expanded, dynamic attack surface that outpaces legacy OT and IT controls alike.

What makes this shift uniquely challenging is not just the scale of connectivity, but the nature of what is now connected. Robots, autonomous guided vehicles, programmable logic controllers, and building management systems were never designed with cybersecurity in mind. As AI embeds decision-making directly into these assets, the consequences of a breach extend far beyond data loss. Compromised inference in a Physical AI system can cause physical harm, production shutdowns, or safety failures on the factory floor.

And yet, before organizations can detect or respond to threats across this new attack surface, they must first answer a more fundamental question: what is running in their OT and IoT environment? Asset discovery in manufacturing environments consistently reveals devices and connections that IT and security teams had no visibility into legacy PLCs, unpatched sensors, undocumented cloud integrations. As AI adoption accelerates, this visibility gap becomes a critical risk multiplier.

“Expanding AI adoption elevates cybersecurity risks
across industrial environments.” — Cisco 2026 State of Industrial AI Report

According to the same Cisco report, cybersecurity concerns are now one of the top inhibitors of further AI adoption in industrial environments.

A Unified Approach to Secure Industrial AI and Physical AI: Nozomi Networks, Splunk, and AWS

No single vendor can secure this new manufacturing reality alone. That's why Nozomi Networks, Splunk (a Cisco company), and AWS are joining forces to help manufacturers move forward with confidence.

Together, we help customers:

• Protect the toughest OT and IoT environments with cloud-powered security at scale — combining Nozomi's deep OT/IoT visibility and threat detection with the elasticity of AWS.
• Operate a unified IT/OT agentic SOC — leveraging Splunk's advanced security analytics, orchestration, and AI-driven automation across the entire IT/OT estate.
• Transform isolated OT and IT environments into integrated, cloud-enabled, data-driven operations — turning security telemetry into a strategic data asset that fuels both resilience and innovation.

Nozomi Networks: Visibility as the Foundation of Secure AI Adoption

You cannot secure what you cannot see, and in a Physical AI environment, you cannot see what you do not understand. For manufacturers navigating IT/OT convergence and AI adoption, complete asset visibility, including the protocols, behaviors, and operational context that define how OT assets work, is the prerequisite for everything else.

Traditional IT security tools were not designed for OT environments. They can’t understand industrial protocols such as Modbus, PROFINET, DNP3, and EtherNet/IP - that govern communication between PLCs, SCADA systems, robots, and sensors. As a result, the assets that matter most in a physical AI environment are often the ones least visible to security teams. And the gap is widening. Physical AI assets often run modern protocols on top of legacy OT infrastructure, layering edge inference engines, MQTT brokers, and proprietary AI runtimes onto networks that were already invisible to IT tools. The result is a compound visibility problem: legacy OT plus new AI-specific assets, both unseen.

Nozomi Networks addresses this gap through both non-intrusive passive and active asset discovery modes alongside continuous monitoring across OT, IoT, and building management systems. Without disrupting operations, Nozomi builds a real-time inventory of every connected asset including its behavior, its vulnerabilities, and its relationships to other systems – providing the foundation that makes detection, response, and governance possible.

With that asset intelligence in place, manufacturers can baseline normal behavior to detect anomalies early, identify vulnerabilities across legacy and Physical AI assets, feed clean and contextualized OT telemetry into the SOC layer, and extend visibility into building management systems — a blind spot increasingly exploited as a lateral movement pathway into OT networks.

NIS2: Compliance as a Catalyst for EMEA Manufacturers

For EMEA manufacturers, the urgency is compounded by regulation. NIS2 is now in force across EU member states, placing explicit obligations on essential and important entities to maintain asset inventories, manage vulnerabilities, and report incidents within tight timeframes. Article 21 maps directly to capabilities that OT security platforms must deliver.

Compliance with NIS2 begins with knowing what you have. Nozomi provides the asset discovery, vulnerability assessment, and continuous monitoring that underpin NIS2 readiness — turning a regulatory requirement into an operational advantage. Manufacturers who invest in OT visibility now are not just meeting compliance obligations; they are building the foundation that makes confident Physical AI adoption possible.

Once assets are discovered, behaviors baselined, and anomalies detected, that intelligence flows into Splunk’s IT/OT SOC — where it becomes part of a unified, AI-driven response capability operating across the full IT and OT estate, scaled and sustained by AWS infrastructure.

Splunk: The Agentic IT/OT SOC for Unified Resilience

Splunk has been named a Leader in the Gartner® Magic Quadrant™ for SIEM for 11 consecutive years (2015–2025), confirming sustained leadership in threat detection, investigation, and incident response.

Powering the agentic SOC for unified resilience, Splunk unifies security data, analytics, tools, and AI to automate routine tasks, orchestrate workflows, surface complex insights, and proactively mitigate risk. Splunk redefines security operations by integrating an open data fabric, powerful analytics, cohesive tools, and human-in-the-loop AI into a unified platform. With Splunk, manufacturers can:

• Transform the security team from a reactive "firefighting" unit into a proactive, strategic function.
• Build a foundational layer of AI-based risk analysis, combining customer profiles, threat intelligence, and asset data to support autonomous prevention, self-healing, and continuous learning.
• Empower defenders to anticipate future attacks and orchestrate outcomes at machine speed.
• Turn SecOps into a force multiplier that enables business innovation while staying a step ahead of the adversary.

As part of this unified resilience, Splunk helps manufacturing organizations build a powerful, next-generation security concept for their factories with the help of a dedicated OT Security Add On. The Splunk Add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments. It reaches across both carpeted (IT) and concrete (OT) environments to better apply Splunk Enterprise Security to improve threat detection, incident investigation and response.

Existing specialized OT Security vendors such as Nozomi Networks are ingested as data sources to allow for holistic visibility across IT and OT environments.

Nozomi Networks feeds directly into this layer via the integration app on Splunkbase, providing the OT telemetry that makes Splunk’s analytics complete.

AWS: The Secure Cloud Foundation at Scale

When Physical AI systems operate on live production lines — humanoid robots running shifts, autonomous mobile robots navigating warehouses, AI-driven quality inspection systems making real-time decisions — the data journey from shopfloor edge to enterprise cloud becomes the critical path. And that path must be secured before a single byte of OT telemetry leaves the plant floor.

AWS provides the secure, scalable cloud substrate that makes Industrial AI and Physical AI possible — not by bolting security on after deployment, but by building it into the foundation from day one.

The AWS Manufacturing Applications & Technology Modernization (MATM) framework structures this into four interlocking layers — each a prerequisite for the next.

Starting with cloud security foundations — identity, encryption, network isolation and continuous monitoring — the MATM framework builds upward: validating AWS’s own security posture, then activating the tri-party solution where Nozomi Networks’ OT visibility feeds Amazon Security Lake, and Splunk unifies and correlates everything through Risk-Based Alerting and automated response. The result is a unified IT/OT SOC with one pane of glass, one team and one response cadence.

Consider the following real-world scenario for manufacturers: Driving SAP modernization on AWS from the IT side - migrating S/4HANA to the cloud for supply chain visibility and production planning. Simultaneously, from the OT side, deploying edge connectivity to ingest real-time data from Physical AI systems on the shopfloor. These two initiatives have converged. SAP needs real-time production data from Physical AI systems. Those AI systems need work orders and quality specifications from SAP. IT and OT are now inseparable - and so are the security risks.

Outlook – From Efficiency to Resilience

Industrial and Physical AI will define the next decade of manufacturing competitiveness. The manufacturers who lead will be those who treat AI and IT/OT security as inseparable — designed together, governed together, scaled together.

Industrial and Physical AI + IT/OT Cybersecurity: New Manufacturing Friends for Life.

Want to Learn More? Join Us on 8 July for a Webinar

Join Nozomi Networks, Splunk, and AWS on 8 July 2026 for a 45-minute webinar on what the evolving AI threat landscape means for manufacturers, what NIS2 demands, and how to build secure foundations for Industrial AI and Physical AI — without slowing down adoption. You will hear directly from experts across all three organizations on OT/IoT visibility, NIS2 compliance, and unified IT/OT threat response.

Register here