How AI is taking IoT security to the next level

The IoT and AI are a likely partnership: IoT generates and captures data, often in large volume, AI is ideally placed to analyze it.
Combined, AIoT presents new opportunities, so much so that Transforma Insights forecasts no fewer than 9.1 billion AIoT connections at the end of 2033, a more than six-fold increase in 10 years.
The potential for AI in the IoT is far-reaching, and one standout application is enhanced security.
The security risk to the IoT
All connected devices are under growing levels of threat, but the IoT is particularly targeted. According to Beaming’s cyberthreat report into UK businesses, IoT devices were most frequently attacked in 2024. They are attractive targets for the data they exchange and their potential to be compromised.
The devices are often unmanned and generally sit outside corporate security perimeters. They may be in remote spots, where they could be subject to unauthorized physical access attempts, and often remain in place for long periods of time. Many, such as the IoT devices used in energy, transport, utilities and retail, transfer sensitive data of high value.
Businesses need confidence that data collected through the IoT—both real-time and historical—comes from secure and trusted sources, not least when it comes to developing and training AI models. In this, the IoT works with digital twins, which are digital representations of physical objects or systems.
The IoT enables the seamless flow of real-world data between the physical and the digital, while the digital twin’s attributes provide the features for AI modelling. Historical data collected through IoT is then used to train and refine the AI model.
How AI is helping secure the IoT
AI applies its automation and analytical capabilities to many tasks and priorities. It is making inroads into cybersecurity, something that has not gone unnoticed. Last year, the IEEE revealed almost half of the global technology leaders it surveyed (47%) expect vulnerability identification and attack prevention to be a top use of AI in 2026.
That may be some comfort to enterprises and connectivity and solutions providers grappling with the problem of protecting IoT devices and applications. This challenge is compounded by the fact that attackers are increasingly using AI themselves to automate phishing, accelerate reconnaissance and develop adaptive malware that evades traditional detection. However, it is more comforting still, that AI is already making a difference in the IoT, redefining how organizations protect their devices.
AI-powered anomaly and threat detection (ATD) is helping security teams identify threats like suspicious network traffic and botnet activity faster and improving resilience across large-scale IoT environments, something enterprises must strive for.
In the recent past, the focus on the IoT was arguably getting devices online. That is no longer the challenge; the test now is keeping them operational: compliance readiness and the flexibility to adapt to ever-evolving commercial and technological changes. It also means maintaining resilience.
IoT security must follow a clear defend against, detect and react approach to swiftly counter attacks. No one or two of these three measures are enough without the others.
How AI improves IoT visibility and incident response
AI-powered ATD detects anomalous behavior, such as remote code execution, abnormal port connection or a suspicious IP. These could indicate the beginnings of a cyberattack on an IoT device. It analyses the anomaly and can identify the attack type, be it distributed denial of service (DDoS), man-in-the-middle (MiTM) or an attempted device takeover.
ATD can then trigger direct action, if business rules dictate an automated response. This could take the form of threat isolation or referring the incident for full review.
Anomaly and threat detection protects over one million devices
ATD runs entirely in the mobile core network infrastructure, rather than through software agents on a device, so it can be retrofitted to existing systems.
Enterprises that have identified IP backdoors and Mirai botnet infections within hours.
With IP backdoors, ATD detects unusual outbound connections, or traffic, to suspicious IPs. Such backdoors may allow remote control or data exfiltration, both of which leave identifiable behavioral traces.
In the case of Mirai, anomalous behavior typically exhibits as spikes in outbound traffic, uncommon ports use, or repetitive scanning of external IPs. ATD can flag these irregularities in real time and trigger corrective actions, such as blocking or quarantining the device, blocking or throttling traffic or patching firmware.
Automation and analytics can shape the next phase of IoT security
There is a clear shift in IoT implementation and management. It is insufficient to plan for device deployment, sit back and gather the data. Without a strategy that accounts for the stresses, threats and changes that beset IoT estates, enterprises risk costly surprises like unplanned site visits and service disruptions.
AI, through automation and analytics, can shape the next phase of IoT security. Enterprises that detect, analyze and even automatically address, anomalous activity reduce the risk of cyberattack-related outages and inconvenient site visits to access devices.
Sending field technicians to maintain or repair devices can add significantly to total cost of ownership. Each truck roll, which incurs expenses for labor, fuel, vehicle wear and often missed productivity opportunities, can add up to over $1000 per site visit.
IoT downtime, meanwhile disrupts operations and can have a catastrophic reputational, as well as financial, cost.
How to balance innovation, data privacy and operational control
Enterprises are, for the most part, keen to innovate through AI but have understandable questions about data privacy and operational control.
It is important to know what AI does, in all process integrations, to understand why it does it and to have control that prevents AI deviating from its purpose.
On data privacy, ATD isn’t installed on IoT devices. Only packet headers from device cloud communications are mirrored from the mobile core to the ATD engine, with threat levels and AI-driven insights relayed through a customer portal.
Operational control is maintained through the business rules that dictate how the ATD engine reacts. The option to refer an anomaly for review, for example, gives enterprises the flexibility to incorporate human oversight, under predetermined circumstances.
This is especially useful when you consider there can be genuine reasons why a SIM may increase or cease communication, that an incident reviewer will understand.
AI-powered IoT security
AI is making a difference to the speed, efficiency and depth of response to cyberthreats. Automation and advanced analytics within IoT solutions’ security measures also help enterprises manage costs, by minimizing labor-intensive manual tasks and site visits, and reducing the risk of expensive cyberattack reparations.
For CISOs, CIOs, product and operations managers seeking to maximize IoT value and protect their enterprise IT domains from external threats, AI-powered ATD offers visibility and actionable insights to take IoT security to the next level.
We’ve reviewed and ranked the best antivirus software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit