AI Security and Safety for Manufacturers

AI Security and Safety for Manufacturers

Prepared for the Nebraska Manufacturing Extension Partnership (MEP) 

Most artificial intelligence (AI) risk for a manufacturer is not exotic. It does not come from science-fiction scenarios. It comes from three ordinary places: everyday use of AI tools by your own staff, vendors you have not vetted, and the absence of a simple decision about who is allowed to do what. This briefing walks through the four concerns we hear most often, names the real risk behind each one, and pairs every risk with a concrete action you can take. You do not need to become a security expert or stand up a new department. You need vetted tools, hard questions for your vendors, a one-page policy, and a person kept in the loop. The voluntary frameworks and federal guidance below give you a shared language and a tested starting point.

Executive Summary

  1. The leak risk is real but can be managed. Your data and intellectual property (IP) leave your control most often when an employee pastes a design, a quote, or a customer list into a free consumer chatbot. Require business or enterprise-tier tools with written data protections, and tell staff plainly what never goes into an unvetted tool. 
  2. Vet your vendors in writing. Ask every AI vendor three questions and get the answers on paper: Do you train on our data? Where is it stored? Who can access it?
  3. Governance beats a new department. You do not need an AI office. You need a one-page policy that names who approves AI tools, who is accountable, and what is off-limits. 
  4. AI extends your existing security, it does not replace it. Fold AI into the cybersecurity you already run. If you protect Controlled Unclassified Information (CUI) for defense work, AI raises those stakes; it does not exempt you.
  5. The factory floor is different. AI placed near physical equipment can stop a line or endanger a worker. Treat any floor-level AI as a change to a safety-critical system, and keep a person able to override it.
  6. Help is close. Your state MEP center, federal agencies, and Nebraska university partners offer free, manufacturer-specific guidance. 

Concern 1: Will our data or IP leak?

Yes, this can happen, and it is the most common worry for good reason. The good news: the leaks usually come from everyday habits, and every one of them has a concrete fix.

Everyday AI use can carry your data out the door. When an employee opens a free, consumer-grade chatbot and pastes in a computer-aided design (CAD) file, a customer list, or a quote sheet to “clean it up,” that information leaves your control. Many free consumer tiers may keep what you type, and their terms can change. The Open Worldwide Application Security Project (OWASP), a nonprofit that publishes widely used security guidance, lists “sensitive information disclosure” among its Top 10 risks for large language model applications (the technology behind chatbots). Action: require business or enterprise-tier tools with written data protections for any company information, and tell staff plainly that designs, pricing, source code, and customer data never go into an unvetted tool.

Prompts themselves are an exposure path. What you type into an AI tool is a prompt. OWASP also flags “prompt injection,” where hidden instructions, sometimes buried in a document or web page you ask the tool to read, trick the AI into revealing data or ignoring your rules. Picture an estimator who feeds a vendor PDF into an AI assistant that also has access to your pricing folder; a malicious line in that PDF could coax the assistant into exposing the folder, which is why the action below is to limit what each tool can reach. Action: limit what each AI tool can reach, keep sensitive files in separate access-controlled locations, and keep a person reviewing any output that touches confidential material. 

Weak vendor handling and tools that train on your inputs. Some vendors store your data loosely, share it, or train their models on whatever you submit. That can turn your proprietary process into someone else’s training material. The National Institute of Standards and Technology (NIST), the federal agency that sets measurement and technology standards, names Data Privacy, Information Security, and Intellectual Property among the twelve risk categories in its Generative AI Profile (NIST AI 600-1, July 2024). Action: ask every vendor three questions in writing, “Do you train on our data? Where is it stored? Who can access it?” and prefer contracts that say your inputs are not used for training.

Three data risks beyond leakage, named by federal agencies. Not every AI data risk is a leak; some are about the data an AI learns from. The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Information Sheet, “AI Data Security: Best Practices,” on May 22, 2025. It highlights three risks:

  • Data supply-chain vulnerabilities: an AI tool may be built on data of unknown origin, like a part from a supplier you never audited. Action: favor (AI TOOL? ) vendors who document where their training data comes from. (
  • Poisoned data: someone deliberately corrupts the data an AI learns from, so a tool trained on tampered inspection images could start passing bad parts. Action: control and check the data you feed into any AI you train or tune.
  • Data drift: the real world shifts away from what the model learned, so a forecasting tool slowly goes stale. Action: review AI outputs on a schedule and retrain or retire tools that drift.

None of this requires you to become a security expert. It requires choosing vetted tools, asking vendors hard questions, and keeping a human in the loop.

Concern 2: How do we manage AI risk in a structured way?

Most manufacturers do not need a new department to handle AI. They need a structured way to decide what AI to allow, how to check it, and who is accountable. Three voluntary references from NIST and one international standard cover that ground. You can adopt as much or as little as fits your size and your customers’ requirements.

Start with the four functions of the AI Risk Management Framework. The NIST AI Risk Management Framework (AI RMF 1.0) is a voluntary, sector-neutral reference built around four plain-language functions: Govern, Map, Measure, and Manage. Govern means you set the policies and name who is responsible. Map means you write down where AI is used and what could go wrong. Measure means you test and track how the AI actually performs. Manage means you act on what you find, prioritize the real risks, and respond when something breaks. A small shop will not apply every part, but these four words give your team a shared vocabulary for the conversation.

Bolt AI risk onto the cybersecurity you already run. Most manufacturers already organize security around the NIST Cybersecurity Framework (CSF) 2.0, which groups security work into six functions: Govern, Identify, Protect, Detect, Respond, and Recover. You do not throw that backbone away for AI. NIST is now extending it through the draft Cybersecurity Framework Profile for Artificial Intelligence, numbered NIST Interagency Report (IR) 8596 and sometimes called the Cyber AI Profile. NIST released this preliminary draft on December 16, 2025, and it remains a draft, so treat it as a direction of travel rather than a finished rule. It maps AI concerns onto the same CSF 2.0 outcomes your team already knows, organized around three focus areas: Secure, Defend, and Thwart.

Pick the standard that matches who needs it.

  • The AI RMF gives you vocabulary and a voluntary structure. It fits any manufacturer that wants a common language for AI risk without a certification burden.
  • CSF 2.0 is the security backbone most members already use, and the draft Cyber AI Profile is the bridge that carries it into AI.
  • ISO/IEC 42001 is the first international standard for an AI management system, published in 2023. Think of it as the AI counterpart to ISO/IEC 27001 for information security: a formal, auditable program. It fits larger members, or those with compliance-minded customers who expect documented governance.

Adopt the vocabulary first, fold AI into the security you already run, and reserve the formal standard for the members who need to prove it.

Concern 3: What about our existing cybersecurity and supply-chain obligations?

If you already meet cybersecurity requirements, start there: that work is your most actionable entry point into AI security, not a separate project. Many manufacturers, especially defense and aerospace suppliers, already carry obligations to protect Controlled Unclassified Information (CUI), which is sensitive government information that is not classified but still requires safeguarding. NIST Special Publication (SP) 800-171 (Revision 3) defines the security controls that protect CUI, and the Department of Defense Cybersecurity Maturity Model Certification (CMMC) program verifies that suppliers actually apply them. Adding AI tools to your operation raises the stakes on these duties; it does not replace them. When an employee pastes a defense drawing into an outside chatbot, or a vendor’s AI feature stores your data somewhere you have not approved, that is a CUI handling event governed by the same rules you already follow. The practical move is to fold AI into your existing control set rather than build a parallel one: confirm where CUI lives, decide which AI tools may touch it, and keep that decision inside the boundaries CMMC already expects you to maintain.

Your strongest resource for this work is close to home. The NIST Manufacturing Extension Partnership (MEP), a nationwide network of manufacturing-focused centers, publishes Cybersecurity Resources for Manufacturers, including a “Where to Start” path written for small and mid-size shops rather than for security specialists. Cybersecurity Guide This is home turf for the manufacturers in this series and the most actionable first call: members can email mepcyber@nist.gov or contact their state MEP center directly for hands-on help mapping these obligations. One caveat on older references: the NIST MEP Self-Assessment Handbook (NIST Handbook 162, 2017) was formally withdrawn and superseded in September 2022 by SP 800-171A and current Department of Defense guidance, so work from the live MEP hub and the current SP 800-171 materials rather than that retired handbook.

Concern 4: AI on the factory floor (operational technology)

Most AI security guidance assumes an office setting: documents, email, and chat, typically knowns as IT. Manufacturers also run Operational Technology (OT), the hardware and software that monitors and controls physical equipment such as programmable logic controllers, sensors, robots, and process control systems. AI placed near OT carries consequences that office-focused advice misses, because a bad output here can stop a line, damage equipment, or put a worker at risk. On December 3, 2025, CISA, with the NSA AI Security Center, the FBI, and the Australian Cyber Security Centre (ACSC) and other partners, published Principles for the Secure Integration of Artificial Intelligence (AI) in Operational Technology (OT). The guidance covers machine-learning systems, large language model systems, and AI agents, and it organizes the work around four principles you can use as a checklist before any AI touches the floor.

  1. Understand AI. Know what kind of AI you are deploying and what it can and cannot do, so you do not trust an automated output beyond its actual reliability.
  2. Assess AI Use in OT. Evaluate each proposed use against the physical and safety consequences in your specific environment before connecting it to live equipment.
  3. Establish AI Governance. Decide who approves AI on the floor, who is accountable for it, and how you monitor and retire it, in writing.
  4. Embed Safety and Security. Build safety and security in from the start, including keeping a human in control of consequential actions, rather than bolting protections on afterward.

The action is straightforward: treat any floor-level AI as a change to a safety-critical system, run it through these four principles, and keep a person able to stop or override it.

Where Manufacturers Can Go for Help

Most of these resources are free.

  • Your state MEP center and NIST MEP. Your first call for hands-on, manufacturer-specific help mapping these obligations. The NIST Manufacturing Extension Partnership publishes Cybersecurity Resources for Manufacturers, including a “Where to Start” path written for small and mid-size shops. Email mepcyber@nist.gov or contact your state MEP center directly.
  • CISA (cisa.gov). The United States Cybersecurity and Infrastructure Security Agency offers free resources, alerts, and regional advisors. Start at cisa.gov for its AI data-security and operational-technology guidance.
  • FBI field office and InfraGard. Your FBI field office is the channel for threat briefings and for reporting an incident. InfraGard is the FBI’s public-private partnership for critical-infrastructure operators, including manufacturers.
  • PRAIRIE / UNL and the NU AI Institute. The University of Nebraska-Lincoln (UNL) PRAIRIE Initiative, the university’s Center of Excellence for AI, and the University of Nebraska (NU) AI Institute can help you frame governance, guardrails, and AI literacy for a manufacturing audience.

Adopt-Today Checklist

Concrete actions you can take this week. No specialist required.

  1. Switch off free consumer chatbots for company work. Move any business use to a paid business or enterprise-tier tool that carries written, contractual data protections. Many free consumer tiers may keep what you type, and their terms can change.
  2. Draw a hard line on what never goes in. Tell every employee, in plain words, that designs, source code, pricing, customer data, and other IP never go into an unvetted tool.
  3. Write a one-page acceptable-use policy. Name who approves AI tools, who is accountable, what is allowed, and what is not. One page is enough to start.
  4. Send every AI vendor the three questions in writing. Do you train on our data? Where is it stored? Who can access it? Prefer contracts that say your inputs are not used for training.
  5. Limit what each AI tool can reach. Keep sensitive files in separate, access-controlled locations so a single tool cannot pull from your whole network. Keep a person reviewing any output that touches confidential material.
  6. Keep a human in the loop on consequential decisions, and label your data so the sensitive material is obvious to staff and to any tool.
  7. Fold AI into the security you already run. Map AI use onto your existing NIST CSF and, where it applies, your NIST SP 800-171 and CMMC controls. Do not build a parallel program.
  8. Treat any factory-floor AI as a safety-critical change. Before AI touches live equipment, confirm someone can stop or override it, and review its outputs on a set schedule.

Sources

All links were current as of June 2026. NIST’s AI-specific cybersecurity profiles are in active development, so check for updated versions.