Rail Safety in the Age of AI Enabled Cyberattacks

In mid-November, Anthropic, the company behind Claude, the AI large language model (LLM), announced that it had disrupted a significant cyberattack executed by AI agents. A subsequent investigation revealed that this was a highly sophisticated espionage campaign, likely orchestrated by a Chinese state-sponsored group. The attack involved manipulating Claude to infiltrate a number of global targets, achieving limited success.

Crucially, this represents the first documented case of a large-scale cyberattack conducted without substantial human intervention. This evolution in IT security has profound implications for the rail sector as it drastically lowers the barrier to entry for complex attacks. With AI, even less-resourced threat actors can now launch campaigns that previously required expert teams, moving the battle into an entirely new dimension.

Andrew Cullen, Senior Research Fellow at the University of Melbourne and an AI and cybersecurity consultant, observes that while the use of AI in cyberattacks does not in itself represent a fundamental turning point for cybersecurity, the trajectory is deeply concerning. Such attacks point to the democratisation of hacking toolchains, shifting them from specialist capabilities to something accessible with a single prompt. As the pool of potential attackers expands, attack vectors grow exponentially, particularly in highly interconnected sectors where compromised assets can be repurposed as threat sensors and vulnerabilities propagate through supply chains.

Rail in the Crosshairs

The rail sector is a particularly good example of such risk. It is becoming increasingly vulnerable through the convergence of Information Technology (IT) and Operational Technology (OT), which exposes critical systems, especially those relying on aging infrastructure and incorrectly configured systems to a myriad of attack vectors.

Even without the use of sophisticated AI, adversaries are successfully launching large-scale campaigns against rail infrastructure sites and their supply chain partners. The sustained, state-linked assault on Ukrainian Railways (Ukrzaliznytsia) serves as a stark modern example; since the onset of the Russia–Ukraine war, these attacks have targeted everything including corporate IT and passenger information, signalling, scheduling, and third-party vendors. It is reflective of a broader global trend where transportation-related cyber incidents have surged by 48%, with rail now accounting for 28% of all attacks, second only to aviation (Cyber Defence Center of Maticmind, 2025).

With AI, we anticipate an accelerating surge in cyberattacks as adversaries leverage machine learning to further automate round-the-clock campaigns, such as hyper-realistic, AI-generated lures which bypass traditional defences and deceive operators with surgical precision. And we can only imagine the numerous autonomous algorithms relentlessly probing vulnerabilities while simultaneously scanning global supplier networks for overlooked "side doors."

Experts also predict a fast-moving AI arms race. Andrew Cullen notes that “While LLM developers are creating guiderails, motivated attackers will continuously find ways around them, resulting in a constant cycle of novel threats and inevitably increasing the rate of AI-enabled cyberattacks.”

Leveling the Playing Field

While AI is a potent weapon for attackers, it has also become the cornerstone of modern industrial defence. It empowers companies with behavioural analysis, predictive analytics, and autonomous response capabilities. Tools such as AI-driven anomaly detection identify irregular machine behaviours that human operators might miss, while predictive modelling flags IT/OT vulnerabilities before they can be exploited. Crucially, automated incident response protocols can now isolate compromised devices in real time, neutralizing threats without triggering costly operational shutdowns. While talk of a 'Skynet' era may be premature, AI remains a definitive double-edged sword: it undeniably accelerates the speed and scale of attacks, but it also provides the only defensive tools capable of countering them at scale.

What’s Your Company’s Cybersecurity Roadmap for the AI Era?

The shift toward autonomous, round-the-clock AI threats represents a watershed moment for the rail industry, requiring a fundamental "leveling up" of cybersecurity, from a back-office/lean IT function to a mandatory core tenet of operations. As AI makes hacking easier and more accessible, the risk to interconnected systems like signalling, rolling stock and access control has reached a critical threshold, where a compromise of the digital backbone can immediately expose the physical layer. To navigate this landscape, rail operators must adopt a high-velocity roadmap that begins with eliminating "blind spots" through comprehensive vulnerability mapping and the deployment of AI-driven monitoring to quickly detect anomalies. Strengthening the "human firewall" as the first line of defence against high-fidelity lures like deepfake phishing is equally vital. Ultimately, the evolution of modern algorithmic attacks necessitates a posture of continuous adaptation and autonomous incident response, requiring investment and collaboration with IT security partners to bridge the gap between human ingenuity and digitally paced threats.

Authored by Josh Brown, Executive Director of Global Tech Partners

Global Tech Partners (GTP) is a trusted provider of cybersecurity services, training, and a distributor of leading IT security solutions. With offices across Australia and New Zealand and a strategic focus on industrial and infrastructure sectors, GTP helps businesses safeguard their people, data, and systems in today’s evolving security landscape.

Word Count: 818