Is industrial AI the real frontier for AI risk now?
I spent some time from a very busy week, familiarising myself with the recently released International AI Safety Report 2026, led by Yoshua Bengio:
https://lnkd.in/eURPNjed
What strikes me is how many of the top risks mentioned are related to AI encroaching on the physical world: plants, machinery, and infrastructure.
Not surprisingly, the report cites “jagged performance” as one of the main worries: AI can, e.g., solve a PhD-level engineering problem but fail a basic common-sense #safety check.
The reality is that if you are responsible for a safety-critical asset, such as a ship or a plant, chances are your company is not developing the tech. You bring it in from an established vendor or a scale-up.
After 10+ years of doing industrial tech deals, supporting some of the largest industrial players in the world as they partner with cutting-edge tech providers, one thing is clear: “Move fast and break things” does not apply here 🛑
When you introduce a new and unproven technology into a shipyard, a mine, or a chemical plant, the risk profile is unlike anything in the consumer sector. You are not simply buying software. You are connecting a new variable to a company’s physical nervous system. In this context, a bug does not mean an annoying error message. It can mean a halted production line costing millions per hour or a serious equipment failure.
Bringing in and deploying innovative solutions is imperative, but it must and can be supported by solid risk management. I am pleased, for instance, to see references in the report to the Swiss cheese approach used by safety engineers for decades.
At the same time, there is a balance to strike. You do not want to overdo due diligence too early, especially when you are only exploring possibilities. But it is equally dangerous to leave it to the very end. Rigorous assessment must be built into the whole journey, not treated as the final hurdle before deployment.
These are some additional common-sense golden rules that I apply and advocate to my clients and partners.
The Why Before the What
In industrial settings, falling in love with a gadget before defining the problem is one of the fastest ways to waste money. I have watched managers buy impressive drones or AI cameras and then struggle to find a real purpose for them.
The rule is simple: focus on the job to be done. Do not go to market asking for AI software. Define the outcome instead: for example, you need to detect metal fatigue in underwater pipes before they leak.
When you start a job, risk management becomes part of the selection process. A simpler machine learning tool may look less exciting, but it can be the better choice because it is more reliable, easier to maintain, and carries far less operational risk than a complex and untested AI system.
Ask to See the Ingredients List
Modern industrial software is rarely created from scratch. It is usually a mixture of borrowed code, third-party libraries, and services that call external platforms over the internet. If a vendor cannot clearly explain what sits under the hood, they represent a security risk to your infrastructure.
The rule is to demand a full inventory of every external component, often called a Software Bill of Materials.
This matters because if a global security flaw appears in a common piece of code next month, you need to know immediately whether your critical operations are exposed. You cannot manage a risk you have never documented.
Map the Reality With Rigorous Risk Assessment
Vendors love to quote performance figures, such as high accuracy. In a lab that can sound impressive, but in a factory, the small failure rate is what matters most. Industrial due diligence must assess not only how well the technology works, but how it fails in your specific operation.
The rule is to look beyond general statistics. You need to understand two things. First, the limits of the technology itself: the logic, the conditions where performance drops, and the built-in false positives and negatives that come with AI. Second, the risks are created when the tool enters your real environment and meets real people and workflows.
Consider a bottling plant using AI to spot cracks in glass. Rejecting five good bottles costs pennies. Missing one real crack could harm a customer. Most operators would accept extra false alarms to avoid that single miss.
Now, safety-critical industries are used to a risk assessment framework. But do they work with AI-powered technologies? Do they properly cater for technology risks? In the past few months, I have been undergoing formal training in leading AI risk frameworks, and the more I dive into them, the more I think industrial sectors may not have all the tools they need for these new classes of technologies.
Your job is to translate those failure patterns into your risk register and design mitigations and safety nets around them. If you have not mapped how the system behaves in your context, you have not completed a full due diligence.
Can Your Team Absorb It?
The greatest threat to industrial innovation is often people, not technology. I have seen brilliant inventions left unused because they were too awkward for the workforce.
The rule is to test for daily friction. Does the tool make a supervisor’s job harder? Does it require expert knowledge just to understand the dashboard? Does it add risks, such as distractions from the main job?
If an innovation adds stress to an already busy worker, they will find a way around it. The most advanced system is worthless if it cannot be used comfortably every day on the shop floor.
Run Real-World Pilots Early
A controlled demonstration is a good starting point, but it never proves industrial readiness. Real sites are noisy, dusty, and full of poor connectivity. The only way to understand risk is to place the technology in the field as soon as possible.
The rule is to run practical pilots rather than waiting for a perfect business case or a finished product. Small and fast trials are the safest way to stress test the system in your own environment.
This is how you discover the truth. Batteries may die in the cold. Sensors may be blinded by dust. A pilot is not a rehearsal for deployment. It is the strongest due diligence tool you have to learn whether the technology can survive daily operations.
Red-Team It and Let People Break It
Structured tests are useful, but real resilience comes from the active challenge of the people who know best. Before committing to a large rollout, you should invite your own experts to attack the system with one purpose: to break it.
The rule is not to rely on the vendor’s explanation of failure. Ask site engineers, IT security, and operators to find weaknesses. Give them permission to fail the technology during the pilot.
Every tool has a breaking point. It might be a sequence of operator actions, a lost network packet, or a sensor blocked at the wrong moment. If your team breaks it early, you can fix the process. If you wait until it is live, the technology will break you instead.
From Trust to Informed Confidence
At the heart of industrial AI and emerging tech is a simple truth: innovation in high-risk environments carries real responsibility. The duty of care is not just a slogan: it is the lens through which every decision, pilot, and assessment must be viewed.
The lessons for me are clear. Define the problem before chasing the solution. Understand exactly what is inside your technology. Map the limits of the tech in your real-world operations. Make sure your team can absorb it so that risks are reduced, not increased. Test early, and test for real. Let people challenge the system before it is fully deployed.
It is not about avoiding risk entirely. Nobody can. But it is about knowing your new tech well enough to be able to manage and mitigate the risks. Or choose to wait.
Innovation in this space is essential, but it must always be paired with the discipline to protect people, operations, and outcomes.