As the digital and physical worlds increasingly converge, the cybersecurity landscape for physical security deployments has grown exponentially complex. From high-definition cameras and sophisticated access control systems to biometric readers, intercoms, edge appliances, and cloud-managed platforms, connectivity is now a ubiquitous feature. For systems integrators and consultants, the challenge extends far beyond secure installation; it now encompasses continuous visibility, comprehensive lifecycle management, stringent configuration checks, and proactive risk prioritization across vast, distributed environments.
Enter AI agents – a promising new frontier in tackling these demanding tasks. While their immediate impact may not lie in fully autonomous decision-making, their true value emerges in automating repetitive, high-volume work often overlooked by human teams. This includes crucial functions like asset discovery, firmware visibility, credential checks, network segmentation validation, and anomaly detection. However, experts unanimously caution: AI’s effectiveness is intrinsically linked to the underlying environment’s visibility, manageability, and adherence to fundamental cyber hygiene.
Connected Systems Expand Cyber Exposure
Today, physical security systems are no longer isolated islands; they are deeply embedded within broader IT and operational technology (OT) infrastructures. While this integration offers significant benefits in remote management, advanced analytics, and seamless workflows, it also dramatically expands the attack surface, creating new avenues for cyber threats.
Evgeny Goncharov, Head of Kaspersky ICS CERT, highlights the alarming cyber exposure levels already present in biometric and building automation systems. “According to Kaspersky ICS CERT report, in Q4 2025 the biometrics sector has continued to lead the ranking of industries and OT infrastructures surveyed in the report in terms of the percentage of ICS computers on which malicious objects were blocked (26.6%), followed by building automation (that includes physical security-related OT systems as well) where 23.4% of all computers faced cyberthreats,” Goncharov reported.
These figures are critically relevant for integrators, as biometrics and building automation systems frequently interface directly with access control, identity management, and core physical security operations. “Biometrics systems process, store, and use biometric data for identification and access control,” Goncharov explained, detailing the intricate web of backend servers, databases, management software, and interconnected networks involved, all integrated with physical security and building management systems.
He emphasized that biometrics should fundamentally be considered a part of operational technology due to its direct influence on both cyber and physical access. A significant vulnerability stems from these environments often being internet-accessible yet lacking robust cybersecurity controls. “Biometrics and Building Automation (BMS) systems are characterized by accessibility to and from the internet, as well as minimal cybersecurity controls by the consumer organization,” Goncharov warned. This underscores the escalating importance of thorough cybersecurity assessments when specifying any connected physical security components, from biometric readers to cloud-managed video and integrated building systems.
IoT Weaknesses Remain Unresolved
The proliferation of connected physical security devices has inadvertently inherited persistent security challenges inherent to the Internet of Things (IoT), according to Martin Zugec, Technical Solutions Director at Bitdefender. “Physical security devices — cameras, access controllers, intercoms, edge appliances are now fully part of the IoT landscape, and that means they inherit all of IoT’s unresolved security problems: default credentials that never get changed, firmware that rarely gets updated, devices deployed and forgotten for years,” Zugec lamented.
This presents a very real and practical concern, given that many cameras, controllers, and edge devices often remain in operation for years. Post-handover, the critical responsibilities for updates, password management, and configuration checks can become dangerously ambiguous, often falling into a gray area between the end user, integrator, IT department, or managed service provider.
Zugec noted the industry’s struggle to adequately address these foundational issues. “We have spent a long time trying to fix IoT security at the industry level, and progress has been very slow – standards exist, frameworks have been published, but adoption remains uneven and enforcement largely toothless,” he stated.
This security gap becomes even more pronounced as AI-enabled physical security systems become commonplace. Advanced video analytics, powerful cloud platforms, and sophisticated edge processing all rely on a network of connected devices and reliable data flows. If the underlying cyber foundation is shaky, these new capabilities, rather than enhancing security, could paradoxically increase exposure. “This is the foundation that physical security AI deployments will be built on,” Zugec cautioned. “That’s not a reason to stop, but it is a reason to be clear-eyed: expanding AI-driven connectivity into environments where the basics are still unresolved raises the stakes.”
AI Agents Can Improve Visibility
One of the most compelling applications for AI agents lies in delivering continuous visibility. Modern physical security environments are notoriously fragmented, spanning multiple sites, diverse device types, varying firmware versions, numerous vendors, and complex network segments. Manually maintaining accurate, up-to-date inventories in such conditions is an arduous, if not impossible, task.
“The distributed and heterogeneous nature of modern physical security environments makes continuous visibility difficult without automation,” Goncharov affirmed. “Platforms such as Kaspersky Industrial CyberSecurity address this challenge by enabling AI-powered continuous asset discovery and inventory across OT and physical security networks.”
For integrators, this presents a significant opportunity to extend their value proposition beyond initial installation. By offering managed services, regular health checks, and proactive lifecycle monitoring, they can become indispensable partners to their customers.
Zugec echoed this sentiment, pinpointing visibility and consistency as prime use cases for AI. “This is actually an area where AI agents have genuine potential,” he remarked. “The security challenges in physical security deployments are less about sophistication and more about scale and consistency – inventorying every device, checking firmware versions, flagging default credentials, monitoring for behavioral anomalies.”
He observed that while these tasks are recognized as essential, they are frequently neglected or performed inconsistently. “These are tasks that security teams know they should be doing but rarely do systematically, because the environments are large, heterogeneous, and often managed by people without a security mandate,” Zugec explained. This observation is particularly pertinent in physical security, where connected devices might still be relegated to a “facilities asset” category rather than being treated as fully managed cyber endpoints. “AI agents are well-suited to exactly this kind of repetitive, high-volume work,” Zugec concluded.
Manageable Devices Are Essential
Crucially, AI agents are only as effective as their reach. They cannot secure devices they cannot detect or control, making manageability a foundational design principle rather than an operational afterthought.
“The important caveat is that agents can only work with what they can see and interact with – which makes device manageability a prerequisite, not an afterthought,” Zugec asserted. “Devices that expose documented, standards-based APIs are actionable; devices that don’t are essentially invisible to any automated tooling, AI-driven or otherwise.”
This insight reinforces the critical importance of careful product selection for consultants and integrators. Factors like standards support, documented APIs, robust logging capabilities, efficient update mechanisms, and remote management functionalities should be given equal weight alongside traditional metrics such as camera performance, access control features, or analytics capabilities. “That’s a quiet but strong argument for the standards adoption that the industry has been slow to embrace,” Zugec stated.
The issue becomes particularly salient in multi-vendor environments where a diverse array of cameras, access control panels, biometric systems, visitor management platforms, VMS, and building systems must operate in harmony. Without interoperable management data, even the most advanced AI agents will only be able to provide fragmented, partial visibility.
From Anomaly Detection to Prioritization
Beyond foundational visibility, AI agents hold immense potential in identifying unusual device behaviors, weak configurations, and exposed assets. “AI-driven anomaly detection, including technologies like Kaspersky Machine Learning for Anomaly Detection, can identify deviations in device communication patterns, detect misconfigurations, and continuously surface exposed assets – capabilities that are essential in environments where threats are both frequent and diverse,” Goncharov highlighted.
In a physical security context, this could manifest as a camera unexpectedly attempting to communicate with an unfamiliar external address, an access controller appearing on an incorrect network segment, or a biometric system exhibiting abnormal traffic patterns.
Furthermore, AI-assisted tools can correlate findings across extensive environments, enabling customers to transcend a reactive, alert-by-alert approach and move towards proactive risk prioritization. “AI-assisted systems are already supporting a range of practical security functions across OT and physical security environments,” Goncharov explained. “Continuous asset discovery provides visibility into all connected devices, including cameras, controllers, and biometric systems, while vulnerability and firmware monitoring help identify outdated or unpatched components.”
He elaborated that AI agents possess the capability to connect these disparate signals across complex deployments. “AI agents can correlate these signals across large environments, enabling early detection of anomalous behavior and supporting tasks such as segmentation validation and risk prioritization,” Goncharov concluded. For integrators, the tangible value lies in empowering customers to clearly identify what is connected, what is exposed, what is outdated, and, most importantly, what needs immediate attention.