Customers need continuous visibility, lifecycle management, configuration checks, and risk prioritization across distributed environments.
As cameras, access control systems, biometric readers, intercoms, edge appliances, and cloud-managed platforms become more connected, cybersecurity is becoming a core issue for physical security deployments.
For systems integrators and consultants, the challenge is no longer limited to secure installation. Customers also need continuous visibility, lifecycle management, configuration checks, and risk prioritization across distributed environments.
AI agents are emerging as a possible tool for these tasks. Their immediate value may not be in autonomous decision-making, but in helping organizations perform repetitive, high-volume work that is often neglected, including asset discovery, firmware visibility, credential checks, segmentation validation, and anomaly detection.
However, experts caution that AI can only be effective when the underlying environment is visible, manageable, and supported by basic cyber hygiene.
Connected systems expand cyber exposure
Physical security systems now sit within broader IT and operational technology environments. This has improved remote management, analytics, and integration, but it has also expanded the attack surface.
Evgeny Goncharov, Head of Kaspersky ICS CERT, said biometric and building automation systems are already showing high levels of cyber exposure.
“According to Kaspersky ICS CERT report, in Q4 2025 the biometrics sector has continued to lead the ranking of industries and OT infrastructures surveyed in the report in terms of the percentage of ICS computers on which malicious objects were blocked (26.6%), followed by building automation (that includes physical security-related OT systems as well) where 23.4% of all computers faced cyberthreats,” Goncharov said.
For integrators, these figures are relevant because biometrics and building automation often connect directly with access control, identity management, and physical security operations.
“Biometrics systems process, store, and use biometric data for identification and access control,” Goncharov said. “This includes backend servers, databases, management software, and the networks connecting them, as well as their integration with physical security and building management systems.”
He added that biometrics should be viewed as part of operational technology because of its direct impact on both cyber and physical access.
“Biometrics is treated as a critical part of operational technology environments that directly impacts both cybersecurity and physical access,” Goncharov said.
A key issue is that these environments are often internet-accessible while lacking strong cybersecurity controls.
“Biometrics and Building Automation (BMS) systems are characterized by accessibility to and from the internet, as well as minimal cybersecurity controls by the consumer organization,” Goncharov said.
This makes cybersecurity assessment increasingly important when specifying biometric readers, cloud-managed video, remote monitoring, or integrated building systems.
IoT weaknesses remain unresolved
Martin Zugec, Technical Solutions Director at Bitdefender, said physical security devices have inherited long-standing IoT security problems.
“Physical security devices — cameras, access controllers, intercoms, edge appliances are now fully part of the IoT landscape, and that means they inherit all of IoT's unresolved security problems: default credentials that never get changed, firmware that rarely gets updated, devices deployed and forgotten for years,” Zugec said.
This is a practical concern because many cameras, controllers, and edge devices remain in the field for years. After handover, responsibility for updates, password management, and configuration checks may be unclear between the end user, integrator, IT team, or managed service provider.
Zugec said the industry has not fully addressed these basic issues.
“We have spent a long time trying to fix IoT security at the industry level, and progress has been very slow - standards exist, frameworks have been published, but adoption remains uneven and enforcement largely toothless,” he said.
That gap becomes more significant as AI-enabled physical security systems become more common. Video analytics, cloud platforms, and edge processing rely on connected devices and reliable data flows. If the cyber foundation is weak, new capabilities may increase exposure.
“This is the foundation that physical security AI deployments will be built on,” Zugec said. “That's not a reason to stop, but it is a reason to be clear-eyed: expanding AI-driven connectivity into environments where the basics are still unresolved raises the stakes.”
AI agents can improve visibility
One of the clearest use cases for AI agents is continuous visibility. Physical security environments are often spread across multiple sites, device types, firmware versions, vendors, and network segments. Maintaining accurate inventories manually is difficult.
“The distributed and heterogeneous nature of modern physical security environments makes continuous visibility difficult without automation,” Goncharov said. “Platforms such as Kaspersky Industrial CyberSecurity address this challenge by enabling AI-powered continuous asset discovery and inventory across OT and physical security networks.”
For integrators, this creates an opportunity to support customers beyond installation through managed services, health checks, and lifecycle monitoring.
Zugec also identified visibility and consistency as strong use cases.
“This is actually an area where AI agents have genuine potential,” he said. “The security challenges in physical security deployments are less about sophistication and more about scale and consistency - inventorying every device, checking firmware versions, flagging default credentials, monitoring for behavioral anomalies.”
He noted that these tasks are known but often not performed systematically.
“These are tasks that security teams know they should be doing but rarely do systematically, because the environments are large, heterogeneous, and often managed by people without a security mandate,” Zugec said.
That observation is especially relevant in physical security, where connected devices may still be treated as facilities assets rather than cyber-managed endpoints.
“AI agents are well-suited to exactly this kind of repetitive, high-volume work,” Zugec said.
Manageable devices are essential
AI agents cannot secure devices they cannot see or control. This makes manageability a design issue, not just an operational concern.
“The important caveat is that agents can only work with what they can see and interact with - which makes device manageability a prerequisite, not an afterthought,” Zugec said. “Devices that expose documented, standards-based APIs are actionable; devices that don't are essentially invisible to any automated tooling, AI-driven or otherwise.”
For consultants and integrators, this reinforces the importance of product selection. Standards support, documented APIs, logging, update mechanisms, and remote management should be considered alongside camera performance, access control features, or analytics capabilities.
“That’s a quiet but strong argument for the standards adoption that the industry has been slow to embrace,” Zugec said.
The issue is particularly important in multi-vendor environments where cameras, access control panels, biometric systems, visitor management platforms, VMS, and building systems must operate together. Without interoperable management data, AI agents may provide only partial visibility.
From anomaly detection to prioritization
AI agents may also help identify unusual device behavior, weak configurations, and exposed assets.
“AI-driven anomaly detection, including technologies like Kaspersky Machine Learning for Anomaly Detection, can identify deviations in device communication patterns, detect misconfigurations, and continuously surface exposed assets – capabilities that are essential in environments where threats are both frequent and diverse,” Goncharov said.
In a physical security deployment, this could include a camera communicating with an unexpected external address, an access controller appearing on the wrong network segment, or a biometric system showing abnormal traffic.
AI-assisted tools can also correlate findings across larger environments. This can help customers move from isolated alerts to risk prioritization.
“AI-assisted systems are already supporting a range of practical security functions across OT and physical security environments,” Goncharov said. “Continuous asset discovery provides visibility into all connected devices, including cameras, controllers, and biometric systems, while vulnerability and firmware monitoring help identify outdated or unpatched components.”
He added that AI agents can connect these signals across complex deployments.
“AI agents can correlate these signals across large environments, enabling early detection of anomalous behavior and supporting tasks such as segmentation validation and risk prioritization,” Goncharov said.
For integrators, the practical value is in helping customers identify what is connected, what is exposed, what is outdated, and what should be fixed first.