Securing data centers in the agentic AI era

Find out how data center operators can protect critical building-management systems and cyber-physical infrastructure from AI-powered threats, as well as comply with evolving regulations.

Data centers have undergone a radical transformation. They are no longer just passive warehouses used for storing customer data or hosting cloud backups. Today, they represent the autonomous engine rooms that power the global digital supply chain. Because these facilities process some of the world's most sensitive data and processes, the definition of data center security has evolved to become a matter of global economic stability.

As we enter the era of agentic AI — where AI systems don’t just summarize data but actually execute business decisions — data centers have become the brain of the modern enterprise. This shift is causing governments and regulators to take notice. For example, in late 2024, the U.K. government officially designated data centers as critical national infrastructure (CNI), putting them on the same level of importance as water, energy, and emergency services. This move reflects a global trend: major data center outages and security breaches put massive capital expenditures at risk, with some data center campus investments exceeding $15 billion or more, and present significant national security concerns.

However, to power the most advanced AI, we are relying on physical infrastructure — cooling and power systems, UPS systems, and power grids — that often runs on 20-year-old operational technology (OT) devices never designed for the modern threat landscape. Furthermore, while true physical air gaps — protected by hardware like one-way data diodes — remain a gold standard for high-security facilities, the rise of cloud-managed xIoT (extended internet of things) devices has introduced significant connectivity risks. In data center environments where isolation is often perceived rather than physically absolute, the lack of a true air gap means isolated networks can be inadvertently bridged, leaving data centers and downstream enterprise processes exposed.

The two-fold challenge for data center security

To secure the modern data center, asset owners and operators must balance two competing priorities that are increasingly at odds in the AI era:

1. Maintaining “five nines” availability amidst a rapid patch cycle: Operators must keep the facility running with 99.999% uptime to keep AI clusters and servers online and available while managing a vulnerability landscape that is moving faster than ever before. In an era of AI-driven exploits, the pressure to “patch everything, everywhere, all at once” is immense. However, for data center security, the risk of a patching error causing an adverse outcome or unplanned downtime can be higher than the probability of a successful exploit.
2. Securing AI access and dependent systems: For most enterprises, AI security isn't about protecting the model weights or the LLM hardware itself — which often resides in a provider's cloud — but rather securing the gateways and data pipelines. This means protecting the sensitive training and retrieval-augmented generation (RAG) data stored within your data center and ensuring the identity-based network communication pathways that allow autonomous agents to interact with that data are ironclad.

The modern attack surface: operational denial

While data theft remains a massive industry, we are seeing a shift in the motive of sophisticated attackers, particularly state-sponsored actors and hacktivists. To understand this shift, we have to look at the relationship between the “bytes” and the “bricks.”

In the age of agentic AI, security teams are facing a tsunami of bytes — an exponential spike in legitimate customer and employee connections that makes traditional network traffic monitoring nearly impossible. In this flood of data, it is becoming increasingly difficult to distinguish between a stealthy attacker performing reconnaissance from the millions of active, automated AI and customer sessions being processed every second.

The goal of today’s threat actors isn’t always to steal information; it’s to use this digital noise as cover to disrupt physical processes and trigger widespread outages. In other words, they hide in the bytes to target the bricks: the physical infrastructure of the modern data center. If an attacker can disable a cooling system, for example, the resulting heat may force a high-value AI cluster to shut down to prevent a hardware meltdown. This operational denial causes immediate financial chaos, triggers massive SLA penalties, and halts business operations more effectively than any traditional data breach.

Your AI data center infrastructure is only secure if you have full visibility into the control systems connected to the 15-year-old cooling system in the mechanical gallery.

Risk often starts with the supply chain. A breach of a third-party vendor’s maintenance portal or of an engineering workstation in the data center can lead to a pivot into the process control layer. By manipulating cyber-physical systems (OT/IoT), such as HVAC controls or other building management systems (BMS), a threat actor may be able to trigger automated safety shutdowns or unplanned downtime. This may result in SLA penalties and costly downstream impact.

Understanding the layers of exposure for data centers

To build strategic resilience, asset owners and operators must look beyond the IT perimeter and address the three distinct layers of data center risk:

• OT/ICS: Many cooling and power systems run on legacy protocols (like BACnet or Modbus) designed decades ago without security in mind. Many of these systems lack basic encryption and authentication. As these systems are connected to the cloud for remote access and to ensure centralized governance and compliance with environmental sustainability mandates, these connections create new entry points for attackers.
• xIoT: Smart devices (e.g., climate sensors, IP cameras, badge access) represent the hidden majority of assets inside the modern data center. According to a survey by the SANS Institute, more than half of organizations lack specialized monitoring for these assets. Because xIoT devices sit outside the standard IT inventory, they become invisible entry points that are easy targets for cyber-compromise if left unmanaged.
• Non-human identities: The risk to data centers goes beyond people and includes the devices and agents they deploy. Tenable research shows that 52% of organizations possess non-human identities (e.g., AI agents and connected sensors) with critical excessive permissions, outpacing the risk associated with human users. This creates an extended attack surface that is increasingly difficult for security teams to manage.
• AI gateways: While cloud providers secure the underlying LLM infrastructure, the enterprise is responsible for the server housing and data paths. This layer includes the RAG data sets that give AI its context and the identity-driven gateways that connect your corporate environment to the cloud. If an attacker manipulates the RAG input or compromises an AI gateway, they don't need to compromise the LLM to weaponize it against your organization.

Streamlining regulatory compliance

The “build fast and fix it later” approach to AI is hitting a regulatory wall. Recent mandates such as the EU Digital Operational Resilience Act (DORA) and the UK Cyber Security and Resilience Bill now require organizations to prove they have continuous, real-time monitoring of their entire infrastructure. Compliance is moving away from annual “check-the-box” audits toward firm requirements for proof of posture — requiring operators to proactively monitor exposures impacting every asset across their network–federated identities, IT, OT, web apps, cloud containers, and everything in between.

Exposure management delivers proactive security for data centers

To stay ahead of AI-powered threats and meet new regulatory requirements, operators are adopting holistic exposure management to unify visibility across identity, IT, OT, and AI domains.

Security teams can no longer rely on legacy scanners. Because you cannot patch faster without risking critical downtime, you must patch smarter. To stay ahead of AI-powered threats and align with new and evolving regulatory requirements, operators are adopting holistic exposure management to secure data center assets at the speed of AI by correlating exposure across identity, cloud, OT/IoT, and AI domains. 

Here are the core pillars of a modern data center security strategy:

• Secure internet-exposed assets: True security starts with a complete, ground-truth inventory of the entire estate. This means identifying every asset — from internet-exposed management apps (DCIMs) to legacy OT/IoT devices — without risking the uptime of sensitive systems and operations. Tenable recommends that organizations adopt a hybrid approach to asset discovery that blends passive monitoring of network traffic, safe active query using native OT protocols, and agent-based discovery.
• Anticipate likely attack paths: Attackers don’t think in silos; they look for the path of least resistance. A robust strategy involves mapping how a vulnerability in a third-party vendor portal could allow a lateral pivot into your process control layer. By visualizing these attack chains, you can break the link before an intruder ever reaches your crown jewels.
• Prioritize real risk, not just vulnerabilities: In a data center with thousands of connected devices, trying to patch everything or implement hardware-intensive passive monitoring solutions across every site is a losing battle and incomplete approach. Security teams should focus on the 1.6% of vulnerabilities that actually sit on a path to your most critical systems by going beyond basic vulnerability management and risk scoring to correlate exposure across security domains with business criticality and full context.
• Secure the identity perimeter and prevent lateral movement: Identity has become the most vulnerable entry point for IT/OT environments. Protecting data centers requires continuous monitoring of Active Directory and cloud permissions to ensure that a compromised credential in the enterprise IT network cannot be used to escalate privileges and move laterally to disrupt data center operations. Tenable solutions help security teams identify risky entitlements and misconfigurations to enforce strict zero-trust architectures and implement proactive security measures, such as rule-based alerts, micro-segmentation and policy monitoring.
• Monitor third-party vendor risk: Data centers rely on a web of third-party technicians and remote maintenance. Holistic exposure management means establishing clear rulesets and real-time alerts for vendor-managed systems, allowing you to detect unauthorized remote access and mitigate cyber risk you don't directly control.
• Streamline data center security compliance and governance: Streamline reporting and monitoring for regulatory and compliance frameworks like SOC 2, PCI DSS, ISO 27001, NIS2, HIPAA, and NERC-CIP with built-in dashboards and reporting tools for relevant compliance frameworks and industry standards.

Securing the future

As organizations continue to scale data center infrastructure to meet rapidly accelerating AI and cloud compute demands, OT/IoT security must be treated as a foundational component of data center operations. Whether you are managing a data center expansion or conversion, or breaking ground on a multi-billion-dollar campus, having a right-sized exposure management strategy in place helps ensure your data center investments are secure from the threats of tomorrow.

Request a demo to find out more about how Tenable helps data center operators secure critical national infrastructure and building facility environments.

Learn more

• Explore Tenable solutions for data center security
• Explore Tenable solutions for compliance frameworks and industry standards
• Five steps to become Mythos ready