Back to Blog
Artificial IntelligenceIT Security

Gartner Predicts: Misconfigured AI Will Shut Down National Infrastructure in a G20 Country by 2028

Mert Bacak··6 min read
Symbolic image for AI risks in critical infrastructure — power grid and digital systems.

In February 2026, Gartner published a prediction that sent shockwaves through the global IT community: by 2028, a misconfigured AI will bring national critical infrastructure in a G20 country to a standstill. Not through a cyberattack. Not through a natural disaster. But through a well-intentioned engineer, a flawed update script, or a misplaced decimal point.

That sounds dramatic. But it is not speculation — it is the logical continuation of a trend we can already observe today.

What Is Behind This Prediction?

More and more critical infrastructure — power grids, water systems, transport networks, industrial facilities — is being managed by AI systems. These so-called Cyber-Physical Systems (CPS) make decisions in real time: one AI model balances the power grid, another controls production lines, a third coordinates rail traffic.

The efficiency gains are real and measurable. But with increasing dependency comes a structural risk that the IT industry has barely begun to address: what happens when the model is misconfigured?

The problem: these models are black boxes — even to their own developers. Wam Voster, VP Analyst at Gartner, puts it plainly:

> "Modern AI models are so complex they often resemble black boxes. Even developers cannot always predict how small configuration changes will impact the emergent behaviour of the model."

Unlike classical software, AI systems have no linear relationship between input and output. A parameter update can change the overall behaviour of a model in unforeseen ways — and that in a system with physical consequences.

Why Small Errors Have Massive Consequences

What is a bug in the software world can be a blackout in the physical world. Gartner describes a concrete scenario: an AI model managing a national power grid in real time misinterprets a routine load fluctuation as critical instability after an update — and triggers nationwide grid shutdowns. In seconds. Before any human can intervene.

This is not science fiction. It is the logical consequence of three simultaneous developments:

  • Complexity: Modern AI systems have emergent properties that cannot be fully predicted during training. Small changes can lead to surprisingly large behavioural deviations.
  • Interconnection: Infrastructure systems are deeply linked. An error in one subsystem cascades through the entire network — power affects water, water affects production, production affects supply chains.
  • Speed: AI makes decisions in milliseconds. Human reaction time — even with immediate intervention — is orders of magnitude slower.

Brian Levine, security expert at FormerGov, summarises the danger: "Adding autonomous AI to brittle layers of automation creates extreme danger." The point being: many infrastructure systems were never designed for full automation. AI is layered on top — making a fragile system even more fragile.

The Underestimated Threat: No Malicious Intent Required

Traditional cybersecurity thinks in terms of attackers, malware, and targeted attacks. That is important — but it is only half the picture. Gartner's prediction describes an entirely different threat category: the accident from within.

A routine update, a new training dataset, a miscalibrated threshold — and the system behaves differently than expected. Experts call this "gradual drift": AI systems can classify slowly drifting sensor readings as normal, missing critical warning signals that an experienced human operator would have caught long ago.

Matt Morris from Ghostline Strategies describes the problem: unlike humans who intuitively recognise unusual patterns, AI systems are only as good as their training data. Gradual changes in real-world operation can fall outside the learned distribution — and the system responds incorrectly without triggering an alert.

Flavio Villanustre, CISO at LexisNexis, therefore warns: the risks acquired through AI deployment could outweigh the productivity gains — if no robust governance framework is in place. And that is precisely the situation at the majority of organisations today.

Real Warning Signs We Are Already Seeing

Gartner's prediction is not an abstract vision of the future. The warning signs are already visible:

  • Power grids across Europe: are increasingly using AI for load forecasting and grid stabilisation. Errors in these systems have already caused localised outages in 2023 and 2024 — not yet at a national scale, but the trajectory is clear.
  • Automated production facilities: in industry have already suffered millions in damage through AI misconfigurations — mostly without public reporting.
  • Autonomous traffic management: in major cities already shows behaviour that developers could not predict — and that at far lower complexity than national infrastructure.

The question is not whether such an event will occur. Gartner says: it will.

What Gartner Specifically Recommends

Gartner identifies three measures that organisations with AI in critical systems must implement without exception:

1. Implement a kill-switch: Every AI-controlled infrastructure system must have a secure override mode — accessible only to authorised personnel, independent of the AI system itself. Humans must be able to retake control at any point.

2. Use digital twins: Realistic test environments where updates and configuration changes are fully simulated before being rolled out to production. No update without prior testing in the twin environment.

3. Rollback mechanisms: Every AI configuration change must be monitored in real time and automatically reversible when needed. Continuous monitoring is not a luxury — it is a baseline requirement.

A fourth, often overlooked point: governance structures for AI deployments. Who is accountable when an AI system fails? What escalation processes exist? How are configuration changes documented and approved? Today, these questions remain unanswered in the vast majority of organisations.

What This Means for Swiss Companies

Switzerland is one of Europe's most highly networked and digitalised economies. Energy, transport, financial infrastructure, healthcare — all sectors are increasingly relying on automated, AI-driven systems. That is a strength. But it becomes a vulnerability when governance structures fail to keep pace.

For IT decision-makers in Swiss companies, Gartner's warning translates into concrete action today:

  • Create an inventory: Which critical processes are controlled or influenced by AI systems? A complete overview is the foundation of every further measure.
  • Define governance: Clear responsibilities, approval processes for updates, and documented rollback plans for every AI system in critical processes.
  • Ensure human oversight: AI systems in critical areas must not operate fully autonomously. Human control points are not an inefficiency — they are security architecture.
  • Audit the supply chain: Partners and vendors with AI-driven infrastructure must be assessed for their governance maturity. A failure at the vendor level is increasingly a failure in your own operation.
  • Update incident response plans: AI misconfigurations must be explicitly included as a scenario in business continuity and disaster recovery plans.

Conclusion

Gartner's prediction is a wake-up call — not for panic, but for structured preparation. The technology is not the problem. The problem is integrating it into critical systems without adequate controls, test infrastructure, and governance.

AI in infrastructure brings enormous opportunities. But it also fundamentally changes the nature of risk. The greatest threat no longer comes from outside — it emerges from within, silently, unintentionally, and often invisibly, until it is too late.

The next major infrastructure crisis may not be an attack. It will be an update. Why missing AI ROI has its own costs is explored in our related post.

Questions about AI governance in your organisation? Contact us.


Source: Gartner – Gartner Predicts That by 2028 Misconfigured AI Will Shut Down National Critical Infrastructure in a G20 Country (February 2026)

AI for Your Business

Want to put AI to work in your business?

From AI agents to private AI: we guide you from strategy to implementation — privacy-compliant and tailored to your processes.

Book a Free Consultation

30 min · Free · No obligation

AI consulting for businesses