Hitachi and NVIDIA Are Building AI Agents That Control Real-World Infrastructure. Here's Why Security Experts Are Worried.
Hitachi and NVIDIA have announced a major partnership to deploy AI agents that orchestrate real-world manufacturing and infrastructure systems, but the move highlights a critical security risk: if even one agent is compromised, attackers could gain access to an organization's entire technology ecosystem. The collaboration integrates NVIDIA's NemoClaw agent blueprint and Agent Toolkit software with Hitachi's infrastructure intelligence platform to create what they call a Multi-Agent Orchestration Platform for mission-critical environments.
What Exactly Are Hitachi and NVIDIA Building Together?
The partnership aims to create a system that can safely manage multiple AI agents controlling diverse facilities, equipment, and systems across customer sites, regardless of vendor. The platform will combine Hitachi's IWIM (infrastructure intelligence platform) with NVIDIA's Cosmos world foundation model and NemoClaw agent blueprint to enable autonomous operations in real-world settings. Hitachi's Physical AI FDE Team will provide hands-on support to validate the technology and explore use cases across robotics, mobility, energy, and industrial equipment sectors.
The companies plan to use digital twins as a validation environment, ensuring safe autonomous control before deployment in physical infrastructure. Toshiaki Tokunaga, Hitachi's President and CEO, expressed confidence that the collaboration will "realize integrated autonomous operations and accelerate the adoption of Physical AI in society".
Toshiaki Tokunaga, Hitachi's President and CEO
Why Are Cybersecurity Experts Sounding the Alarm?
While the technology promises efficiency gains, security researchers are raising serious concerns about the risks. Zeki Turedi, CrowdStrike's Field CTO for Europe, warned that AI agents represent a fundamentally different threat than traditional cyberattacks because of the scope of access they're granted. "Organizations are giving them full access. They're giving them full capabilities. They will have the full privilege of the human user," Turedi explained.
Zeki Turedi, CrowdStrike's Field CTO for Europe
The danger lies in what security researchers call "living off the land" attacks, where hackers weaponize legitimate tools already present in an organization's network. With traditional attacks, compromising a tool like PowerShell limited what attackers could access. But AI agents operating across enterprise systems present a vastly larger attack surface. "An agent theoretically can touch every single part of that organization's technology ecosystem and architecture," Turedi noted, adding that "this is where it makes it so much more dangerous".
CrowdStrike's 2026 Global Threat Report found that threat actors are already exploiting legitimate AI tools at dozens of organizations globally, using chatbots and assistants to generate malicious commands and steal sensitive data. The motivations range from credential theft to cryptocurrency theft, with both financially motivated cybercriminals and state-sponsored actors actively targeting AI systems.
What Are the Key Security Vulnerabilities Organizations Face?
Security experts have identified several critical gaps that make AI agent deployments particularly risky:
- Visibility and Governance Gaps: Many organizations lack the ability to monitor what their AI agents are actually doing. The problem is compounded by sub-agents, which create chains of untraceable bots that are ideal targets for stealthy threat actors.
- Identity Management Failures: Over two-thirds of respondents in a Cloud Security Alliance survey said they couldn't accurately identify agent activity compared to human activity, making it difficult to distinguish legitimate operations from malicious ones.
- Outdated Infrastructure: Many organizations are deploying agents on infrastructure that was never designed to manage modern identity and access controls. "These are typically infrastructures and architectures that were not designed for modern human identity usage, never mind for the AI identity usage," Turedi stated.
The challenge is particularly acute in government and public sector organizations, where the stakes are highest. A recent McKinsey study found that agentic AI is emerging as a key focus area for US public sector organizations, yet these agencies often have the most sensitive data and the least flexible security infrastructure.
How Can Organizations Protect Themselves When Deploying AI Agents?
Security experts recommend a multi-layered approach to monitoring and controlling AI agent activity. Rather than relying on a single detection method, organizations need to correlate data from multiple sources to identify suspicious behavior:
- Identity Layer Monitoring: Track all authentication and authorization events to establish a baseline of normal agent behavior and flag anomalies that might indicate compromise.
- Endpoint Monitoring: Monitor the systems where agents execute their tasks, capturing details about what files they access, what processes they spawn, and what network connections they establish.
- Application and Network Monitoring: Observe traffic flowing between applications and across the network to detect agents communicating with unusual destinations or exfiltrating data.
Turedi emphasized the importance of "marrying together" data from these different domains: "You need to be looking at the identity layer, you need to be looking at the endpoint, you need to be looking at the application layer". This integrated approach makes it harder for attackers to hide their activities by blending in with legitimate agent operations.
The timing of the Hitachi-NVIDIA partnership underscores a broader industry trend. As organizations rush to adopt AI agents for operational efficiency, threat actors are following closely behind. "Adversaries follow the technology landscape that their victims are looking to invest in," Turedi observed, noting that this pattern has repeated throughout the cloud and SaaS adoption cycles. The rapid pace of change in the AI space, combined with widespread confusion about how to secure these systems, creates an ideal environment for sophisticated attacks.
For enterprises considering AI agent deployments like the Hitachi-NVIDIA platform, the message is clear: the technology offers genuine operational benefits, but only if organizations invest equally in visibility, governance, and identity management capabilities before agents gain access to mission-critical systems.