Artificial intelligence (AI) is reshaping cybersecurity—not just for digital threats but also for critical physical infrastructure like railways. My conversation with Miki Shifman, Co-Founder and CTO of Cylus, underscored the urgent need to extend cybersecurity beyond traditional digital domains to protect transportation systems.

Railway Cybersecurity: A Growing Concern
Shifman, a cybersecurity expert and Israeli intelligence veteran, co-founded Cylus in 2017 to address vulnerabilities in railway systems. Historically, rail safety focused on mechanical redundancy and human oversight. But modern trains—autonomous, high-speed, and digitally connected—face unprecedented cyber risks. As Shifman put it, “The boundaries have been broken.”

Recent incidents highlight the severity. London’s railway shutdown last September exposed the economic and societal disruptions cyberattacks can cause. A similar event in New York’s subway system would ripple far beyond transportation, affecting healthcare and public safety.

Emerging Threats and AI’s Role
Railway cyber threats fall into two categories: availability threats that halt train operations and safety threats that could lead to collisions or derailments. Many railway systems lack adequate encryption and authentication, making vulnerabilities deeply embedded. AI accelerates these risks—lowering the expertise needed to execute sophisticated attacks. Tools like ChatGPT enable less-experienced hackers to gain insights into specialized rail protocols, expanding the pool of potential attackers.

Regulatory Response and AI-Powered Defense
With railways classified as critical infrastructure, regulatory bodies in the EU and U.S. are mandating stronger cybersecurity measures by 2025. However, these solutions must integrate carefully to avoid interfering with operational safety.

AI also strengthens defenses. Cylus uses AI to enhance threat detection, real-time monitoring, and anomaly detection while reducing false positives. AI boosts productivity across railway cybersecurity, from rapid prototyping to regulatory compliance automation. “AI helps turn compliance from a burden into an asset,” Shifman noted.

The Future of Railway Cybersecurity
Rail cybersecurity lags behind other critical infrastructure sectors, but AI provides an opportunity to leap forward. Organizations embracing AI-driven security will gain unprecedented protection—while those slow to adapt remain vulnerable to increasingly sophisticated threats.

When asked about AI’s future in rail security, Shifman admitted, “We’re still evolving our understanding. But ignoring AI simply isn’t an option. This technology changes the landscape weekly.” That mindset—alert, adaptable, and proactive—is exactly what the railway industry needs today.