Edge AI for OT: Reducing Attack Surface While Keeping Quality Running
TL;DR
Manufacturing is now the #1 target for OT-focused attacks, with most activity concentrated at the IT/OT boundary (per the Trellix analysis highlighted by Manufacturing Dive). Most vision AI systems route images or inference calls through cloud services or unmanaged IT bridges — putting a safety-critical quality station directly on the boundary attackers probe. Overview.ai takes the opposite approach: all AI inference happens on-camera, on the edge.
- No cloud in the decision loop
- No WAN/Internet dependency for pass/fail
- Deterministic bit to the PLC every cycle
Why This Matters for Manufacturing Engineers Right Now
OT teams are seeing:
- More lateral movement attempts into OT
- Boundary devices becoming pivot points
- Cloud dependencies causing outages during containment events
- Vendors pushing "connected AI" that requires outbound traffic for inference
If your inspection cell depends on cloud inference, a quality station becomes part of the attack path. For anything tied to scrap, safety, or downstream failure modes, that's not acceptable.
Why Edge AI Lowers Both Risk and Latency
1. No Cloud or IT Bridge in the Decision Loop
All Overview.ai cameras run deep learning models on-device using an embedded NVIDIA GPU. Images and features never leave the cell during inspection.
This removes:
- Cloud inference endpoints
- Shadow IT bridges
- WAN latency
- External connectivity requirements
The exact boundary attackers target becomes irrelevant to inspection reliability.
2. Deterministic Handoff to PLC / Robot / Diverter
The camera sends a single pass/fail bit (plus optional numeric measurements) through hardwired I/O or fieldbus.
If corporate IT isolates systems during an incident:
- The cell keeps running
- Timing does not drift
- Quality logic does not degrade
This is critical for any line where cycle time and scrap logic must remain deterministic.
3. Simplified Segmentation and Monitoring of OT Networks
Edge-first vision reduces cross-boundary traffic to only:
- PLC communication
- Optional scheduled telemetry exports
- Time-boxed admin access
This lets OT teams:
- Allow-list a minimal number of ports
- Log a simple, auditable set of flows
- Shrink the attack surface around the cell
Less traffic → less ambiguity → fewer blind spots.
What "Edge-First" Means in Practice at Overview.ai
Every Overview camera (OV10i, OV20i, OV80i) runs the model locally on the device:
- OV10i: classifier-only presence/absence, global shutter
- OV20i: classification + segmentation for low-contrast surface defects
- OV80i: telecentric optics, 2.5D lighting, and micron-scale segmentation for reflective metals, welds, tablets, etc.
Outputs are built for operators and controls:
- Pixel masks for explainability
- Numeric vectors (offsets, geometry) for SPC
- Pass/fail bit to PLC for deterministic control
Nothing else needs to leave the cell unless you choose to export it.
"We chose Overview because the cameras run AI on-prem with no cloud in the decision loop. Security review was straightforward, and quality kept running even when corporate IT isolated systems during an incident."
Practical OT Hardening Checklist for Vision Cells
- Place cameras firmly inside OT, not on shared networks
- Allow-list only required I/O and admin paths
- Log all boundary crossings from the line
- Track end-to-end timing camera → PLC
- Export analytics on your terms, not inline
Where Edge AI is the Right Architecture
Battery Weld Geometry (concentricity, tab position)
Segmentation + geometric vectors computed on-device; PLC only sees pass/fail.
Tablet / Coating Defects
Local segmentation removes the need for cloud image transport.
Presence/Absence and Soft-Set in Connectors/Clips
Hardwired decision bit; no latency variability.
Bottom Line
If attackers target the boundary, don't put your quality decisions there. An edge-first AI vision stack keeps the loop short, the OT surface small, and the line running — even when IT isn't.