Genetec warns AI is fuelling physical security risk

Genetec has called on organisations to tighten identity and credential governance across physical security systems, warning that artificial intelligence is increasing cyber risk.

Password-only approaches no longer provide enough protection for connected environments that include cameras, access control systems, servers and cloud services. Weak or poorly managed credentials can expose sensitive operations and create new entry points, including through passwords used to connect directly to devices.

Genetec said attackers are using artificial intelligence to increase the speed, scale and precision of credential-based attacks. As a result, organisations need to go beyond periodic password changes and basic cyber security measures when managing access across physical security estates.

Mathieu Chevalier, Principal Security Architect at Genetec, said the threat landscape is shifting.

"AI is changing the speed and scale of cyber risk," Chevalier said. "Attackers can now move faster and are using AI to impersonate people, tailor social engineering attacks, uncover vulnerabilities at scale, and evade detection. To respond, organizations need to actively govern access and identity across their systems, not just set controls once and hope they hold."

Survey findings

Genetec linked its warning to findings from its Enterprise Physical Security in the Cloud Era research, based on responses from more than 7,300 physical security professionals worldwide. The research found that 58.7% of organisations reported an increase in phishing and smishing attacks, while 41% saw a rise in overall physical or cyber incidents.

Social engineering was identified by 43.5% of respondents as a leading attack vector. The figures suggest that user identity, access controls and credential management are becoming more central to security planning for operational systems as well as traditional IT networks.

Physical security systems are increasingly part of wider connected technology environments, linking on-site devices with enterprise infrastructure and cloud services. While that integration can improve oversight and management, it also expands the number of systems, users and credentials that must be controlled.

Genetec said organisations should start by removing default and shared credentials and enforcing stronger forms of authentication. It pointed to passkeys and multi-factor authentication as ways to reduce common points of entry for attackers.

The advice also covered the devices themselves. Static passwords should be replaced with certificate-based authentication where possible, alongside centralised management and regular credential rotation.

Team alignment

Genetec also called for closer co-ordination between IT and physical security teams. As physical security systems become more connected to enterprise networks, joint working can help apply consistent standards, improve visibility into access risks and support a more co-ordinated response to incidents.

That reflects a wider shift in many organisations, where responsibility for physical security technology no longer sits solely with facilities or specialist security staff. Cameras, access systems and related platforms are now often managed in environments that overlap with core network, identity and cloud operations.

Genetec also argued for a governance-first approach to managing physical security infrastructure. In practice, that means treating those systems with the same level of oversight as other critical operational assets, including regular access reviews and controlled software and device updates.

It also said organisations should work with trusted technology partners that support long-term security, transparency and operational resilience. Its guidance emphasised sustained governance of access and identity rather than one-off technical fixes.

Montreal-based Genetec says it serves more than 42,500 customers across 159 countries through a network of channel partners and consultants.