Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur eleifend tortor nec augue pretium
When the cyber attack landed, the results were crippling. More than 2,000 grocery stores owned by Ahold Delhaize USA were disrupted, leaving shoppers frustrated by empty shelves.
The November 2024 attack targeted digital systems, with stores unable to accept credit and debit cards. The company was forced to take some of its systems offline, hobbling its pharmacy and e-commerce operations. Online orders came to a standstill. Shelves remained empty for several weeks, with limited inventory for fresh fruit and vegetables.
For Andrei Constantinescu, security operations centre (SOC) quality assurance manager at cyber-threat specialist Smarttech247, such incidents are all too familiar. Artificial intelligence (AI) is being embedded into food and agriculture at a speed that would have sounded unrealistic a few years ago, he says – but comes with dangers.
“Automated inspections, predictive crop analytics, livestock monitoring, supply chain optimisation – it’s all happening quickly, and the efficiency gains are real,” he acknowledges. “But from a SOC perspective, there is a less glamorous side to this story.
“The sector is adopting AI faster than it is governing it, and that creates a security problem that isn’t solved by buying another tool or adding another dashboard. The real issue is visibility, control and accountability.
“In food and agriculture, AI risk is not just a technology problem. It’s a governance problem, a supply chain problem and, very often, a people problem.”
It’s also a rising problem. The Food and Agriculture-Information Sharing and Analysis Center, a US-based, industry-led body that provides threat intelligence and advice on cyber security, says the food and agriculture sector was targeted in 5.5% of all ransomware attacks in the first quarter of 2025. It was struck by 84 major incidents, compared with just 40 in the same period of 2024.
Lawmakers across the world have taken note. Under the EU’s AI Act, food and agriculture is classified as a high-risk environment, which means that AI systems are involved with operational decisions, environmental data and consumer safety. Constantinescu points to its broad range of uses, including in automated food-quality inspections, predictive crop analytics, livestock monitoring and supply chain optimisation.
“These are not small pilot projects,” he notes. “They are becoming embedded into production environments, and with that comes the requirement for stronger oversight. Compliance goes deeper than simply adopting AI responsibly. It includes expectations around transparency, safety standards and protection of consumer and environmental data. In other words, organisations cannot treat AI as just another software layer.”
AI is deeply embedded in operational technology, pulling telemetry data from Internet of Things devices, supervisory control and data acquisition systems, and production nodes. That data is mapped to identify patterns and predict outcomes based on yield quality or efficiency.
“But the side effect is obvious: when AI becomes part of production, the attack surface expands rapidly,” says Constantinescu. “This is not an office environment, where the worst-case scenario is a compromised email account. In food and agriculture, AI is tied into operational workflows, supply chains and physical production. That raises the stakes.”
Then there are the blind spots in third-party supply chains. Constantinescu knows of one major food company with on-site servers owned by vendors that it had no idea existed. When those servers were turned on, ransomware was present.
“This is where AI-driven behavioural analytics became critical,” he says. “Machine-learning rules were capable of detecting suspicious activity through traffic logs, flagging that something bad was happening even before the full picture was clear. Deeper investigation suggested ransomware propagation, and it turned out to be WannaCry – an old ransomware, but still present.
“The uncomfortable lesson is simple. Visibility gaps are still one of the biggest threats in the sector. AI cannot secure what you don’t know exists, but it can help reveal abnormal behaviour faster than traditional monitoring alone.”
Mohammed F Alzuhair, a doctoral candidate in business administration at Durham University who has researched AI and the food industry, says “everyone who argues for AI in food systems makes the same move: more data means better oversight”. It sounds logical, he warns, but there is a problem inside that assumption – and the UK is particularly vulnerable.
“The human layer of food oversight in this country is already stretched well beyond what most people realise. Food standards staffing in English local authorities fell by around 45% between 2012 and 2018 – not a small dip, with nearly half the workforce gone.
“The Food Standards Agency’s (FSA) board was still acknowledging inspection backlogs and workforce constraints as recently as December 2025. Roughly half of everything we eat in the UK comes from abroad, which means the regulatory challenge has always been bigger than local enforcement was ever designed to handle.
“Into this walks AI, promising to generate more signals, more alerts, more data. But research on decision-making under stress is quite clear: beyond a certain point, more information does not help. It overwhelms.
“In high-pressure situations it functions less like insight and more like noise. We already see this in healthcare and cybersecurity, where alert fatigue – staff becoming desensitised to warnings because there are simply too many of them – is one of the leading causes of system failure. Food is no different.”
Alzuhair points to FSA figures revealing that as recently as March 2023, more than 500 high-risk food establishments had still to be inspected.
“That is the enforcement layer AI is feeding into,” he says. “A system that generates more alerts but has fewer people to act on them is not a safer system – it just looks like one. The dashboard is green. The system appears monitored. But somewhere between the algorithm and the inspector, the accountability has quietly disappeared.”
Alzuhair calls this the “digital ghost” – the layer of algorithms and automated systems that manage digital authorisations in supply chains. So, what does a resilient food system look like?
He argues that the goal is not to avoid technology but to govern it effectively. Three aspects are important: “First, human control in practice. Staff should be trained to intervene if needed, and drills should be conducted, similar to how banks and other critical infrastructure are stress-tested.
“Second, explainability. Algorithms affecting food allocation should be auditable so decisions can be understood and checked.
“Third, data sovereignty. Farmers and communities generate much of the data powering these systems, and they should retain meaningful control over how their data is used.
“The digital ghost is already part of current systems. The question is whether governance and oversight match the role these digital authorisations now play.”
Huw Morris is a freelance journalist
