Imagine stepping into an elevator in a modern office building, unaware that its digital control system could be compromised by hackers halfway across the world. According to a recent T�V report, this scenario isn’t just theoretical – nearly two-thirds of elevators inspected in 2025 showed cybersecurity deficiencies, marking a 4-percentage-point increase from the previous year. The German technical inspection association found that 723,300 elevator systems were examined, with over 10% showing significant defects and 5,800 posing immediate safety risks that required shutdowns.
“Manufacturers and especially operators should take cybersecurity seriously and fulfill their obligations,” the T�V emphasized, noting that elevator operators have been legally required to implement and document protective measures for several years. The failure to provide this documentation now constitutes a minor defect in inspections. This regulatory gap highlights how physical infrastructure is becoming increasingly vulnerable as digital transformation outpaces security protocols.
Beyond Elevators: The Expanding Attack Surface
The elevator cybersecurity crisis represents just one facet of a much broader problem. As AI agents and connected systems proliferate, they’re creating unprecedented security challenges across industries. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently warned about attacks exploiting vulnerabilities in Wing FTP software, with one critical flaw (CVE-2025-47812) scoring a perfect 10 on the CVSS scale. Data transfer software has become a prime target for ransomware groups like Cl0p, who previously exploited similar vulnerabilities in MOVEit software.
Meanwhile, AI agents themselves are proving to be security nightmares. OpenClaw, an AI agent capable of controlling applications and system services with extensive permissions, requires multiple security updates weekly. Security researchers have found critical vulnerabilities in its code, some with CVSS scores of 10, allowing attackers to access instances as administrators or execute malicious code. “AI adoption is reshaping our threat model,” says Heather Cannon, Director of Security at DigitalOcean, highlighting how these technologies are fundamentally changing security landscapes.
The Corporate Security Blind Spot
Major corporations are struggling to secure their AI implementations. WIRED recently reported that Sears exposed AI chatbot phone calls and text chats to anyone on the web, revealing sensitive customer interactions without proper authentication. This incident underscores how even established companies can fail to implement basic security measures for their AI systems, potentially exposing confidential business communications and customer data.
“Agents are now operating inside real production environments,” notes David Faugno, CEO of 1Password, whose company recently launched Unified Access – a platform designed to manage credentials for AI agents in enterprise settings. The platform addresses a critical gap: AI agents need access to passwords, API keys, and other credentials to perform their jobs, but developers have been pasting these into code and text files, creating significant security risks. “Instead of storing credentials locally or embedding them in scripts, credentials can be securely retrieved from the vault and used only at the moment they are needed,” explains Nancy Wang, CTO of 1Password.
Balancing Innovation with Security
The tension between rapid technological adoption and security implementation is becoming increasingly apparent. While the T�V report focuses on elevator systems, the underlying issue affects everything from industrial control systems to enterprise software. The parallel evolution of AI capabilities and security vulnerabilities creates a race where attackers often have the advantage of surprise.
Some companies are taking proactive measures. Nvidia has released an open-source stack to enhance OpenClaw’s security and privacy, and the AI agent has been integrated with VirusTotal since February to limit malware spread. However, these solutions often come after vulnerabilities are discovered, rather than being built into systems from the ground up.
The business implications are substantial. For facility managers and building owners, elevator cybersecurity failures could mean liability issues and operational disruptions. For technology companies, insecure AI implementations could lead to data breaches, regulatory penalties, and loss of customer trust. As Talha Tariq, CISO at Vercel, notes: “Through our partnership with 1Password, we’re making it easier for developers to access credentials securely within the tools and environments they already use, so they can move quickly without compromising on sound security practices.”
A Call for Integrated Security Approaches
The common thread connecting elevator vulnerabilities, FTP software exploits, and AI agent security gaps is the failure to integrate security into digital transformation from the beginning. As systems become more interconnected, security can no longer be an afterthought or a separate department’s responsibility.
Business leaders must ask: Are we implementing security by design, or are we bolting it on after deployment? The T�V’s findings suggest that for many elevator operators – and by extension, many businesses implementing digital systems – the answer remains the latter. With cyberattacks on critical infrastructure becoming more sophisticated, the cost of reactive security approaches is becoming increasingly untenable.
The solution requires a fundamental shift in how organizations approach technology implementation. Security must be integrated into every stage of development and deployment, with regular audits and updates becoming standard practice rather than exceptional measures. As AI continues to transform business operations, those who prioritize security from the outset will be better positioned to innovate safely and sustainably.