
The writer Kumar Sokka is CEO of Acre Security, where he works with school districts, public agencies, and enterprises to modernize physical security so spending translates into measurable readiness.
As AI infrastructure concentrates into fewer, more powerful data centres, the most dangerous disruption method is no longer just hacking, but control, too. And the weakest link is often identity, authority, and operational access, not software vulnerabilities.
All data centres have operational levers that can shut them down instantly, and none require sophisticated cyberattacks. Shut off the cooling, turn off the power, close down access, or misuse maintenance procedures, and you can shut down a vital data centre just as effectively as ransomware.
None of this requires high-tech cyber attacks. It just requires a failure in the physical security procedures at a site: a door propped open, an old access credential never revoked, or a contractor allowed access to places that should be off-limits. These are preventable failures, but only if identity, access, offboarding, and audit are treated as critical infrastructure, not local housekeeping.
As AI usage proliferates throughout enterprises, governments, and individuals, AI data centers are becoming strategic assets that can’t tolerate disruptions. Availability failures cascade fast and widely, and often can’t be fixed by just flipping a switch back on. In AI infrastructure, availability has become a primary attack surface.
Built for massive, parallel computing with dense GPU/TPU clusters rather than traditional CPUs, AI data centres require specialised, high-capacity liquid cooling, significantly higher power densities, and ultra-fast networking to move vast datasets.
This extreme power density, tight thermal margins, and fragile high-value hardware make AI facilities uniquely vulnerable to kill-switch failures. The same characteristics that make AI performant also reduce operational tolerance for human error, insider misuse, and process drift. And when AI systems fail, they often fail catastrophically, with cooling failures destroying equipment and recovery times measured in weeks, not hours. An improper shutdown can cause more damage than a data breach. This is why “who can touch what” and “who can authorise what” matter as much as patching, and often more so.
Kill switches are boring compared to data hacks and ransomware, but they can be just as fatal. The first kill switch is cooling control, which can be far more complex than what traditional enterprise data centres require. Then there’s power sequencing, which will raise its head if power is turned off in the wrong order. In practice, these controls are accessed by a mix of operators, facility managers, and vendors, which raises the bar for identity assurance, separation of duties, and auditability.
Physical access is another key failure point: either allowing unauthorised personnel into restricted zones, or locking out the right responders in a critical moment. Then there are maintenance and safety procedures that can be interfered with. Intrusion events, tailgating, and contractor overreach are not “minor” incidents in AI facilities – they can be precursor events to outages.
These systems are designed to keep facilities safe, which is exactly why they are so dangerous when misused. The size of AI data centres poses another potential threat, as they tend to be smaller and spread out rather than concentrated in large industrial parks. More sites mean more potential areas of failure.
That shift to smaller, distributed, and edge AI data centres means operators now run dozens if not hundreds of sites, each with fewer staff and more contractors, to say nothing of shared tech support personnel. In these situations, insider drift, unnecessary access, and slow revocation of access permissions are the major risks. Gradually, these lead to expanded access as employees change roles, contractors finish projects but retain credentials, and temporary exceptions become permanent.
To prevent this, cloud-managed access control, centralised identity databases, and rapid revocation of access permissions are essential. Cloud-managed access control ensures that policies are applied consistently across all sites, rather than allowing local administrators to make ad hoc exceptions. Centralised identity databases provide proof of who someone is and what they’re allowed to do. Fast, accurate removal of unnecessary access permissions eliminates one of the biggest risks, removing access instantly across all sites when a job ends or changes.
The core operational lessons still apply: doors must lock, access zones have to be clear, and alarms must work locally even if the site is cut off from centralised authority. Access control devices have to have edge intelligence – the ability to make decisions even when the network is down. Without these basic security measures in place, kill-switch risks grow exponentially.
Modern data centres are run by a group of stakeholders, each with authority that overlaps without always aligning. Owners control strategy but rarely engage in day-to-day operations. Operators run the facilities and implement procedures for power access, cooling controls, and incident response. Facility managers – sometimes in-house, sometimes not – have direct day-to-day control of the systems that keep AI infrastructure up and running. Contractors and vendors rotate in and out performing maintenance, upgrades, and security work with high but (theoretically) short-lived access. These gaps exist because authority is distributed, but accountability isn’t.
Collectively, this structure creates seams, areas of overlap where control and accountability is blurred. Kill-switch risks live in these seams, where the authority to act exists without oversight or coordination. Data centre security discussions tend to focus on cybersecurity breaches, whereas outages are generally treated as engineering or reliability issues and handled by facility teams rather than security.
This makes sense in traditional data centres, where downtime is inconvenient but not ultimately that damaging. That’s not the case with AI infrastructure. Downtime cripples AI infrastructure, halting data processing, breaking model training, disrupting real-time inference, corrupting data pipelines, and creating operational backlogs, with costs quickly running into the millions of dollars. To say nothing of reputational damage.
Cybersecurity alone cannot address these risks. Encryption won’t stop physical cooling shutdowns, and zero trust doesn’t prevent misuse of legitimate authority. Shutdown authority, maintenance procedures, and emergency overrides are trusted by default and thus receive less scrutiny.
Access control modernisation is vital, but there is a layer above it. There must be clear authority over shutdowns and overrides, and clear separation of duties across roles. There must be centralised control over access, contractors, maintenance, and emergency procedures. Centralised, cloud-managed access is necessary to keep AI infrastructure secure, and edge intelligence is necessary to keep systems functioning during a network outage.
To keep the kill switch threat at bay, leadership needs to be able to answer four questions: Who can turn a facility off? Under what conditions? With what oversight? And how fast would leadership know about it? As AI becomes foundational infrastructure, availability can no longer be treated as an operational afterthought; it must be governed as a security outcome, with identity, policy, offboarding, and audit unified across every site and every stakeholder.









