Two years ago, many energy industry leaders were still asking whether artificial intelligence should be embraced or feared. Most discussions focused on risks, real and imagined. Today, the discourse is about whether companies are moving quickly enough to use AI to improve reliability, resilience, cybersecurity, safety and operational decision-making. We have long viewed one of AI’s most important promises in energy as the difference between a fire alarm and fire prevention. A fire alarm tells operators when something has already gone wrong. Fire prevention helps identify warning signs before failure occurs. The risks of AI remain real and must be governed thoughtfully. But in a sector responsible for critical infrastructure, the greater long-term risk may not be using AI too aggressively — it may be failing to use it enough.
From AI Fear to AI Readiness
When we wrote in 2024 that the energy industry should embrace — not just fear — AI, the conversation was still heavily defensive. Companies were focused on inaccurate outputs, privacy, cybersecurity, regulatory uncertainty and the consequences of relying on automated tools without sufficient human oversight. Those concerns remain legitimate, though better and more widely understood.
The energy sector operates infrastructure that communities, markets and governments depend on every day. The energy sector thus has an obligation to embrace AI consistent with broader shifts toward strategic AI adoption. In April 2025, in the US, the White House called for a “forward-leaning, pro-innovation and pro competition mindset” on AI rather than the “risk-averse approach.” The White House cited new federal AI use and procurement policies as facilitating responsible AI adoption to improve public services and modernize the federal government. That shift is consistent with the point we made in 2024: AI should not be viewed only through the lens of risk avoidance.
For energy companies, the point is not that federal policy now mandates private sector AI adoption; rather, the federal government is increasingly treating AI as a strategic capability to be adopted, governed and procured responsibly. The energy industry should do the same for the sake of safety, reliability and efficiency.
A gap is emerging between companies that focus on the risk of misusing AI and the risk of underusing it. Put in simple terms, are AI policies focused mainly on what employees should not do with AI, or are they focused on adopting AI as part of an overall strategy of reducing operational, commercial and legal exposure? In 2026, AI governance should not merely stop bad uses (although such guardrails remain essential); it should enable responsible ones.
From Fire Alarm to Fire Prevention
The difference between a fire alarm and fire prevention remains instructive.
A fire alarm alerts people when something has gone wrong and gives them a chance to quickly respond. Much of the energy industry’s traditional monitoring infrastructure plays a similar role. But the greater value lies in prevention: Identifying warning signs that suggest a problem may be developing and reducing the chance that failure occurs in the first place.
This distinction is particularly important in midstream, where pipeline systems can extend across thousands of miles and require continuous monitoring of flows, weather, asset integrity and changing operating conditions. Traditional monitoring systems, including supervisory control and data acquisition, or Scada, systems, have been essential for decades. AI can help move companies from reactive monitoring to proactive risk reduction by converting massive amounts of data into actionable insights.
Properly deployed, this offensive AI may be one of the best defensive tools available for energy companies.
AI Policy Is Becoming Energy Policy
AI policy and energy policy are increasingly intertwined. The Trump administration’s January 2025 executive order, Removing Barriers to American Leadership in Artificial Intelligence, stated a policy of sustaining and enhancing US global AI dominance to promote economic competitiveness and national security. The administration’s July 2025 AI Action Plan emphasized accelerating innovation and building AI infrastructure.
The energy industry sits at the heart of these efforts, as AI requires enormous physical infrastructure: power generation, transmission, cooling, data centers and supply chains. Thus, the energy sector is critical to facilitating the growth of AI, and the failure to adopt offensive AI tools risks leaving a key link in the AI chain exposed to vulnerabilities.
The Legal Landscape Is Changing
Offensive AI has not suddenly become the standard of care, nor is it advisable for every energy company to immediately deploy AI in every available setting. But we are at the point of technological maturity where after an operational disruption, safety incident, environmental release or cyberattack, questions may include what the company reasonably considered before the problem occurred. Did it evaluate whether available AI tools could reduce a known risk? Did it deploy and manage AI agents as force multipliers? Did it reject them for a sound reason?
AI readiness may become part of a broader reasonableness inquiry. Boards, regulators, insurers, investors, counterparties and litigants may all ask the same basic question: If available technology could have helped identify or reduce the risk, why was it not evaluated or deployed? Cybersecurity offers an analogy. Companies are not expected to prevent every cyberattack. But they are expected to make thoughtful, risk-based decisions, manage vendors and document what they did. AI is likely to move in a similar direction.
Governed Adoption Is the Practical Middle Ground
The answer is not hype, but restrictive policies that prevent meaningful AI use may create their own exposure.
The better path is governed adoption. That starts with knowing where AI is already being used, including by employees, consultants, vendors and embedded software platforms. Companies should then identify use cases where AI can produce measurable and cost-effective value while remaining subject to appropriate safeguards. Vendor selection and management is also critical. Most energy companies will buy AI tools rather than build them. That makes diligence, contract terms, data protections, cybersecurity controls, audit rights and human oversight central to responsible deployment. These questions may be difficult to answer in a world of agentic AI, but energy companies should still understand where agents can be deployed, be able to explain how they are being deployed and identify where humans are in the decision-making loop.
Lastly, companies should document their decisions. If a company evaluates an AI tool and decides not to deploy it, that decision may be reasonable. But the reasoning should be recorded. If a company deploys AI, the testing, limits and oversight should be recorded as well. In a future dispute, the issue may not be whether the company made the right decision. It may be whether it made a thoughtful one.
For energy companies, AI is no longer merely a tool that might create risk. It is increasingly a tool that should reduce risk. Companies that fail to evaluate and adopt AI responsibly may find themselves answering a question that would have seemed premature only a few years ago: not “Why did you use AI?” but “Why didn’t you?”
Phil Cha is the managing partner of law firm Duane Morris’ Southern New Jersey office, a member of the governing Partners Board and a Team Lead for the firm’s Energy Industry Group. Brian H. Pandya, is a partner at Duane Morris and a former Deputy Associate Attorney General at the US Department of Justice. The views expressed in this article are those of the authors and do not necessarily reflect the views of Duane Morris LLP or its clients and are not intended to be legal advice.
Leave a Reply