How to Secure AI in Stadium Operations
Key takeaways
- AI is entering high-impact stadium functions such as access control, crowd management, ticketing, facilities, and surveillance.
- Shadow AI and third-party AI use can create risks that stadium security teams cannot readily see.
- Security teams must understand not only which AI systems exist, but also what they can access and what actions they can take.
- Live-event resilience requires continuous monitoring and response across AI, IT, OT, identities, and third parties.
Modern stadiums are infrastructure unlike any other. I’ve written before on event day sparking stadiums into life with shops and food stands, transport hubs, vast telecommunications infrastructure, field-side technology and beyond, acting as one super-sized, connected ecosystem. Stadiums’ scale and complexity make them some of the toughest environments in cybersecurity. Now, we’re adding AI to those operations and bringing a new dimension of risk.
The benefits of AI in stadium operations are easy to see. It can help stadium operators move fans safely through crowded gates, forecast demand at concession stands, support biometric entry, identify suspicious behavior on CCTV, and manage heating and ventilation. Used well, it can make live events safer, faster, and more efficient.
But it also changes the security model.
In Darktrace’s recent research into the threat landscape surrounding sports, we asked cybersecurity professionals protecting professional sports organizations where in their footprint a cyber compromise would have the greatest impact. The area they named most, highlighted by 34% of the professionals we spoke to, was stadium operations. At the same time, 35% said their organizations are already using AI in stadium operations, or plan to do so in the next 12 months.
Security teams are no longer just protecting traditional IT systems around a stadium. They are increasingly being asked to protect AI systems that are operating in the stadium’s most fundamental functions.
Approved AI vs. shadow AI in stadium operations
There is a clear difference between AI a stadium’s security team knows about and AI it does not.
Approved AI is the AI that has been reviewed, tested, and integrated into the venue’s operating environment. It may support CCTV analytics, access control, facility management, ticketing, logistics, broadcast operations, or anti-piracy monitoring. It should have clear ownership, access controls, logging, vendor review, and data protection rules. That does not make it risk-free, but it allows security teams to institute proper governance.
Shadow AI is different. It is the unapproved use of AI tools by employees, contractors, or suppliers. It often starts with good intent. Someone wants to work faster. A staff member pastes internal information into a public AI tool to draft a briefing. A developer uses an AI assistant to debug ticketing code. A supplier connects an AI scheduling tool to delivery routes. A designer uploads unreleased venue plans or sponsor material to generate a mockup.
None of those actions may feel like a security decision to the person doing them. But each one can move sensitive operational data into an environment the stadium does not control, creating hidden risk.
The approved AI stack may be visible to security teams. The shadow AI stack often is not.
Why game day increases AI cybersecurity risk
In a typical enterprise environment, a security team may have hours to investigate a strange login or an unexpected connection to a third-party service. Within a stadium, the moment an incident is likely to occur is also the moment when teams are at their most stretched and the incident can have the greatest repercussions: game day.
If an AI system used for crowd management behaves unexpectedly, the issue is not only technical. It may affect physical movement inside the venue.
If a supplier tool is sending operational data to an unapproved AI platform, the issue is not only data governance. It may expose delivery routes, restricted access schedules, or staffing plans.
The most dangerous scenario is not always a loud, dramatic attack but a hidden dependency that no one has mapped such as a vendor adding an AI feature through a software update or a staff workflow using an unapproved tool.
By the time the venue is live, those hidden connections can become operational risk.
The supply chain is part of the stadium attack surface
Any major sporting event is made by its supply chain and partnerships: catering firms, transport providers, broadcast systems, facilities teams. Every piece is necessary and each creates a security channel. The risk of supply chain compromise has been well established for some time and has been the source of some of the most high-profile breaches we’ve seen. The data breach at MSG Entertainment, owner of Madison Square Garden, that was widely reported in March, originated in a breach of Oracle’s E-Business Suite, used in MSG Entertainment’s back-office systems, while the 2018 Olympic Destroyer attack on the Pyeongchang Winter Olympics reportedly began with the compromise of the main IT service provider for the Games. The addition of AI is heightening the risk.
A stadium can have strict rules for its own AI systems, but its vendors may be using separate tools. Some may use AI to manage staffing, delivery windows, inventory, or customer communications. Others may not realize that AI features have been added into software they already use.
This is one of the hardest parts of securing AI in stadium operations. The risk does not always come from a tool the venue selected. It may come from a tool a supplier selected or a feature the supplier did not know had been turned on.
Security teams need to treat vendor AI the same way they treat vendor access. They need to know what suppliers can connect to, what data they can see, what tools they use, and whether those tools introduce new routes for data exposure or lateral movement.
A third-party AI tool does not need deep access to create risk. Sometimes it only needs the right operational detail at the wrong time.
Four questions for securing AI in stadium operations
As AI becomes part of stadium operations, security teams need to move beyond basic approval lists. There are four questions they need to ask:
1. Where is AI being used?
This includes obvious tools, such as computer vision, access control, ticketing, logistics, and facility management. But it also includes less visible AI inside SaaS platforms, vendor tools, browser extensions, developer workflows, smart building systems, and collaboration tools.
2. What can the AI access?
Can it see incident logs, staffing plans, ticketing data, video feeds, building controls, fan information, credentials, or supplier systems? Can it only analyze information, or can it also trigger actions?
3. What can the AI do?
AI agents are not just passive tools. Some can call APIs, update records, generate instructions, trigger workflows, or act with the permissions of a user or service account. In a stadium, that distinction is critical. There is a big difference between an AI system that recommends an action and one that can take an action.
4. What does normal look like?
In your security architecture, static rules will not be enough. AI use changes quickly: tools appear inside existing platforms, vendors add new services, and staff find workarounds when they are under pressure. Security teams need to understand normal behavior across people, identities, devices, networks, cloud services, suppliers, and AI tools so they can spot when something changes.
That is especially important in live-event environments, where small anomalies can matter. A connection to an unapproved AI service may be harmless in one context and serious in another, and an AI agent taking action at 3 a.m. may be expected during setup but suspicious during a match. Context is what turns raw activity into useful security insight. It’s also what enables rapid response. Your own AI-based security systems can respond to threats at machine speed if they can build the live context to know action needs to be taken.
AI can make stadiums safer, but only if it is secured
AI has a real role to play in stadium operations. It can help teams detect crowd pressure earlier, reduce bottlenecks, manage facilities more efficiently, improve the fan experience, and support event teams during high-pressure moments.
The answer is not to slow all AI adoption. That's not the goal. The answer is to make AI visible, governed, and secure before it becomes part of match-day operations.
For stadium operators and event organizers, that means mapping AI use across the venue and supplier ecosystem. It means understanding what each AI system can access and what actions it can take. It means giving staff approved tools that meet their needs, rather than leaving them to find workarounds. It means writing AI use into vendor contracts and audits. And it means monitoring behavior across the full environment, not only the systems that are easiest to see. A stadium cannot secure what it cannot see.
When AI becomes part of how a stadium moves people, controls access, manages facilities, supports suppliers, and protects media rights, it stops being a side project. It becomes part of the event infrastructure.
Event infrastructure must be thoroughly prepared before venue gates open and sustained with the operational resilience required to support a secure, seamless, and reliable event experience.
How Darktrace helps secure AI in stadium operations
Darktrace brings more than a decade of behavioral AI expertise, built on an enterprise‑wide platform designed to operate in complex, ambiguous environments. We protect the large-scale integrated IT and OT environments that underpin stadium operations from the 2022 FIFA World Cup in Qatar, to Formula 1 Grand Prixes around the world and stadiums across the USA.
Other cybersecurity technologies try to predict each new attack based on historical attacks. The problem is that AI operates like humans do. Every action introduces new information that changes how AI behaves, making it unpredictable in nature. Historical attack tactics are now only a small part of the equation, forcing vendors to retrofit unproven acquisitions to secure AI.
Darktrace is fundamentally different. Our Adaptive AI continuously learns how your people and AI behave, building an understanding of your organization so it can detect and respond autonomously when behavior deviates. Our Behavioral Defense Platform secures your AI, people, and infrastructure as you onboard new workflows, agents, and applications, enabling your AI transformation at scale.
As AI changes what organizations can do, Darktrace helps them move forward with confidence. We give the security teams defending the people and technology within stadium infrastructure the understanding, visibility, and autonomous action they need to protect new technologies as they are integrated into operations, so their organizations drive the progress that will define the AI era.
[related-resource]
Understand Cybersecurity in Global Sport
This sector-wide report examines the threats, signals, and strategic implications for an increasingly digitized sports industry.
.avif)

























