Large language models as a tool to improve electric grid security
Detecting anomalies in the electric grid using artificial intelligence could be an effective way to improve the grid’s security and performance. Anomalies, or glitches, can happen in the grid due to cyber attacks or physical events. The need to detect anomalies is increasing as more cyber-physical systems, such as electric vehicles and photovoltaic panels, are connected to the grid. Some proposed AI-powered solutions might be challenging to implement because of the immense amount of data needed for training. Other proposed solutions might be able to detect an anomaly but not identify its location — which is information needed to take action.
Sandia researchers explored and tested a novel approach that leverages generative AI and large language models to convert cyber-physical system data into a textual format. By converting graph-based data into text, large language models could be used to capture structural and semantic relationships into information-rich embeddings. Feeding these embeddings into low-cost machine-learning models could be more efficient than other AI-based approaches. The researchers’ findings won the Best Paper Award in the Industry Session at the IEEE International Workshop on Computer-Aided Modeling and Design of Communication Links and Networks held in October.
“This work really highlights the potential of generative AI to transform cyber-physical security,” Georgios Fragkos, the lead author, said. “It’s exciting to see Sandia leading the way in exploring innovative solutions that could make our critical systems safer and more resilient.”
Cyber-physical systems have embedded controls that respond to anomalies, but these controls could be disabled during an attack. Sandia researchers looked at a stealthy cyber-physical attack that targeted photovoltaic inverters with internal reactive power volt-var curve control systems, which are designed to respond to high voltages. The novel approach tested by the researchers sought to both identify and locate a simulated attack on these photovoltaic inverters. An IEEE 123 bus model, which is a widely adopted power system analysis and simulation tool, was used to represent and supply data for a hypothetical network of 45 rooftop photovoltaic systems and 19 electric vehicles.
The dataset from the simulated attack was “translated” into a textual representation with a framework that Sandia is calling GraphLLM-CPS. The resulting information, called node embeddings, was fed into two different classifiers. Using the node embeddings, the classifiers were very successful at both identifying the anomaly and locating the node at which it occurred. The full paper is available at IEEE.
Sandia continues to explore the efficient and effective use of AI to improve the security of the electric grid. Sandia has constructed and tested an autoencoder neural network to protect the grid. Sandia has also explored using generative AI to automate and protect confidential communications about grid operations.
December 3, 2025