Under Industry 5.0, deep integration of IT and OT significantly expands the cyber-physical attack surface of industrial control systems (ICS), rendering traditional siloed defenses inadequate for cross-domain threat perception. To address this, we propose an AI-augmented industrial security knowledge graph (KG) framework. Our method innovatively embeds domain-specific large language models (LLMs) into the KG construction pipeline to enable automated mapping from natural-language threat descriptions to structured subject–predicate–object triples. It fuses heterogeneous multi-source IT/OT data to support joint modeling of assets, vulnerabilities, and attack behaviors, as well as multi-stage attack path simulation. Furthermore, probabilistic risk metrics are introduced to enable causal-aware, multi-hop threat reasoning. Experimental results demonstrate that our approach substantially enhances attack chain visibility, reduces the system’s attack surface, and strengthens ICS cyber resilience and collaborative defense capabilities.

Industry 5.0's increasing integration of IT and OT systems is transforming industrial operations but also expanding the cyber-physical attack surface. Industrial Control Systems (ICS) face escalating security challenges as traditional siloed defences fail to provide coherent, cross-domain threat insights. We present BRIDG-ICS (BRIDge for Industrial Control Systems), an AI-driven Knowledge Graph (KG) framework for context-aware threat analysis and quantitative assessment of cyber resilience in smart manufacturing environments. BRIDG-ICS fuses heterogeneous industrial and cybersecurity data into an integrated Industrial Security Knowledge Graph linking assets, vulnerabilities, and adversarial behaviours with probabilistic risk metrics (e.g. exploit likelihood, attack cost). This unified graph representation enables multi-stage attack path simulation using graph-analytic techniques. To enrich the graph's semantic depth, the framework leverages Large Language Models (LLMs): domain-specific LLMs extract cybersecurity entities, predict relationships, and translate natural-language threat descriptions into structured graph triples, thereby populating the knowledge graph with missing associations and latent risk indicators. This unified AI-enriched KG supports multi-hop, causality-aware threat reasoning, improving visibility into complex attack chains and guiding data-driven mitigation. In simulated industrial scenarios, BRIDG-ICS scales well, reduces potential attack exposure, and can enhance cyber-physical system resilience in Industry 5.0 settings.