This study addresses security risks associated with deploying large language models (LLMs) in smart grids. Recognizing the lack of domain-specific threat modeling for power systems, we propose the first dedicated threat model for LLM applications in smart grids, formally characterizing two novel attack classes: (1) malicious data injection attacks—inducing LLMs to generate false grid-state estimates—and (2) domain-knowledge extraction attacks—exfiltrating sensitive operational knowledge such as dispatch policies. Leveraging real-world grid time-series data and dispatch instructions, we conduct empirical evaluations across multiple mainstream LLMs using adversarial prompt engineering and established LLM security assessment frameworks. Results demonstrate consistent attack success, validating both threat vectors. Our work provides foundational theoretical insights and empirical evidence to inform secure AI design and risk governance for critical infrastructure.

Large language models (LLMs) represent significant breakthroughs in artificial intelligence and hold potential for applications within smart grids. However, as demonstrated in previous literature, AI technologies are susceptible to various types of attacks. It is crucial to investigate and evaluate the risks associated with LLMs before deploying them in critical infrastructure like smart grids. In this paper, we systematically evaluated the risks of LLMs and identified two major types of attacks relevant to potential smart grid LLM applications, presenting the corresponding threat models. We validated these attacks using popular LLMs and real smart grid data. Our validation demonstrates that attackers are capable of injecting bad data and retrieving domain knowledge from LLMs employed in different smart grid applications.