Automatic Generation Control (AGC) systems are vulnerable to stealthy False Data Injection Attacks (FDIAs), which evade conventional detection methods. To address this, we propose the first application of Kolmogorov–Arnold Networks (KANs) to power system security—a novel FDIA detection framework that jointly achieves high accuracy and strong interpretability. Our method learns complex nonlinear dependencies among multi-source AGC measurements via offline training and subsequently extracts symbolic mathematical expressions directly from the trained KAN, rendering the model fully transparent. Experimental results demonstrate detection rates of 95.97% (KAN model) and 95.90% (symbolic formula), with false positive rates significantly lower than those of baseline approaches. By bridging the gap between performance and interpretability, this work overcomes the inherent opacity of black-box models and establishes a new paradigm for secure, explainable AGC cyber-protection.

Automatic Generation Control (AGC) is essential for power grid stability but remains vulnerable to stealthy cyberattacks, such as False Data Injection Attacks (FDIAs), which can disturb the system's stability while evading traditional detection methods. Unlike previous works that relied on blackbox approaches, this work proposes Kolmogorov-Arnold Networks (KAN) as an interpretable and accurate method for FDIA detection in AGC systems, considering the system nonlinearities. KAN models include a method for extracting symbolic equations, and are thus able to provide more interpretability than the majority of machine learning models. The proposed KAN is trained offline to learn the complex nonlinear relationships between the AGC measurements under different operating scenarios. After training, symbolic formulas that describe the trained model's behavior can be extracted and leveraged, greatly enhancing interpretability. Our findings confirm that the proposed KAN model achieves FDIA detection rates of up to 95.97% and 95.9% for the initial model and the symbolic formula, respectively, with a low false alarm rate, offering a reliable approach to enhancing AGC cybersecurity.