This work exposes critical security vulnerabilities of AI-driven digital twin (DT) systems for water resource forecasting under adversarial attacks. Focusing on an LSTM-based DT platform deployed for a Spanish water supply network, the study demonstrates that FGSM and PGD attacks significantly degrade prediction reliability. To this end, the authors propose a novel hybrid learning automaton (LA) framework integrating deterministic and stochastic LA components, enabling dynamic, adaptive, and highly stealthy adversarial perturbation generation. Experimental results show that the proposed attack increases the mean absolute percentage error (MAPE) from 26% to over 35%, providing the first systematic evidence that DTs governing critical infrastructure face emergent cyber-physical security threats. The findings underscore the urgent need for enhanced adversarial robustness and real-time anomaly detection in DT deployments. This work establishes both theoretical foundations and practical design principles for securing DT systems against sophisticated adversarial manipulation.

Digital twins (DTs) are improving water distribution systems by using real-time data, analytics, and prediction models to optimize operations. This paper presents a DT platform designed for a Spanish water supply network, utilizing Long Short-Term Memory (LSTM) networks to predict water consumption. However, machine learning models are vulnerable to adversarial attacks, such as the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD). These attacks manipulate critical model parameters, injecting subtle distortions that degrade forecasting accuracy. To further exploit these vulnerabilities, we introduce a Learning Automata (LA) and Random LA-based approach that dynamically adjusts perturbations, making adversarial attacks more difficult to detect. Experimental results show that this approach significantly impacts prediction reliability, causing the Mean Absolute Percentage Error (MAPE) to rise from 26% to over 35%. Moreover, adaptive attack strategies amplify this effect, highlighting cybersecurity risks in AI-driven DTs. These findings emphasize the urgent need for robust defenses, including adversarial training, anomaly detection, and secure data pipelines.