The rapid expansion of renewable energy has brought critical infrastructure online faster than its security foundations have evolved. Many solar installations still rely on operational technology built on decades old protocols that lack authentication, encryption, and clear trust boundaries. These systems were designed for reliability and availability, not for exposure to modern networks. This talk examines how insecure design in legacy industrial protocols creates real operational risk for solar infrastructure. Using Modbus based monitoring and control devices as a case study, we show how attackers can read system state, issue control commands, and disrupt energy production without exploiting software vulnerabilities. The weakness is not a missing patch, but an architectural mismatch between old assumptions and new connectivity. We also discuss how agentic AI and automated tooling amplify today’s risk by reducing the time, expertise, and effort needed to discover exposed OT systems, map their behavior, and execute repeatable manipulation at scale.We also place these risks in the context of established OT security guidance from CISA and NIST, which emphasizes fundamentals such as reducing internet exposure, securing remote access, and segmenting OT from IT environments.Infrastructure security must level up now, before outages move from theoretical scenarios to widespread and irreversible incidents.