Pinto, AndreaDonoso, YezidGutierrez, Jairo A2026-03-162026-03-162026-03-12Cybersecurity, ISSN: 2523-3246 (Online), Springer Science and Business Media LLC, 9(1). doi: 10.1186/s42400-026-00567-62523-3246http://hdl.handle.net/10292/20767<jats:p>The proliferation of Cyber-Physical Systems (CPS) across critical infrastructure has created an unprecedented attack surface where digital threats may precipitate catastrophic physical consequences. As conventional centralized security paradigms fail to address the scale and complexity of these environments, Federated Learning (FL) has emerged as a transformative approach, enabling collaborative, edge-native anomaly detection without centralizing sensitive data. This paper presents a comprehensive survey and critical analysis of the state-of-the-art in securing CPS through advanced FL. We introduce a novel multi-axis taxonomy that systematically categorizes the field by architecture, detection methodology, application domain, and privacy-preservation scheme. Building on this analysis, we synthesize these findings into a prescriptive framework to guide the selection of appropriate security archetypes for different CPS domains. Through this lens, we deconstruct the—the trade-off between accuracy, communication, and privacy- that governs every FL design. Our analysis synthesizes the dominant trends, including the convergence of deep learning with edge computing and the increasing sophistication of privacy-enhancing technologies. We further identify critical research gaps, including the scarcity of physical testbeds, limited resilience against advanced adversarial attacks, and underdeveloped explainability. The paper concludes by defining the critical frontiers for future research, emphasizing the need to resolve the inherent tension between FL’s privacy goals and the transparency requirements of Explainable AI (XAI) to build truly trustworthy systems.</jats:p>Open Access. This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/4604 Cybersecurity and privacyFederated learningCybersecurityCritical infrastructuresCyber-physical systemsAnomaly detectionJournal ArticleOpenAccess10.1186/s42400-026-00567-6