THREAT INTELLIGENCE | OT SECURITY
15 min read

ICS and OT Cybersecurity 2026: AI Vulnerability Discovery in Industrial Control Systems

Project Glasswing expanded to critical infrastructure including power and water on June 2, 2026. Here is what AI-powered vulnerability discovery means for ICS and OT security teams.

200+
Glasswing partner organizations including critical infrastructure
10,000+
high- or critical-severity findings
June 2, 2026
Glasswing expansion to power, water, and critical infrastructure

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

Industrial control systems and operational technology networks have always existed in an uncomfortable security middle ground. They control physical processes with real-world consequences: power generation, water treatment, pipeline pressure, manufacturing assembly. But they were designed decades before network connectivity became standard, and they run on update cycles measured in years and decades rather than days and weeks. When Project Glasswing expanded to critical infrastructure including power and water systems on June 2, 2026, it applied Claude Mythos, Anthropic's autonomous security AI, to exactly these environments. The 90-day Glasswing report published July 5, 2026 documents findings across 200+ partner organizations that include critical infrastructure operators. This guide is written for ICS and OT security practitioners, plant security managers, and IT security teams who have inherited OT responsibility. It covers ICS/OT security fundamentals, why the Purdue model is no longer sufficient, how AI discovery changes the OT threat timeline, compliance context for NERC CIP and IEC 62443, and the compensating controls available for environments where patching is structurally impossible.

ICS and OT Security Fundamentals for IT Security Practitioners

Most IT security practitioners who are assigned OT responsibility encounter a domain where their standard playbook does not apply. The confidentiality-integrity-availability (CIA) triad is inverted in OT: availability is the paramount concern, integrity is second, and confidentiality is a distant third. An IT security professional's instinct to take a compromised system offline for forensic analysis can be catastrophically wrong in an OT environment where that system is controlling a live industrial process. OT environments are built around deterministic real-time communications. SCADA systems collect data from and send commands to field devices (PLCs, remote terminal units) through protocols designed for reliability and speed, not security. Protocols like Modbus (developed in 1979), DNP3, and older versions of EtherNet/IP lack authentication, encryption, or integrity verification. An attacker with network access to an OT segment can inject commands to physical devices with no authentication barrier. OT security also involves a vendor dependency that is more acute than in IT: the firmware, operating systems, and communications stacks in OT devices are proprietary, and security updates depend entirely on the vendor's release schedule. Many OT vendors do not have mature vulnerability disclosure programs and have historically been slow to release patches even after vulnerabilities are publicly known.

The Purdue Model Breakdown

The Purdue Enterprise Reference Architecture (PERA), commonly called the Purdue Model, has been the dominant framework for ICS/OT network architecture since the 1990s. It organizes industrial network zones into levels: Level 0 (physical process), Level 1 (basic control via PLCs/RTUs), Level 2 (supervisory control via SCADA/HMI), Level 3 (operations management), a DMZ, and Level 4 (enterprise IT). The model assumes that strict network segmentation between levels prevents threats from propagating from the enterprise network into OT environments. In practice, the Purdue Model's assumptions have been eroded by decades of IT/OT convergence. Remote access connections for vendor maintenance, historian databases that bridge OT and IT networks, cloud-connected sensors, and business pressure to integrate operational data with enterprise analytics have created hundreds of pathways across the boundaries the Purdue Model assumes to be hard. Security researchers and incident responders have documented Purdue Model violations in nearly every ICS environment they assess. The model remains useful as a conceptual framework, but treating it as a realized security control rather than an aspiration is a category error that many organizations make.

Every OT environment we assess has at least a dozen Purdue Model violations. The model describes what people thought they built, not what they actually built.

ICS security researcher, CISA advisory panel
Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

IT and OT Convergence Risks

IT/OT convergence refers to the increasing integration of enterprise IT networks with OT control system networks, driven by digital transformation initiatives, remote monitoring, predictive maintenance, and supply chain integration. From a business perspective, convergence provides real value: real-time operational data improves decision-making, remote access reduces maintenance costs, and connected sensors enable predictive analytics. From a security perspective, convergence creates attack surface. The pathways that allow operational data to flow from OT to IT also create pathways that allow threats to propagate from IT to OT. The 2015 Ukraine power grid attack demonstrated this in a highly visible way: attackers moved from IT networks through OT boundaries to issue commands to breakers. The Colonial Pipeline attack in 2021 demonstrated the inverse: a ransomware attack on IT systems caused the operator to shut down OT operations proactively, creating physical disruption without ever touching OT networks directly. Glasswing's critical infrastructure expansion is relevant to convergence risk because many of the vulnerabilities it is identifying are in software and protocols that exist in both IT and OT contexts. A vulnerability in a networking library or operating system component that is present on both enterprise servers and OT historian systems creates a lateral movement pathway.

Why OT Patching Is Uniquely Difficult

The OT patching challenge is structural, not a matter of organizational will or budget. Consider the constraints facing a utility security team that receives a Glasswing CVD notification for a vulnerability in a SCADA system it operates. The SCADA system controls physical switching operations in a live power grid and runs continuously with a maintenance window of approximately four hours every 18 months. The vendor has a patch available, but it requires testing in a representative environment before deployment. The utility's test environment is not fully representative of the production system because it was built in 2018 and the production SCADA has received numerous configuration changes since then. The vendor's patch validation documentation recommends a two-week testing period. During those two weeks, the vulnerability is disclosed publicly. This scenario is not a hypothetical: it is the standard operating condition for most critical infrastructure OT environments. Factors that compound the patching difficulty include: vendor-prescribed maintenance windows that cannot be unilaterally extended; the absence of redundant systems in many OT environments that would allow hot-patching; the need for coordination with operational, safety, and regulatory stakeholders; and the reality that some patches require physical access to field devices distributed across large geographic areas.

AI Discovery Changing the OT Threat Timeline

The traditional threat model for OT security assumed that attackers required nation-state-level capability, deep knowledge of specific OT protocols and equipment, and months of reconnaissance to carry out a meaningful ICS attack. This assumption justified patching timelines measured in months and maintenance windows that extended past any reasonable CVSS SLA. AI changes the capability baseline. Claude Mythos's performance on the Exploit Evals benchmark, where it solved 21 of 41 V8 adversarial code execution challenges in the same session as discovery and outperformed all other models (which scored zero), demonstrates autonomous capability that was previously restricted to elite human researchers. The same autonomous reasoning that enables Mythos to develop V8 exploits can be applied to OT protocol analysis, firmware reverse engineering, and control logic vulnerability identification. The practical consequence is that the assumption of a months-long gap between a vulnerability being discovered and a weaponizable exploit being available no longer holds for sophisticated threat actors. When Glasswing publishes a CVE in software present in OT environments, threat actors with comparable AI tools can develop exploits rapidly. The urgency of compensating controls for environments that cannot patch immediately is substantially higher than it was when the same vulnerability would have taken a skilled human team weeks to weaponize.

NERC CIP and IEC 62443 Compliance Context

NERC CIP standards apply to entities that own or operate bulk electric system (BES) assets in North America. The most relevant standards for vulnerability management and AI-discovered threats are CIP-007 (Systems Security Management, which requires patch management programs with 35-day assessment and 35-day remediation timelines for applicable high and medium BES cyber assets), CIP-010 (Configuration Change Management and Vulnerability Assessments), and CIP-011 (Information Protection). The 35-day patching SLA in CIP-007 was established before AI-accelerated vulnerability discovery existed as a threat vector. Organizations should document their risk rationale for any patch delayed beyond that SLA and ensure compensating controls are in place. IEC 62443 is the international standard series for industrial cybersecurity. It is not mandatory in the way NERC CIP is for electric utilities, but it is increasingly referenced in procurement requirements and is used by manufacturers to certify OT components. IEC 62443-3-3 (System Security Requirements and Security Levels) and 62443-4-2 (Technical Security Requirements for IACS Components) are most relevant for organizations assessing their OT security posture against an AI-discovery threat model. Both NERC CIP and IEC 62443 require security risk assessments that must be updated when new threats emerge. An organization's risk assessment should explicitly address the implications of AI-accelerated vulnerability discovery for its OT environment.

Compensating Controls When Patching Is Impossible

For OT environments where patching is not feasible on any near-term timeline, compensating controls are the primary defense. The most effective compensating controls for AI-discovered OT vulnerabilities are as follows. Network segmentation remains the highest-leverage control: OT networks should be isolated from IT networks using firewalls that permit only documented and required communications, with all other traffic denied by default. Protocol-aware OT firewalls can enforce allowed command sets for protocols like Modbus, DNP3, and EtherNet/IP, blocking anomalous or unauthorized commands even when traffic appears to originate from inside the OT network. Behavioral monitoring using OT-specific intrusion detection systems that build baselines of normal process behavior can detect anomalies that indicate compromise. Tools designed for OT environments understand industrial protocols and can generate alerts for process anomalies without disrupting operations. Data diodes (unidirectional security gateways) provide air-gap equivalent isolation for the most sensitive OT zones where any bidirectional network connection represents unacceptable risk. Enhanced access controls for remote access pathways, which are a primary attack vector for OT environments, include multi-factor authentication, session recording, and just-in-time access provisioning that minimizes the window during which remote access is available. Physical security controls that restrict physical access to OT components remain relevant: an attacker with physical access to a PLC or HMI can make changes that no network-based control can prevent.

OT-Specific Vulnerability Indicators and Compensating Control Checklist

The Mythos Brief includes OT-specific vulnerability indicators of compromise and a compensating control implementation checklist developed from Glasswing's critical infrastructure assessment program. The following items are available in full detail to Mythos Brief subscribers.

Subscribe to unlock Remediation & Mitigation steps

Free subscribers unlock full IOC lists, Sigma detection rules, remediation steps, and every daily briefing.

The bottom line

ICS and OT security has always required a different mindset than enterprise IT: availability first, patching last, compensating controls always. What changes in 2026 is the speed at which newly discovered vulnerabilities become weaponizable. Glasswing's critical infrastructure expansion means the discovery clock is now running on OT environments that have historically had years to respond to published vulnerabilities. That window has closed. For OT security teams, the response is not a faster patching cadence, which is structurally impossible in most environments. It is better compensating controls, validated network segmentation, and protocol-level monitoring that can detect exploitation attempts even when patches cannot be applied. Get the full OT vulnerability indicators checklist, compensating control implementation guide, and NERC CIP documentation templates in the free Mythos Brief at decryptiondigest.com/mythos-brief.

Frequently asked questions

What is the difference between ICS and OT?

Operational technology (OT) is the broad category that covers all hardware and software used to monitor and control physical processes, equipment, and infrastructure. Industrial control systems (ICS) are a subset of OT that specifically refers to the control systems used in industrial environments: SCADA (Supervisory Control and Data Acquisition) systems, PLCs (programmable logic controllers), DCS (distributed control systems), and HMIs (human-machine interfaces). All ICS is OT, but OT also includes other physical systems like building automation, physical access control, and surveillance systems.

Why can't OT systems be patched like enterprise IT?

OT systems face several constraints that make standard IT patching approaches impractical. First, most OT environments run 24/7 with zero tolerance for downtime: a power plant or water treatment facility cannot take scheduled maintenance windows the way an office productivity server can. Second, patches in OT environments must be tested extensively in representative environments before deployment because an untested patch that causes a process controller to malfunction can have physical consequences. Third, many OT systems run proprietary real-time operating systems that vendors patch slowly and infrequently. Fourth, many OT components are embedded hardware with limited update mechanisms. Finally, air-gapped or network-isolated OT environments require manual patch deployment processes that are logistically complex at scale.

What is NERC CIP?

NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) is a set of mandatory cybersecurity standards that apply to bulk electric system (BES) assets in North America. NERC CIP standards cover electronic security perimeters, physical security of cyber assets, systems security management, incident reporting, recovery planning, and supply chain risk management. Utilities that own or operate BES cyber systems are required to comply with applicable CIP standards and are subject to audits and mandatory reporting. Non-compliance can result in substantial financial penalties.

How does AI vulnerability discovery change OT risk?

AI tools like Claude Mythos can systematically analyze OT protocol implementations, firmware, and control logic for vulnerabilities far faster than human researchers. Glasswing's expansion to critical infrastructure means that the same autonomous vulnerability discovery that has found 10,000+ findings across IT environments is now being applied to OT environments. This changes the risk calculus in two ways: first, previously undiscovered vulnerabilities in OT software and firmware are being found and disclosed on an accelerating timeline; second, adversaries with similar AI tools can develop exploits for OT-specific vulnerabilities faster than the traditional OT patching timeline can accommodate.

What compensating controls work when patching is impossible?

When patching is not feasible for OT systems, the most effective compensating controls are network segmentation (isolating OT networks from IT networks and the internet using firewalls and DMZs), protocol filtering (using OT-aware firewalls or data diodes to restrict communications to specific protocols and expected traffic patterns), behavioral monitoring (using OT-specific intrusion detection systems that understand industrial protocols like Modbus, DNP3, and EtherNet/IP), unidirectional security gateways (data diodes for environments requiring air-gap equivalents), and enhanced monitoring combined with manual review processes for environments where automated responses could cause physical harm.

What security levels does IEC 62443 define and which one should OT operators target?

IEC 62443 defines four security levels (SL 1 through SL 4) that correspond to progressively sophisticated threat actor capabilities. SL 1 protects against unintentional or coincidental violations. SL 2 protects against intentional attacks using simple means with low motivation. SL 3 protects against sophisticated attacks using OT-specific knowledge. SL 4 addresses nation-state-level attackers with extensive resources. Most critical infrastructure operators should target SL 2 as a baseline and SL 3 for the most sensitive control zones. In the AI era, where AI tools significantly raise the baseline attacker capability, organizations previously comfortable at SL 2 should reassess whether SL 3 controls are warranted for internet-adjacent OT zones.

Sources & references

  1. Anthropic Project Glasswing 90-Day Report
  2. CISA ICS-CERT Advisories
  3. NERC CIP Standards
  4. IEC 62443 Industrial Cybersecurity Standard
  5. NIST SP 800-82 Guide to ICS Security
  6. CISA Cross-Sector Cybersecurity Performance Goals

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.