Dragos introduces OT-native cybersecurity AI

Dragos

Thursday, 25 June, 2026

Dragos has announced the release of EmberAI, an OT-native AI built on the Dragos Intelligence Fabric. EmberAI is designed to give analysts access to Dragos OT-specific intelligence gained from over a decade of OT actions, activity and knowledge.

Threat activity against critical infrastructure is accelerating. At the same time, the gap in OT cybersecurity skills that are needed to address these complex tactics and techniques is widening. Existing tools prioritise visibility over understanding, and general-purpose AI lacks the operational context to distinguish a critical exposure from background noise or to prioritise threats by their actual impact on operations. In OT, any delayed or incorrect decision can have direct consequences for operational safety, resilience and control.

Putting historical and real-time intelligence in the hands of security analysts enables teams to gain detailed visibility into assets, vulnerabilities and network activity across their OT environment according to Dragos. They can prioritise threats by operational impact and act on findings specific to their environment.

Organisations responsible for securing extended operational technology (xOT) environments, including power grids, manufacturing plants, water systems, pipelines and data centres, need AI that is built on the right intelligence and grounded in operational reality. Dragos says that EmberAI helps analysts across the full range of experience — from IT practitioners and plant engineers operating in OT environments to seasoned OT professionals — to see, understand and act with the confidence of an OT expert. They can then prioritise what matters operationally, and act effectively on findings that threaten safe operations.

“We built EmberAI to harness Dragos’s decade-plus of experience in threat intelligence, incident response, adversary tracking and frontline operations for OT environments,” said Robert Lee, CEO and Co-Founder, Dragos. “It is hard to reproduce this depth of OT-specific expertise and build AI that understands and can action OT-specific findings.”

Dragos says the Dragos Intelligence Fabric is built on over five petabytes of daily OT telemetry, more than 10 years of adversary tracking across named OT threat groups, proprietary OT vulnerability research as a CVE Numbering Authority, asset and protocol research spanning more than 600 OT protocols, and frontline incident response experience from critical infrastructure environments. The Dragos Intelligence Fabric continuously learns as new intelligence surfaces, field insights accumulate and threat groups adopt new behaviours.

This foundation enables EmberAI to operate on a principle that distinguishes it from generic AI: OT-specific intelligence applied in context, according to the company.

Image credit: iStock.com/Alones Creative