Lines of code on a dark computer monitor
Security & Compliance

AI Found the OT Gateway First

By Marcus Hale5 min read
maritime cybersecuritysovereign AIon-vessel AIcomplianceagentic AI

Dragos published findings last week from an intrusion against a Mexican water and drainage utility. The attackers used Anthropic's Claude to conduct reconnaissance across the victim's enterprise IT network. Without any OT-specific prompting, the model independently identified an industrial gateway as a high-value target, assessed its strategic relevance to critical infrastructure, and investigated access pathways from IT into the OT environment.

The AI wrote a 17,000-line Python attack framework with 49 modules. It generated, tested, and refined tools in near real time based on what worked and what did not. The OT breach was ultimately unsuccessful, but that is a thin margin of comfort.

I have been in cybersecurity for thirty years. I have watched offensive capabilities migrate from nation-state labs to criminal gangs to commodity toolkits, and the pattern is always the same: what is rare today is routine in eighteen months. This is the pattern I described when Anthropic's Mythos found thousands of zero-days in partner infrastructure earlier this year. The offensive side of AI is accelerating on a schedule that does not wait for defenders to catch up.

What this means for vessel operators

A water utility and a superyacht have more in common than most yacht owners realize. Both run OT systems (PLCs, SCADA interfaces, sensor networks) alongside IT infrastructure. Both have administrative interfaces that connect the two domains. Both are operated by teams that were not hired to think about advanced persistent threats.

The difference is that the water utility had an incident response team on call and a forensics firm (Gambit Security) that brought in Dragos. A yacht in the Western Mediterranean at 0200 local does not have that option.

If a general-purpose LLM can identify OT gateways and prioritize them as high-value targets without being told to look for them, vessel operators need to assume that every connected system on the vessel is discoverable. Engine monitoring, ballast control, navigation aids, HVAC controllers, PMS interfaces: all of these are OT or OT-adjacent assets sitting on a network that an AI-assisted attacker can map faster than your crew can respond.

The speed problem

The Dragos report describes something I have not seen before at this fidelity: an AI agent acting as the primary technical executor of an intrusion, operating at machine speed. The attacker was not just using AI to write a script. The AI was conducting the reconnaissance, identifying targets, writing the tools, testing them, and iterating. That is a fundamentally different tempo of attack than anything most maritime IT plans account for.

A yacht's network segmentation, if it exists at all, was designed to keep a curious guest off the bridge systems. It was not designed to withstand an AI agent that can enumerate every service, identify the one that bridges IT and OT, and generate custom exploit code in minutes. The attack surface on a vessel is already larger than most operators appreciate. AI-assisted reconnaissance makes it vastly more exploitable.

What sovereign AI changes about this calculus

If your AI inference runs through a cloud endpoint, you have created an attack surface that an adversary can intercept, redirect, or compromise at the network level. An AI-assisted attacker probing your vessel's network can see those API calls and map your cloud dependencies from the traffic alone.

Sovereign AI on the vessel changes this. Local inference means no outbound API calls for an attacker to intercept. Local threat detection means the monitoring runs at the same speed as the attacker, without waiting for telemetry to round-trip through a satellite link. Local audit logs mean the forensic record stays on the vessel, not in a cloud tenant that may itself be compromised.

I wrote last month about why cloud AI fails at sea from a reliability standpoint. The Dragos report adds an equally compelling security argument. When the satellite link drops (which is precisely when a sophisticated attacker would choose to strike), only sovereign AI keeps defending the vessel.

The practical takeaway

If you operate a vessel with connected OT systems, three things should be on your immediate list:

  1. Verify your IT/OT segmentation. Can a device on the guest Wi-Fi reach any system that touches vessel operations? If the answer is yes, or if the answer is "I am not sure," that is your first remediation.

  2. Deploy anomaly detection that runs locally. Signature-based tools are not enough when the attacker is generating custom code in real time. You need behavioral monitoring that flags unusual network patterns, and it needs to work when the satellite link is down.

  3. Assume the attacker is faster than your crew. AI-assisted intrusion operates at machine speed. Your defensive posture should not depend on a human noticing something unusual in a log file at 0300.

The Dragos water utility finding is a preview. The same capability that mapped an industrial gateway in a municipal utility will eventually be pointed at a vessel. The only question is whether your defenses are already in place when that happens, or whether you are retrofitting them after the fact.

Concerned about AI-assisted threats to your vessel's OT environment? Let's talk. We design sovereign AI deployments with security and compliance built in from the start.