Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
Unlike modern IT systems, Operational Technology (OT) assets like power grids and factory floors are old, difficult to update without operational downtime, and often run on legacy hardware that cannot handle modern security patches. This makes them a highly vulnerable and critical target for AI-driven attacks.
Related Insights
AI will find vulnerabilities at an unprecedented rate. The real crisis will be the organizational inability to patch them, especially in critical infrastructure with long update cycles and unsupported software where original developers are long gone. The problem shifts from finding flaws to fixing them at scale.
The same AI technology amplifying cyber threats can also generate highly secure, formally verified code. This presents a historic opportunity for a society-wide effort to replace vulnerable legacy software in critical infrastructure, leading to a durable reduction in cyber risk. The main challenge is creating the motivation for this massive undertaking.
As AI models become adept at finding software vulnerabilities, there's a limited time for companies to use these tools defensively. This brief "catch-up" period exists before these powerful capabilities become widely available to malicious actors, creating an urgent, time-boxed need for proactive patching of legacy systems.
The cost to secure vulnerable systems isn't just the hardware value. "Deployment costs" for upgrading unpatchable Operational (OT) and Information (IT) Technology—especially in critical infrastructure—will drive total demand to $1.5 trillion in the U.S. alone, far exceeding the book value of the assets themselves.
Unlike traditional software where a bug can be patched with high certainty, fixing a vulnerability in an AI system is unreliable. The underlying problem often persists because the AI's neural network—its 'brain'—remains susceptible to being tricked in novel ways.
While AI models excel at identifying security vulnerabilities, the next major innovation lies in automatic remediation. The "holy grail" for cybersecurity startups is developing AI systems that can instantly patch and fix identified threats, moving beyond simple detection to proactive, zero-day defense.
AI models are better at finding bad code than writing good code. This capability will rapidly uncover vulnerabilities in open-source, custom, and vendor software that would have otherwise taken 10 years to find. This creates an urgent, large-scale need for patching across all industries.
Industrial control systems (OT) on factory floors are largely unencrypted and unsecured, a stark contrast to heavily protected IT systems. This makes manufacturing a critical vulnerability; an adversary can defeat a weapon system not on the battlefield, but by compromising the industrial base that produces it.
The traditional cybersecurity model of humans finding and patching vulnerabilities cannot keep pace with AI that discovers thousands of exploits in hours. This fundamental mismatch in speed and scale will require a complete overhaul of how software security is managed.
AI models like Mythos aren't just finding vulnerabilities; they are creating working exploits almost instantly. This forces security and engineering teams to abandon manual patching in favor of automated, machine-speed defense pipelines.
