AI-powered cyber attacks compress OT vulnerability timelines

AI-powered cyber attacks are raising the stakes for critical infrastructure security, especially in Operational Technology (OT) environments where patching is slow due to long asset lifecycles, vendor constraints, and safety/availability risks. The article highlights Anthropic’s Project Glasswing and Claude Mythos Preview, saying Mythos Preview has already identified thousands of high-severity vulnerabilities across major operating systems and web browsers. Key impact: AI-powered cyber attacks reduce the gap between vulnerability discovery and exploitation, potentially shrinking defenders’ response time from weeks to minutes or seconds. It also warns that post-compromise “contagion” inside networks may become increasingly automated, making manual incident response less effective. Why patching is harder in OT: NIST guidance (including SP 800-82) emphasizes that changes must preserve safety and operational continuity, often requiring offline testing, planned maintenance windows, vendor review, and compensating controls. CISA similarly notes some OT vulnerabilities may not be remediated immediately without risking availability or safety. Zero Trust is positioned as the main countermeasure: reduce exposure, eliminate unnecessary trust paths, constrain lateral movement, segment IT/OT boundaries, and govern remote and third-party access with identity-based controls. Takeaway for security leaders: plan for delayed patching, minimize blast radius, and build resilience so operations stay safe even when vulnerabilities remain open.