How Anthropic's Mythos Compresses the Timeline for OT Security

You Can’t Patch a Running Plant.

The Cloud Security Alliance compares this moment to Y2K: a systemic threat with a hard deadline that demands urgent, disciplined response. They’re right — and for OT, the clock is ticking even louder.

On April 12, the CSA published an expedited strategy briefing signed by Jen Easterly (CEO, RSAC; former Director, CISA), Bruce Schneier (Chief of Security Architecture, Inrupt; Harvard Kennedy School), Heather Adkins (CISO, Google), Rob Joyce (former Cybersecurity Director, NSA), and Phil Venables (Ballistic Ventures; former CISO, Google Cloud), among others. The trigger: Anthropic’s Claude Mythos, a new class of AI model purpose-built for finding security vulnerabilities in software, autonomously discovered thousands of zero-day vulnerabilities across every major operating system and browser — with a 72% exploit success rate and working exploits for bugs as old as 27 years. Time-to-exploit has collapsed from 2.3 years in 2018 to under one day in 2026.

The CSA proposes 11 priority actions across a compressed timetable — most starting “this week” with 45-to-90-day horizons. For IT environments with staffed security teams, CI/CD pipelines, and code-level access, the plan is ambitious but executable. For critical industrial environments — like pharma, chemicals, food & beverage, utilities, oil & gas or manufacturing — many of those actions are extremely challenging to implement. Not because the urgency is less, but because the CISO’s mandate typically stops at the IT/OT boundary. Change management in OT requires sign-off from operations, safety, maintenance, and often quality and compliance teams before any system can be touched.

Of the CSA’s 11 priority actions, roughly half assume capabilities that most OT environments simply don’t have. The ones that do apply need fundamental rethinking. Below, we have translated the CSA’s IT-centric recommendations into the “Mythos readiness framework for OT”. The result is five OT-specific priorities, each mapped back to the original CSA actions but adapted for industrial reality. The three sections below address the priorities where urgency is highest.

IT and OT environments will be affected asymmetrically by AI. The reason is structural: AI will accelerate patch development — a real defensive benefit. But keeping up with AI-discovered vulnerabilities will be hard even for mature IT teams. In OT it’s harder by orders of magnitude: systems run unchanged for decades, and patching cadence cannot match the speed at which AI surfaces new flaws.

OT environments have historically been less exposed than IT. But that isolation is disappearing. Plants depend on shared IT services (Active Directory, DNS, remote access, backup infrastructure) that are far more exposed, and each one is a potential route in. Reducing those dependencies, hardening what must remain, and governing remote access is what most OT environments have not done sufficiently. This is why the framework is mostly about fixing the basics — fast.

OT Framework items A+B: Segmentation demands process intelligence

The CSA’s Priority Action 5 is “Prepare for Continuous Patching.” In production environments still running Windows XP on SCADA servers and PLCs with firmware from 2009, that is not possible and maintenance windows might be months apart, or happen once a year during annual shutdown.

This is why flat network architecture is the most dangerous risk in OT. The majority of OT environments still lack proper IT/OT segmentation, let alone internal segmentation based on process criticality. When AI-driven attackers chain vulnerabilities and move laterally at machine speed, a flat network turns one exploit into full-environment compromise.

You can’t segment what you don’t understand. In OT, that means mapping which assets serve which production processes, identifying that “one undocumented PLC in a cabinet” that controls half the plant, and reviewing PLC source code to uncover unknown communication flows. It means classifying zones by process criticality and prioritising vulnerabilities by actual operational impact, not just CVSS scores.

From there, segmentation needs a formal blueprint with enforceable rules: deny-by-default firewall policies, no dual-homed devices without documented exceptions, and — critically — a defined process for vendor onboarding. Without clear rules, vendors install their systems the way they want, bypassing the architecture you’ve spent months designing. The difficulty lies in doing all of this across multiple sites without disrupting production.

Even the best segmentation falls apart at the remote access boundary. Engineers, integrators, and internal support teams typically reach controllers through always-on VPNs, vendor-managed jump hosts, or thinly-governed RDP chains. These pathways predate any modern threat model and rarely appear on the segmentation diagram. Every persistent tunnel becomes a one-hop route from a compromised IT asset, or a compromised vendor laptop, straight into Level 2. The fix is not a new tool but a discipline: route all remote sessions through a hardened jump host inside an OT DMZ, enforce phishing-resistant MFA and just-in-time approvals, time-box every session, record what happens inside it, and deny-by-default the rest. Existing vendor arrangements that rely on permanent connectivity should progressively be brought under the same blueprint, so that remote access becomes a governed, auditable part of the architecture.

OT Framework items C+E: For most assets, the answer isn’t a patch — it is hardening.

Both IT and OT depend on third-party software. The critical difference: in OT, you’re locked to the vendor’s firmware for 15 to 30 years. You can’t access source code, run security agents against PLC firmware, or switch components when a vendor is slow to patch. For a significant share of the installed base, the vendor may no longer provide support at all.

Forty vendors received early Mythos access through Project Glasswing, some of which are in the industrial automation domain. Expect a concentrated wave of critical firmware patches landing simultaneously for devices that can’t be taken offline.

For assets that can receive patches, the challenge is triage at speed: a live inventory mapping every device, firmware version, and network dependency so you know within hours which sites are affected and what your options are.

For assets that can’t be patched (OT is full of them) the programme shifts to hardening. What used to be a multi-year effort must now compress into quarters. Beyond segmentation and isolation, the priorities are:

Reclaim identity control. Most OT environments still run shared accounts, legacy service credentials, and trust relationships inherited from the corporate domain. Deploy a dedicated OT Active Directory (a separate forest, no trusts) with its own service catalogue and defined SOPs. Recertify all OT permissions, eliminate shared accounts for privileged access, and enforce MFA where architecturally feasible. Every trust relationship with corporate systems is a lateral movement path that AI-driven attacks will find.

Ensure you can recover what you can’t protect. For systems running on installation media that may no longer exist, immutable backups aren’t optional — they’re the last line. Design backup and restore procedures that account for OT-specific constraints: controller configurations, PLC programmes, historian data, and the sequencing required to bring a production line back online without introducing new risks.

Operationalise vendor advisory triage. Subscribe to feeds for every OEM in your installed base, ICS-CERT, and the relevant sector ISACs. Define an SLA for how quickly a new advisory is matched against your inventory, scored against process criticality, and routed to the right site engineer. For each strategic vendor, know in advance who you call when a critical advisory lands and which compensating controls you activate if a patch is weeks away. When the first Glasswing wave reaches industrial vendors, the difference between a coordinated response and a scramble will come down to whether this process existed beforehand.

OT Framework item D: OT detection requires expertise that barely exists

The CSA correctly identifies inadequate detection and response velocity as a critical risk. In OT, every dimension is structurally worse.

The vast majority of OT environments lack basic endpoint security. Many plants have no dedicated monitoring — the IT SOC has zero visibility below Purdue Level 3. Protocols like Modbus/TCP, S7comm, OPC-UA, and EtherNet/IP require specialised deep packet inspection that generic SIEM rules don’t cover.

Response is constrained by operational continuity and the skill level of the people involved. Auto-quarantining a DCS controller could halt a filling line or shut down a reactor. Incident response requires coordination with plant operations, safety, and in regulated environments, quality teams. Finding people who combine deep industrial automation expertise with cybersecurity skills to make those calls under pressure is one of the hardest challenges in the industry. That overlap barely exists — and it cannot be replaced by IT security generalists.

Effective OT detection starts with extended baseline training: weeks of learning normal communication patterns in that specific environment. Only from that baseline can anomaly detection separate real threats from operational noise. The tuning that (for example) reduces the signal-to-noise ratio for a pharmaceutical batch process will generate false positives in a water treatment plant.

Organisations will need to build up dedicated OT SOC capabilities with OT-specific runbooks, L1 monitoring with 24/7 anomaly detection, L2 analysis with industrial context, and continuous use-case tuning by (internal or external) analysts who understand both cybersecurity and the production process.

In summary: A perfect storm is forming

AI-powered vulnerability discovery will accelerate attack speed by orders of magnitude — against an industrial installed base that is largely unprotected, structurally slow to adapt, and lacks the internal staffing to close the gap.

Mythos (and other highly capable vulnerability-hunting AI models) won’t change what security measures need to be implemented in industrial environments. But they will fundamentally change how fast these basics need to be fixed.

If you want to understand where your OT environment stands and what a Mythos-ready programme looks like for your plants, get in touch.

About infraone — Europe’s leading OT cybersecurity engineering firm for critical manufacturing. Bridging the domains of industrial automation and security, infraone protects 9 of Europe’s top 15 pharmaceutical companies, 4 of the top 10 chemical companies, and 5 of the top 15 food companies — covering the full security lifecycle from assessment through managed operations across 15+ countries. infraone.com