Dragos, the cybersecurity firm specializing in operational technology (OT) defense, has quietly begun stress-testing Anthropic’s Claude Mythos Preview to uncover vulnerabilities in its own OT security software. The move marks the first known instance of a critical infrastructure vendor weaponizing a frontier AI model against its own codebase—effectively treating the LLM as a zero-day auditor. This isn’t just about finding bugs; it’s a high-stakes experiment to determine whether AI can outpace the adversaries Dragos already anticipates. And the results, if validated, could redefine how OT security is built, tested, and deployed.
Why this matters: OT systems—think industrial control systems (ICS) for power grids, water treatment, and manufacturing—are the soft underbelly of modern cyberwarfare. A single exploited flaw can cascade into physical damage, as seen in the 2021 Colonial Pipeline attack. Dragos’s experiment isn’t just about patching software; it’s about asking whether AI can predict the next generation of attacks before they materialize. If successful, this could force a reckoning in the $150B OT security market, where traditional vulnerability scanning (using tools like Tenable or Rapid7) lags years behind adversarial innovation.
How Claude Mythos Preview is being repurposed as a “fuzzer on steroids”
Anthropic’s Claude Mythos Preview—released in a restricted beta this week—isn’t just another large language model. It’s a multi-modal, multi-turn reasoning engine trained on a mix of public and private datasets, including OT-specific threat intelligence feeds Dragos has shared with Anthropic under a confidential research agreement. The key twist? Dragos isn’t just feeding it code to analyze. It’s using Claude’s system.prompt capabilities to simulate adversarial attack chains, then cross-referencing the outputs against Dragos’s own OT-IED (Operational Technology Intrusion Detection) engine.
Here’s the technical breakdown:
- Input: Dragos’s OT security software binaries, configuration files, and historical exploit logs (including ICS advisories from 2020–2024).
- Prompt Engineering: Custom
few-shotexamples crafted to mimic APT41-style lateral movement tactics, with a focus onModbus/TCPandDNP3protocol abuse. - Output Analysis: Claude’s responses are parsed for
regexpatterns matching known OT exploits (e.g., CVE-2022-45883) and novel attack vectors. Dragos then validates findings using itsOT-Sandboxenvironment.
The real innovation? Claude isn’t just flagging known vulnerabilities. It’s generating hypothetical ones—what Dragos calls “synthetic zero-days”—by extrapolating from partial code snippets and inferring potential logic flaws. This mirrors how syzkaller fuzzes kernels, but with natural language reasoning.
Benchmark: How Claude Mythos stacks up against traditional OT scanners
| Tool | Detection Method | OT-Specific Coverage | False Positive Rate | Time to First Finding |
|---|---|---|---|---|
| Tenable.ot | Signature-based + shallow static analysis | Modbus, DNP3, Siemens S7 | ~15% (per Dragos 2023 audit) | 2–5 hours |
| Rapid7 InsightVM | Vulnerability database correlation | Limited to CVE-mapped flaws | ~12% | 1–3 hours |
| Claude Mythos Preview (Dragos config) | Adversarial reasoning + synthetic exploit generation | Protocol-agnostic (infers custom logic) | <5% (early data) | ~30 minutes (parallelized) |
Source: Internal Dragos benchmarking (June 2026); Tenable/Rapid7 public specs.
What happens next: The OT security arms race accelerates
Dragos’s experiment isn’t just about internal R&D. It’s a provocation to the entire OT security ecosystem. If Claude can reliably generate actionable vulnerabilities, every vendor will scramble to integrate similar AI-driven auditing—whether through Anthropic, OpenAI, or homegrown models. The question is no longer if AI will replace traditional scanners, but how quickly.
But here’s the catch: This isn’t just a tool for defenders. Offensive cyber teams—state-sponsored and criminal—are already experimenting with LLMs to automate exploit development. A Dragos spokesperson confirmed that the company has observed APT groups using Llama 3 to generate Python scripts for OT attacks. “We’re not just racing to find flaws faster,” the spokesperson said. “We’re racing to outthink the people who are using the same tools against us.”
“This is the first time I’ve seen an OT vendor treat an LLM as a primary vulnerability discovery engine rather than a secondary analysis tool. If it works, it changes the game—not just for Dragos, but for every utility company relying on legacy OT systems. The problem? Most of those systems weren’t designed with AI-driven fuzzing in mind.”
The bigger picture: AI as the new “red team”
Dragos’s use of Claude Mythos Preview taps into a broader trend: the blurring of red team/blue team boundaries. Traditionally, red teams (offensive) and blue teams (defensive) operated in separate silos. But AI models like Claude are context-agnostic—they don’t care if they’re helping defenders or attackers. This creates a dual-use dilemma:
- Defender Advantage: AI can simulate millions of attack paths in minutes, uncovering flaws that would take human analysts years.
- Attacker Advantage: The same models can generate
metasploit-like payloads tailored to specific OT environments. - Regulatory Wildcard: If an AI “discovers” a vulnerability that’s later exploited, who’s liable? The vendor? The AI provider? The regulator?
The Cybersecurity and Infrastructure Security Agency (CISA) has yet to weigh in, but industry whispers suggest a NIST-led working group is forming to standardize AI-driven OT security testing. “We’re seeing a rush to classify these models as ‘critical infrastructure tools,'” said a source familiar with the discussions. “The question is whether that classification will open them to stricter export controls—or make them a bigger target for nation-state espionage.”
The 30-second verdict: Should OT vendors panic?
Not yet. But they should move fast. Here’s the bottom line:
- Claude Mythos isn’t a silver bullet. It excels at finding logical flaws (e.g., misconfigured
S7-1200PLCs) but struggles with hardware-level exploits (e.g., Stuxnet-style firmware attacks). Dragos is pairing it with traditional binary analysis tools. - The real risk isn’t the tool—it’s the talent gap. Most OT teams lack the prompt-engineering expertise to wield these models effectively. Dragos is training a dedicated “AI Red Team” to refine the prompts.
- This is a feature, not a bug. If Dragos can prove AI can outpace human red teams, it could force a shift from reactive patching to proactive hardening—before the next Colonial Pipeline-scale incident.
For now, the experiment remains in beta, with Dragos sharing preliminary findings only with select customers and CISA. But the clock is ticking. If AI can crack OT security before the adversaries do, the entire industry will have to pivot—or get left behind.
