Cyberattackers used AI to map pathways into water utility OT systems, report says

Cybersecurity firm Dragos is warning water utilities and other critical infrastructure operators that commercially available artificial intelligence tools are accelerating cyber intrusion efforts into operational technology (OT) environments.

In a new analysis conducted alongside Gambit Security, Dragos detailed a 2025-2026 intrusion campaign targeting multiple Mexican government organizations, including a municipal water and drainage utility serving the Monterrey metropolitan region. Researchers found evidence that the unidentified threat actor used Anthropic’s Claude and OpenAI’s GPT models to support reconnaissance, tool development, credential attacks and lateral movement within compromised IT systems.

"This isn’t an isolated incident, it’s a clear warning that bad actors are now using AI to dramatically accelerate the scale, speed, and sophistication of cyberattacks," said Rahul Powar, CEO of the cybersecurity firm Red Sift, in a statement. "Tools like generative AI are lowering the barrier to entry almost to zero, allowing attackers with little prior expertise to target critical infrastructure in a matter of weeks. While AI offers enormous benefits, its misuse poses serious national security and public safety risks as we've seen here. Governments and public utilities alike must put safeguards in place now, and just as importantly, use AI defensively, to stay ahead of increasingly powerful and automated threats."

According to Dragos, the attackers leveraged AI-generated scripts and automation to identify a SCADA and industrial gateway platform connected to the utility’s operational environment. The report said Claude independently recognized the OT-adjacent system as a potentially critical target and attempted to identify access pathways between enterprise IT and water infrastructure systems.

Researchers said the AI models did not create novel industrial control system attack techniques, but significantly accelerated the use of publicly available offensive security methods. Dragos noted the attackers generated and refined malicious tools in near real time, including a 17,000-line Python-based post-compromise framework designed for credential harvesting, Active Directory interrogation and lateral movement.

The attempted breach of the water utility’s OT environment was ultimately unsuccessful, according to Dragos, which said it found no evidence that operational systems were compromised.

The company said the incident demonstrates how AI-assisted intrusions could shorten the time between an enterprise IT compromise and attempts to target industrial infrastructure. Dragos urged utilities to strengthen foundational cybersecurity measures, including network segmentation, strong authentication, OT network visibility and monitoring of east-west traffic within control systems.

The report also highlighted the importance of frameworks such as the SANS Five Critical Controls for ICS Cybersecurity as utilities prepare for increasingly automated cyber threats targeting water infrastructure.