Dragos is reporting an early real-world observation of an adversary using commercial AI tools to identify and prioritize operational technology (OT) infrastructure during an IT intrusion.
In late February 2026, researchers at Gambit Security recovered a vast collection of materials related to a large-scale compromise of multiple Mexican government organizations that occurred between December 2025 and February 2026. Gambit brought Dragos into their investigation to specifically assess adversarial activity that took place during an intrusion into a municipal water and drainage utility in Monterrey, Mexico. During this analysis, Dragos identified a significant compromise of the utility’s enterprise IT environment, which showed an attempt to escalate the intrusion into an OT environment.
