Dragos Launches EmberAI, an OT-Native AI for Critical Infrastructure Threat Prioritization

Dragos has announced the release of EmberAI, an OT-native AI built on the Dragos Intelligence Fabric. EmberAI gives every analyst immediate access to Dragos’s OT-specific intelligence, gained from more than a decade of OT operations, activity, and expertise.

Putting historical and real-time intel in the hands of every security analyst, EmberAI enables teams to gain detailed visibility into assets, vulnerabilities, and network activity across their OT environment. They can prioritize threats by operational impact and act on findings specific to their environment. EmberAI empowers every analyst, regardless of experience, to move from alert to informed action faster, and make defensible decisions grounded in real adversary data.

Threat activity against critical infrastructure is accelerating. The OT cybersecurity skills needed to address these complex tactics and techniques continue to grow, and the shortage of professionals who can meet that demand continues to widen. Existing tools prioritize visibility over understanding, and general-purpose AI lacks the operational context to distinguish a critical exposure from background noise or to prioritize threats by their actual impact on operations. In OT, any delayed or incorrect decision can have direct consequences for operational safety, resilience, and control.

Organizations responsible for securing extended operational technology (xOT) environments, including power grids, manufacturing plants, water systems, pipelines, and data centers, need AI that is built on the right intelligence and grounded in operational reality. EmberAI helps analysts across the full range of experience—from IT practitioners and plant engineers operating in OT environments to seasoned OT professionals—to see, understand, and act with the confidence of an OT expert. They can prioritize what matters operationally, and act effectively on findings that threaten safe operations.

“We built EmberAI to harness Dragos’s decade-plus of experience in threat intelligence, incident response, adversary tracking, and frontline operations for OT environments,” said Robert M. Lee, CEO, Dragos. “It is hard to reproduce this depth of OT-specific expertise and build AI that understands and can action OT specific findings.”

The Dragos Intelligence Fabric is built on over five petabytes of daily OT telemetry, 10-plus years of adversary tracking across named OT threat groups, proprietary OT vulnerability research as a CVE Numbering Authority, asset and protocol research spanning more than 600 OT protocols, and frontline incident response experience from critical infrastructure environments. The Dragos Intelligence Fabric continuously learns as new intelligence surfaces, field insights accumulate, and threat groups adopt new behaviors.

EmberAI operates on a principle that distinguishes it from generic AI: OT specific intelligence applied in context. It is central to Dragos’s xOT security strategy to secure the full extended operational technology environment that influences critical operational processes. As Dragos’s xOT integrations expand the Intelligence Fabric with new data sources, EmberAI’s intelligence and capabilities will grow with it. The analyst remains in control at every step, with transparent and auditable recommendations, and customer data never leaves the customer’s environment.

The SecurityWeek article adds that EmberAI operates inside the customer-controlled Dragos platform and that customer data never leaves the environment, reinforcing privacy guarantees. It also notes the tool correlates data from multiple sources including threat intelligence, assets, vulnerability data, and network activity to provide contextual responses, and that Dragos is building a library of OT skills based on its analysts' expertise. The article further contextualizes the launch alongside Accenture's recent $4.1 billion investment in Dragos, runZero, and NetRise.