Dragos launches EmberAI for operational technology security

Dragos has launched EmberAI for operational technology cybersecurity. The product is now generally available within the company's platform.

EmberAI is aimed at analysts in critical infrastructure environments such as power grids, manufacturing plants, water systems, pipelines and data centres. It draws on Dragos's Intelligence Fabric, described as a body of OT threat intelligence, incident response knowledge and operational data built over more than a decade.

The release comes as operators of industrial and other cyber-physical systems face growing pressure to respond to threats with limited specialist staff. EmberAI is intended to help users move more quickly from alerts to decisions by providing context on assets, vulnerabilities, threats and network activity.

OT focus

Unlike general-purpose artificial intelligence tools, EmberAI has been built specifically for operational technology environments, according to Dragos. That distinction matters because security teams in industrial settings must judge not only whether activity is suspicious, but also whether it could affect physical processes, safety or resilience.

That focus reflects a wider shift in cybersecurity spending towards tools tailored for industrial systems. Operators in sectors such as electricity, oil and gas, manufacturing and water are increasingly seeking products that can interpret plant and network conditions in operational terms rather than simply flag technical anomalies.

Dragos said EmberAI allows analysts to ask questions in plain language and receive answers grounded in OT-specific data. It also links information on assets, vulnerabilities, threat intelligence and network activity to present a unified view of an environment.

The system maps detections and alerts to known OT threat groups and observed attack patterns. That is intended to help analysts understand the relevance of activity in their own environment and decide how to prioritise a response.

Another part of the product is aimed at routine analyst work. EmberAI can support processes such as alert triage, incident summaries and reporting, with the goal of reducing the manual work involved in gathering and correlating information across different tools.

Data foundation

At the centre of the launch is the Intelligence Fabric that Dragos uses as the basis for the product. The company said this foundation includes more than five petabytes of daily OT telemetry, adversary tracking across named OT threat groups, OT vulnerability research, asset and protocol research covering more than 600 OT protocols, and incident response work in critical infrastructure settings.

That database is important because one of the persistent concerns around AI in security is whether models have enough domain-specific information to produce trustworthy outputs. In industrial environments, where errors can have operational consequences, suppliers have increasingly stressed auditability, local control and the ability to trace recommendations back to known intelligence.

Dragos said EmberAI was built around a "human in the loop" approach. Analysts remain in control of decisions, recommendations are transparent and auditable, and customer data stays within the customer's own environment because the product runs inside the existing Dragos platform deployment.

Those design choices address broader concern among operators of sensitive infrastructure over data sovereignty and the risks of sending operational telemetry to external cloud-based systems. Industrial organisations have often been slower than enterprise IT teams to adopt new AI tools for precisely that reason.

Robert M. Lee, Chief Executive Officer and Co-Founder of Dragos, outlined the thinking behind the product.

"We built EmberAI to harness Dragos's decade-plus of experience in threat intelligence, incident response, adversary tracking, and frontline operations for OT environments," said Robert M. Lee, Chief Executive Officer and Co-Founder, Dragos.

"It is hard to reproduce this depth of OT-specific expertise and build AI that understands and can action OT-specific findings," Lee said.

Broader strategy

Dragos positioned EmberAI as part of its broader strategy around what it calls extended operational technology, or xOT, covering the wider set of digital and physical systems that influence operational processes. The product's knowledge base will expand as new data sources are added through integrations across that environment, the company said.

For buyers, the launch underlines a developing fault line in the cybersecurity market between broad AI assistants and products trained on narrower, industry-specific data sets. In operational technology, vendors are betting that specialised context will matter more than scale alone.

Dragos serves sectors including electric utilities, oil and gas, manufacturing, water, transportation, mining, data centres and government, and operates across North America, Europe, the Middle East, Africa and Asia-Pacific.