OT Security Fundamentals Hold Strong Against AI-Assisted Cyberattack on Mexican Water Utility

Earlier this month, attackers breached multiple government environments in Mexico and attempted to pivot toward a water utility’s operational systems using AI-assisted reconnaissance and attack tooling. According to Dragos, the attackers used AI to identify industrial gateways and explore potential paths into cyber-physical systems (CPS), though the attack was ultimately halted before any operational disruption occurred.

Most headlines about have understandably focused on a single phrase: AI-driven cyberattack. But the two biggest lessons from this incident go beyond the simple fact that AI was involved.

First, AI is making it dramatically easier for attackers to identify and exploit the growing connectivity between IT and OT environments.

Second, the attack was stopped not by advanced “AI versus AI” defenses, but by strong security fundamentals: segmentation, identity controls, authentication, tightly governed access, and CPS isolation.

Taken together, these conclusions reveal that AI does not suddenly make industrial systems defenseless. What it doesdo is accelerate the speed at which attackers can analyze environments, discover pathways between enterprise IT and operational systems, and attempt lateral movement toward critical infrastructure.

Yet the incident also provides reason for optimism by demonstrating that established cybersecurity fundamentals — especially controls designed to restrict access and contain attacks — remain effective, even against AI-assisted tactics. As attackers gain the ability to operate at machine speed, limiting unnecessary exposure and enforcing tightly controlled access become essential to maintaining resilient operational environments.

IT/OT Convergence Expanded More Than Operational Efficiency

In recent years, organizations across industries have pursued IT/OT convergence initiatives to improve operational agility, strengthen collaboration between teams, reduce downtime, enhance security, and gain better business intelligence from operational data. Research from Cyolo and the Ponemon Institute identified these operational and business priorities as key drivers behind IT/OT convergence efforts.

But in many organizations, connectivity expanded faster than security architecture evolved.

Over time, industrial environments accumulated VPNs and other remote access tools, third-party integrations, exposed gateways, and persistent trust relationships between enterprise IT and operational systems. Each connection may have solved a legitimate operational challenge. Collectively, however, they created increasingly accessible pathways into critical infrastructure.

This growing exposure is exactly what attackers attempted to exploit in the Mexico water utility incident. Gartner analysis of the attack warns, “In the name of ‘IT-OT convergence,’ organizations have connected assets to enterprise IT systems without cybersecurity in mind, thereby expanding attack surfaces dramatically.”¹

The Cyolo/Ponemon study reinforces this concern. Although 72% of organizations were found to be actively pursuing IT/OT convergence, most still reported limited ability to securely manage access between IT and OT environments.

In other words, while organizations are benefiting from greater visibility, data sharing, and collaboration through IT/OT convergence, many have also introduced new pathways that attackers — with their AI tools — can now identify and exploit faster than ever before.

AI Is Making Industrial Environments Easier to Discover

According to Dragos’ “early real-world observation” of the water utility attack, Anthropic’s AI model “Claude acted as the primary technical executor and independently identified the OT environment’s relevance to critical infrastructure, assessed its potential as a crown jewel asset, and investigated possible access pathways to breach the IT-OT boundary.”

This finding is significant because it shows the attack didn’t rely on autonomous malware or some futuristic AI cyberweapon. The primary AI capability leveraged in the attack was machine-speed reconnaissance.

The danger for organizations is that tasks once requiring substantial time, patience, and OT-specific expertise can now be fast-tracked through AI-assisted analysis and automated experimentation. Today, AI can rapidly analyze documentation, identify industrial protocols, suggest lateral movement paths, and help attackers iterate far faster than traditional human-led operations. This dramatically lowers the barrier to entry for attacking operational environments.

AI Accelerated the Attack, But Fundamentals Stopped It

Many cybersecurity vendors portray AI as an arms race that can only be won by adopting increasingly sophisticated AI-driven defenses. But in this case, it wasn’t “good AI” stopping “bad AI.”

What ultimately contained the attack were foundational security controls: segmentation between environments, robust authentication barriers, identity-based access controls, isolation measures that reduced the blast radius, and tightly governed pathways into operational systems.

The implications here are significant. AI may dramatically accelerate how quickly attackers identify and exploit weaknesses, but it does not diminish the value of strong security fundamentals. If anything, AI-assisted attacks make preventative controls like segmentation, identity verification, and strictly controlled access more important than ever. When attackers can move at machine speed, preventing unauthorized access in the first place becomes the linchpin of an effective security strategy.

Why Legacy Remote Access Models Are Too Risky for Modern OT Environments

While AI-driven attacks may not need equally sophisticated AI-powered defenses to stop them, they do expose the growing limitations of legacy remote access approaches such as VPNs and jump servers.

Many traditional remote access tools were designed for a different era of industrial connectivity — one in which operational environments were more isolated and remote sessions were less common. But today, even before adding AI to the equation, industrial environments are much more connected, distributed, and dependent on remote access than they were just a few years ago.

In this context, continuing to rely on outdated remote access strategies creates serious risk. Broad network connectivity can expose operational systems well beyond the specific asset a user actually needs to access. On a live factory floor, for example, a compromise involving remote access to a single industrial system can quickly disrupt production processes and affect operations across the facility. This challenge becomes even greater when organizations rely heavily on third-party vendors for maintenance, troubleshooting, and operational support.

To better address today’s security and operational challenges, organizations in manufacturing, energy & utilities, AI infrastructure, and other critical industries are shifting toward access models built around identity, segmentation, and tightly governed connectivity. The goal is not to eliminate remote access or discourage third-party collaboration, but to ensure that neither becomes an easy entry point into operational systems.

What OT Security Leaders Should Prioritize Now

Following the recent cyberattack on Mexican government organizations, one fact is painfully clear: the implications of AI-assisted cyberattacks on OT environments are only starting to emerge. Future attacks will almost certainly become even faster, more adaptive, and more scalable as AI capabilities continue to improve.

But the response should not be panic, nor should it be an immediate rush to layer additional AI tools onto already complex industrial environments. Instead, organizations should focus on strengthening the security best practices have been proven to matter most in OT security.

Key priorities include:

• Reducing unnecessary exposure. Organizations should audit remote access pathways, eliminate unused internet-facing services, and minimize visible access infrastructure wherever possible.

• Strengthening identity-centric security controls. Multifactor authentication, least-privilege access, and tightly governed privileged access remain highly effective barriers against machine-speed attacks.

• Reassessing IT/OT convergence through a security lens. There is no returning to isolation, but increasingly interconnected environments must be governed with security in mind. Organizations must ensure that connectivity does not outpace access control, governance, and segmentation.

• Simplifying security architecture wherever possible. Complex environments can slow defenders down more than advanced attack methods. Reducing fragmented remote access approaches and minimizing architectural sprawl can improve both cybersecurity resilience and operational agility.

AI Didn’t Change the Fundamentals — It Raised the Stakes

The AI-assisted OT cyberattack against a Mexican water utility did not reveal a radically new cybersecurity problem. Instead, it showed how quickly AI can exploit longstanding weaknesses in the way many organizations connect and secure operational environments.

With time, defensive AI tools will likely find their place in the cybersecurity arsenal. But long-term resilience will still depend heavily on strong architectural boundaries, controlled access, and limiting unnecessary exposure between interconnected systems.

Or, as Jay Deen of Dragos concludes, “Organizations failing to implement basic security controls remain at heightened risk because AI can rapidly operationalize known offensive security techniques against exposed systems.”

¹ Gartner, First Take: Attackers Are Testing AI-Driven Reconnaissance; Focus on Fundamentals,  By Katell Thielemann, Eric Grenier, Meghan Hollis, 8 May 2026. 

GARTNER is a trademark of Gartner, Inc. and/or its affiliates.