Dragos has introduced EmberAI, a new operational technology (OT)-native artificial intelligence capability designed to help security analysts identify, prioritize and respond to threats across industrial environments using OT-specific intelligence.

The company said EmberAI is built on the Dragos Intelligence Fabric, which it describes as the world's largest OT cybersecurity data set. Drawing on more than a decade of OT threat intelligence, incident response and operational knowledge, the platform is intended to give analysts immediate access to historical and real-time intelligence within the Dragos Platform.

According to Dragos, EmberAI provides visibility into assets, vulnerabilities and network activity across OT environments while helping organizations prioritize threats based on their operational impact. The AI is designed to enable analysts of varying experience levels to move more quickly from alerts to informed action using intelligence based on real-world adversary activity.

The launch comes as threat activity targeting critical infrastructure continues to increase and organizations face an ongoing shortage of OT cybersecurity professionals. Dragos said general-purpose AI tools often lack the operational context needed to distinguish critical exposures from routine activity or accurately assess the impact of threats on industrial operations.

The company said EmberAI is designed for organizations securing extended operational technology (xOT) environments including power grids, manufacturing facilities, water systems, pipelines and data centers. It aims to help IT practitioners, plant engineers and experienced OT professionals better understand operational risks and prioritize findings that could affect safe operations.

"We built EmberAI to harness Dragos's decade-plus of experience in threat intelligence, incident response, adversary tracking, and frontline operations for OT environments," said Robert M. Lee, CEO and Co-Founder of Dragos. "It is hard to reproduce this depth of OT-specific expertise and build AI that understands and can action OT specific findings."

Dragos said the Intelligence Fabric is powered by more than five petabytes of daily OT telemetry, more than 10 years of adversary tracking across named OT threat groups, proprietary OT vulnerability research conducted as a CVE Numbering Authority, research covering more than 600 OT protocols and frontline incident response experience in critical infrastructure environments.

EmberAI includes several capabilities intended to streamline analyst workflows. An intelligence-driven query engine enables analysts to ask questions in natural language and receive OT-specific responses grounded in the Dragos Intelligence Fabric. The platform also correlates assets, vulnerabilities, threat intelligence and network activity to provide operational context across an environment.

Additional features include adversary-informed guidance that maps detections and alerts to known OT threat groups and observed attack patterns, along with workflow automation for alert triage, incident summaries and reporting. Dragos also said its analysts are developing a library of guided workflows based on expertise gained through proactive services, investigations and incident response that will be available in the future.

The company said EmberAI follows a "human in the loop" approach, keeping analysts in control of decision-making. Recommendations are designed to be transparent and auditable while customer data remains within the customer's existing Dragos Platform deployment.