There's no shortage of predictions about what AI-enabled threats will look like. This report documents what they look like today. 

Between December 2025 and February 2026, an unattributed adversary used commercial AI to compromise 11 Mexican government organizations and a municipal water utility. What set this intrusion apart wasn't the sophistication; it was what the AI did without being asked. With no ICS-specific prompting, the AI independently identified an adjacent OT environment, assessed it as a high-value target, and began developing an access path. The adversary had no meaningful OT knowledge. The AI provided it. 

This has a direct implication for defenders: there are far more IT adversaries than OT adversaries. As AI identifies OT environments and conducts initial targeting research, it routes IT adversaries toward OT without requiring any specialized knowledge of OT.  

Organizations that haven't addressed OT basics face immediate risk. But the broader takeaway is that the need for detection and response capability inside OT networks has never been more pressing. 

Read the full report to understand what happened and what it means for defenders, backed by Dragos intelligence team analysis and insights from the Dragos Intelligence Fabric.