AI-assisted compromise of Mexican water utility with OT implications

Dragos is reporting an early real-world observation of an adversary using commercial AI tools to identify and prioritize operational technology (OT) infrastructure during an IT intrusion.

In late February 2026, researchers at Gambit Security recovered a vast collection of materials
related to a large-scale compromise of multiple Mexican government organizations that
occurred between December 2025 and February 2026. Gambit brought Dragos into their
investigation to specifically assess adversarial activity that took place during an intrusion into a municipal water and drainage utility in Monterrey, Mexico. During this analysis, Dragos identified a significant compromise of the utility’s enterprise IT environment, which showed an attempt to escalate the intrusion into an OT environment.

Artifacts recovered from the adversary’s infrastructure associated with this intrusion showed
that an unknown adversary extensively leveraged commercial AI tools to accelerate core
intrusion activities, including reconnaissance, environment mapping, tool development, and
intrusion planning. Dragos observed AI-supported identification of an internally accessible OT interface and a directed attempt to breach the IT-OT boundary, advancing the intrusion to Stage 1 of the ICS Cyber Kill Chain. Dragos did not identify evidence that the adversary established validated access to the OT environment or interacted with underlying control systems. However, technical evidence demonstrates how commercial AI tools have accelerated an adversarial operation by enabling faster identification of OT assets, rapid development of offensive tooling and the generation of tailored access paths against OT through the large-scale application of existing offensive security techniques.

Read more at Dragos