zero-trust-ot

Mythos and the Utility Industry: Detection Without a Patch Path Special edition — June 6, 2026 Anthropic has built a frontier model that can find and chain industrial-grade vulnerabilities, and stood up Project Glasswing — now around one hundred fifty organizations across critical infrastructure — to gate its use. The detectors and hyperscalers are inside the consortium. The equipment OEMs whose firmware is the actual attack surface for the bulk electric system — SEL, ABB, Siemens, Schneider Electric, GE Vernova — are, with a single Hitachi-shaped exception, conspicuously silent. This episode argues the load-bearing question for the grid is not who has access to Mythos; it is what happens between a Mythos finding and a patched protective relay, and the corpus says that pipeline has not been built. ...

Episode Description CISA redefines zero trust for industrial networks CISA just delivered a definitive zero trust roadmap engineered specifically for operational technology that abandons disruptive IT playbooks in favor of passive discovery. This guidance arrives as utilities execute massive risk mitigation efforts, such as PG and E locking in a nearly nineteen billion dollar wildfire plan after reporting a seventy-five percent reduction in reportable ignitions. In response to compounding industry threats, federal energy regulators are simultaneously stepping up enforcement by attaching heavy disgorgement orders to standard compliance penalties. You must master these new architectural standards to secure critical infrastructure without tripping physical safety systems or facing substantial financial clawbacks. ...

Episode Description NIST formalizes identity standards for autonomous AI The National Institute of Standards and Technology has established the first federal standards initiative for autonomous AI agents. The agency's concept paper explicitly recommends treating software agents as first-class enterprise identities subject to the exact same access controls, provenance, and audit trails as human employees. In response to this regulatory signal, cloud providers are already aligning by offering managed orchestration environments that bring AI workflows inside established compliance boundaries. As organizations push automated operations into production, adopting these guardrails ensures security teams can continuously authorize and track exactly what an agent executes. ...

Episode Description Congress unveils energy cyber bill as grid attacks surge Congress advanced the Energy Threat Analysis Center Act to explicitly combat threat actors like Volt Typhoon targeting American power grids. This legislation follows a 70 percent surge in utility cyberattacks, with over 3,300 industrial organizations compromised last year and average recovery costs surpassing $3.12 million. In response, the Department of Defense issued specialized Zero Trust guidance, while utilities like PG and E launched multibillion-dollar, AI-driven mitigation plans to harden infrastructure. Because hardware procurement and grid upgrades lock in your risk profile for decades, integrating these defenses now is a strict financial imperative to prevent costly operational downtime. ...

Episode Description PG and E unveils massive grid overhaul as AI demand surges Pacific Gas and Electric unveils a seventy-three billion dollar capital plan to overhaul its grid as hyperscale AI data center demand surges. United States utility load forecasts jumped five-fold to one hundred twenty gigawatts in just three years, compounding severe vulnerabilities where ninety-six percent of industrial cyber incidents now originate from IT networks. In a major industry response, tier-one operators are actively replacing legacy control systems while cloud providers deploy hardware-verified workload isolation. Enterprise leaders scaling agentic AI must immediately audit their power availability and zero-trust security architectures to avoid costly operational downtime as physical and digital constraints collide. ...

Episode Description DoD Unveils Grid Security as Ransomware Surges State-linked hackers from Volt Typhoon embed deeply into United States utility networks while a destructive Amazon Web Services data center fire exposes physical weaknesses in cloud architecture. The unprecedented multi-day outage eliminated eighty-four global services, compounding alarm as ransomware attacks against industrial systems simultaneously surged forty-nine percent. In response to these escalating infrastructure dangers, the Department of Defense unveiled its first zero trust framework while utilities like PG and E expanded their automated grid defenses. Engineering and security teams must urgently decouple their cross-region dependencies and deploy localized network segmentation to keep physical facilities operational during targeted disruptions. ...

Episode Description Cloud Failure vs. Nuclear AI: The Resilience Drag The race to scale AI and critical infrastructure on the public cloud hit a wall: a 15-hour AWS US East One outage cascaded across 3,500 companies, exposing a stark fragility at the core of hyper-scale regional control planes. This operational risk is amplified by continuous hardware sprints, with AMD's Instinct MI350 delivering a four times performance increase over the prior generation, compelling procurement teams into mandatory annual platform turns. Critical industries are responding by seeking localized autonomy; Pacific Gas and Electric, for example, successfully deployed generative AI on-premises at the Diablo Canyon nuclear plant, where the system searches billions of documents with 98% accuracy. For professionals, this collision mandates a shift toward resilient multi-region designs and integrated cyber-physical security, as organizational silos are now the primary gap exploited by attackers targeting critical infrastructure. ...

Episode Description Autonomy Surges: Trust Lags, Infrastructure Unveils Gaps Automated systems are accelerating across all sectors, from AI-driven algorithm discovery to utility infrastructure, creating a sharp tension as security teams face an AI trust paradox in automated response, hesitant to hand over control despite machine-speed attacks. The practical risk of this rapid scaling became clear when the 15-hour Amazon Web Services outage generated over six million reports, triggered by an internal DNS race condition, highlighting acute concentration risk. Regulators and standards bodies pivot aggressively, with the Transportation Security Administration formalizing mandatory pipeline cybersecurity requirements effective May 2025 and the IEC 62443 standard pushing industrial networks toward zero trust microsegmentation. These governance gaps and architectural shifts mean organizations must urgently invest in robust failure containment and user-validated explainable AI to ensure automated speed doesn't compromise critical safety. ...

Episode Description Grid Storage Surges, Standards Pivot to Zero Trust Utility-scale battery storage deployments surged by 63% year-over-year in Q2 2025, adding 4.9 gigawatts of capacity, even as major cloud automation failures triggered massive outages. This technical acceleration unveils a policy cliff: deployments will dip sharply in 2026 due to new Investment Tax Credit sourcing rules, disrupting growth momentum. In response, regulatory bodies and the ISA pivot industrial security, revising 62443 guidance to mandate zero trust architecture and microsegmentation for OT environments. The key takeaway is clear: organizations must upgrade governance and adopt hybrid, failure-resistant architectures to ensure reliability as system complexity and risk escalate. ...

Episode Description Power Demand Surges; DoD Mandates Zero Trust in OT Constellation and NRG launched multi-billion dollar utility acquisitions, explicitly betting on an AI-driven "power demand supercycle" straining infrastructure. Despite this surge in capacity, the efficiency paradox deepened this week: a Harvard Business Review report noted that 95% of organizations see zero measurable ROI from their current AI investments. In response to increasing systemic risk, the Department of Defense mandated Zero Trust security across all Operational Technology environments. As complexity breeds weird failures—such as the 15-hour AWS US-EAST-1 outage—executives must pivot now toward disciplined measurement, platform stability, and edge security to prevent widespread operational failure. ...