Boost your production with a 30-minute tailored web demo. Discuss your needs with our experts, explore key software features, and see how octoplant can increase productivity.
Stay ahead of the game with the latest EU cybersecurity requirements for manufacturing. Learn how to navigate the NIS2 Directive and ensure compliance with our white paper.
Empower your journey with AMDT’s solutions through a centralized portal designed to simplify license management, streamline support, and enhance your skills - all in one place.
The new report with Statista reveals which areas are experiencing a rapid growth in OT risks and the steps that companies must prioritise to ensure stability and security.
Are you passionate about making a difference, driving innovation and growing with a dynamic team? We're looking for motivated individuals who are ready to take on exciting challenges and build the future with us.
For years, industrial OT environments were considered difficult terrain for automated cyberattacks. The protocols were too specialized, the firmware too customized, and the technical barrier to entry too high. However, a recent study on APIOT ("Autonomous Purple-Teaming for Industrial OT") challenges this assumption. For the first time, researchers have demonstrated an autonomous AI agent that can independently identify, attack, patch, and validate industrial bare-metal systems without any operational human assistance.
The study focuses on resource-constrained operational technology (OT) devices based on microcontrollers that communicate using industrial protocols, such as Modbus/TCP and Constrained Application Protocol (CoAP). Unlike traditional IT systems, these devices typically run without an operating system or established security controls. This is precisely why they have long been considered difficult targets for automated attacks.
APIOT uses large language models to analyze packet structures and protocol fields autonomously. Rather than relying on prebuilt exploits, the system works directly with protocol primitives and derives suitable attack patterns independently. During testing, APIOT achieved a 90 percent success rate throughout the entire discovery, exploitation, patching, and verification lifecycle. In many cases, the AI identified potential targets after just a few interactions and immediately began attempting to exploit them.
The study makes clear that attacks against industrial firmware will no longer be limited to highly specialized experts. The researchers describe this development as a turning point because AI systems can now independently analyze protocol structures, infer vulnerabilities, and orchestrate complete attack chains.
However, the tests also revealed the limitations of autonomous agents. Without additional control mechanisms, the system encountered repeated looping behavior, flawed reconnaissance processes, and stalled mission phases. Only an additional governance layer, referred to as an "Overseer," stabilized operations and significantly reduced erroneous behavior.
The findings underscore the evolving threat landscape for industrial networks. In particular, distributed OT architectures with multiple network layers significantly increase the potential attack surface. At the same time, many bare-metal devices continue operating for years with unchanged firmware, often without organizations maintaining full visibility into their assets, communication paths, or vulnerability status.
Consequently, continuous visibility across OT infrastructure has become a critical security requirement. Solutions such as Octoplant help organizations centrally manage industrial assets, firmware versions, and network structures while identifying security risks early on.
The full study, “APIOT: Autonomous Vulnerability Management Across Bare-Metal Industrial OT Networks,” is available on Arxiv.