The skills shortage in operational technology security is not a pipeline problem. It is a depth problem: the number of analysts who can read OT threat intelligence and make defensible decisions under pressure is small and shrinking relative to the attack surface. Dragos is releasing EmberAI to compress that gap.
EmberAI is an AI capability embedded inside the Dragos Platform, built on what the company calls its Intelligence Fabric: more than five petabytes of daily OT telemetry, a decade-plus of adversary tracking across named OT threat groups, proprietary vulnerability research across more than 600 OT protocols, and frontline incident response experience from power grids, manufacturing plants, water systems, and pipelines. That accumulation is what Dragos argues general-purpose AI cannot replicate — it requires the specific operational context to distinguish a critical exposure from background noise.
The core capability is a plain-language query engine: analysts ask questions and receive answers grounded in the Intelligence Fabric, mapped to known OT threat groups and real observed attack patterns. Context is correlated across assets, vulnerabilities, threat intelligence, and network activity in real time. The system also generates incident summaries and reporting, with the aim of reducing the manual data-gathering work that currently consumes most of an OT analyst's time.
One design principle runs through all of it: customer data never leaves the customer's environment. EmberAI operates inside the Dragos Platform deployment the organisation already controls, and every recommendation it surfaces is transparent and auditable. The intent is a human-in-the-loop model where the analyst responsible for protecting the environment owns the final decision.
"We built EmberAI to harness Dragos's decade-plus of experience in threat intelligence, incident response, adversary tracking, and frontline operations for OT environments," said Robert M. Lee, CEO and Co-Founder of Dragos. "It is hard to reproduce this depth of OT-specific expertise and build AI that understands and can action OT specific findings."
EmberAI is generally available today inside the Dragos Platform. Dragos also pointed to Gartner guidance recommending organisations favour solutions using a highly tuned, CPS-specific intelligence engine rather than feeding sensitive operational telemetry into opaque cloud-based models.
To stay across the latest in cloud, AI and enterprise tech analysis from Compare the Cloud, subscribe to our weekly newsletter at https://www.comparethecloud.net/newsletter
