OT Secure Remote Access in a Mythos World: Why Session Visibility Is the Next Layer
Ben Burke, President
Ben Burke, President
Jun 4, 2026
Jun 4, 2026
min read
min read
min read
Article
Article
How Claude Mythos changes the OT remote access threat model and what session-level visibility does about it.
The OT security industry has made real progress over the past several years. MFA is more widely deployed. Vendor access restrictions are more common. Network segmentation has moved from aspiration to implementation for most regulated environments. That progress matters.
And then Claude Mythos arrived.
Released by Anthropic in April 2026 and deployed through Project Glasswing, a collaborative effort with approximately 50 security research partners, Mythos is an AI model that outperforms human experts at finding and exploiting software vulnerabilities. In its first month, it identified more than ten thousand high- or critical-severity flaws across the most systemically important software in the world, including vulnerabilities that had gone undetected for 16 and 27 years.¹ It chains those findings into working exploits with minimal human involvement.
Anthropic has not released Mythos-class models publicly, as no company has yet developed safeguards sufficient to prevent serious misuse at that capability level.² But the underlying capability now demonstrably exists. Adversaries who build or access something equivalent will not announce it first.
What Glasswing Actually Demonstrated
The UK's AI Security Institute reported that Mythos Preview is the first model to solve both of their cyber ranges — end-to-end simulations of multi-step cyberattacks — without human assistance. Mozilla found and fixed 271 vulnerabilities in Firefox 150 during testing, more than ten times what the prior release cycle surfaced. An independent security platform called its web exploit precision "absolutely unprecedented."³ Automated testing tools had scanned a 16-year-old line of code five million times without catching what Mythos found and exploited.⁴
The takeaway isn't that Mythos is targeting industrial infrastructure tomorrow. It's that the expertise barrier is gone. Finding a vulnerability and turning it into a working exploit used to take weeks of skilled work. That process is now a prompt. The timeline has collapsed to near-zero, and the skill required to run it has collapsed with it.⁵
Speed Is the Threat, Not Sophistication — Mythos doesn't make OT attacks more sophisticated — it makes them faster and more accessible. Your adversary no longer needs advanced expertise. They need an exposed endpoint, a default password, and motivation. Mythos handles the rest.
Why OT Can't Just Patch Its Way Through This
Enterprise IT environments can adapt to an accelerating threat landscape through patching, reconfiguration, and rapid replacement. OT environments cannot. Industrial controllers, PLCs, SCADA systems, and DCS components are defined by longevity, safety requirements, and operational continuity — all of which resist the speed that Mythos-class discovery demands.
Many OT environments run on aging infrastructure that was never designed for the threat landscape it now faces. Some assets are no longer supported. Others can't be patched without a production shutdown. For years, defenders could rely on one implicit advantage: the lag between when a vulnerability was discovered and when it could be weaponized. Mythos eliminates that buffer. If a system is vulnerable in theory, it is now vulnerable in practice — and the window between those two states has collapsed to near-zero.
CISA has confirmed that threat actors are already present in OT environments — not through novel exploits, but through the pathways used every day: internet-exposed services, shared credentials, and unmanaged third-party access.⁶ What Mythos changes is not the existence of those entry points. It changes the speed and scale at which they can be turned into breaches. It accelerates every phase:
Rapid environment mapping — scanning for exposed endpoints and default credentials at machine speed across thousands of similar environments simultaneously
Exploit chaining — automating progression across IT/OT boundaries in real time
Credential mimicry — using valid credentials to mirror routine vendor operations, making detection far harder
The CISO's Core Question — "If an attacker authenticated as one of your vendors — from the right IP, with the right credentials — how long before you'd know? Would you be able to prove it wasn't that vendor?" CISA's advisory on the Iranian campaign against U.S. critical infrastructure illustrates exactly this: attackers used valid credentials to blend into legitimate operations. Mythos amplifies that at scale.
The Session Is Where Risk Lives
According to the SANS State of ICS/OT Security 2025 report, half of all OT cyber incidents began with external access.⁷ Not exotic exploits, but external access. The same mechanism your vendors use to maintain equipment and your engineers use to troubleshoot across sites.
Standard secure remote access controls such as MFA, segmentation, third-party access restrictions are more broadly implemented than they were two years ago, and that progress is real. But those controls govern the front door. They do not govern what happens after it opens.
Spycloud's 2025 Annual Identity Exposure Report found that nearly 80% of breaches still involve stolen credentials — not because MFA doesn't work, but because phishing, MFA fatigue, and session hijacking all operate after the credential check.⁸ In a world where adversarial AI can mimic legitimate vendor behavior at machine speed, the session is where the real question gets answered: was that actually your vendor?
The SANS report found that session recording and real-time session approval are fully implemented by only 13% of organizations surveyed.⁹ That gap — between access granted and access understood — is where a significant portion of remaining OT remote access risk lives.
Three Data Layers. Most Programs Have Two.
A complete OT remote access program needs to govern three things:
Identity — who is connecting. MFA, SSO, and authentication assurance level are the foundation. Behavioral baselines built over time add a second dimension: when does this user normally log in, from where, on which devices?
Device — what they're connecting to. A patched modern controller is a fundamentally different risk surface from a legacy PLC that can't be updated without a production shutdown. Asset visibility tools already know the difference. The question is whether that intelligence reaches the administrator at the moment of an access decision.
Connection — what actually happened during the session. Not just that access was granted, but what the user did, what they touched, and whether anything meaningful changed between login and logout. This is the layer that credential mimicry requires to detect. And it's the layer most programs are missing.
Identity tells you who came in. Device tells you what they were connecting to. Connection tells you what they actually did. Without the third layer, you have an access log. You don't have a security record.
What an Informed Access Decision Looks Like
A vendor authenticates successfully. MFA passes. The access window is open and the administrator clicks approve — the ticket is valid, the timing checks out.
But the login is coming from a new IP. The browser language has changed. The same account shows an authentication from a location that is geographically impossible given the prior login timestamp. Under a credential-focused model, none of that is visible at the moment of approval. The session opens. If something is wrong, the team finds out in the post-incident review, not in real time.
The administrator didn't make a bad decision. They made an uninformed one. The information existed, but it just wasn't surfaced where it mattered.
Session Forensics with Dynamic Risk Scoring in the Dispel Zero Trust Engine is designed around that gap. It dynamically scores every login and session against behavioral baselines built at the org, group, and individual user level. Critically, those baselines only learn from trusted logins — so a compromised account cannot train the system to accept anomalous behavior as normal. At the moment of access approval, the administrator sees a composite risk view: the user's current score alongside device risk data enriched from Nozomi Networks, TXOne Networks, Dragos, Forescout, or Armis. No new dashboards. The intelligence they've already invested in, surfaced where it's actionable.
Green user to a green device? Approve and move on. Red user to a red device? That's a conversation before the session opens.
Evidence That Holds Up
Every session generates a complete forensic record: authentication events, keystroke logs, screen recordings, SIEM-forwarded data, and timestamped evidentiary packages ready for NERC CIP, IEC 62443, NIST SP 800-82, and TSA SD02 audits. Failed authentication attempts are logged even when no session is granted — surfacing brute force activity that would otherwise go undetected.
In practice: an SOC analyst sees a suspicious privilege escalation in a SIEM alert. They pull the session, check the user's risk score at login, and review the recording live. They make an informed decision based on the full context of that specific session, not the alert alone. That's the difference between a forensic program and an access log.
Security That Doesn't Slow Operations Down
Adding session governance to an OT remote access program should not mean adding friction to every workflow. SANS found that 60% of organizations cite lack of internal resources as the top blocker to advanced secure remote access implementation.¹⁰ That's a real constraint. The answer isn't more headcount — it's risk-proportional oversight.
A green session from a familiar user on a known device moves quickly. A yellow or red session surfaces the context an administrator needs to make a deliberate decision rather than an automatic one. The program operates at full speed when conditions support it and slows down deliberately when the risk profile says it should.
When the session blind spot is eliminated, the secure path and the fast path become the same path. That's what OT teams building serious remote access programs are working toward — and in a threat environment defined by adversarial AI that looks exactly like a legitimate vendor until it doesn't, it's what the threat model now requires.
OT remote access is still the weakest link — but it doesn't have to be.
See how industrial teams are eliminating session blind spots and standardizing secure access across distributed operations. Read Takepoint Research: Reducing Operational Friction →
Footnotes
¹ Anthropic, "Project Glasswing: An Initial Update," May 22, 2026.
² Anthropic via CyberScoop, "Anthropic Mythos Software Flaws Glasswing."
³ Anthropic, "Project Glasswing: An Initial Update," May 22, 2026. UK AI Security Institute, Mozilla Firefox 150, and XBOW benchmark findings.
⁴ Forrester, "Project Glasswing: The 10 Consequences Nobody's Writing About Yet," April 10, 2026. "Automated testing tools scanned a 16-year-old line of code 5 million times and failed to catch something Mythos identified and exploited."
⁵ Forrester, "Project Glasswing: The 10 Consequences Nobody's Writing About Yet," April 10, 2026.
⁶ Dispel, "Claude Mythos & OT Cybersecurity Risk" solutions brief, 2026.
⁷ SANS Institute, "State of ICS/OT Security 2025."
⁸ Spycloud, "2025 Annual Identity Exposure Report."
⁹ SANS Institute, "State of ICS/OT Security 2025."
¹⁰ SANS Institute, "State of ICS/OT Security 2025."
Ready to Simplify OT Secure Remote Access?
See how Dispel helps industrial teams standardize connectivity and protect critical environments—without added complexity.
How Claude Mythos changes the OT remote access threat model and what session-level visibility does about it.
The OT security industry has made real progress over the past several years. MFA is more widely deployed. Vendor access restrictions are more common. Network segmentation has moved from aspiration to implementation for most regulated environments. That progress matters.
And then Claude Mythos arrived.
Released by Anthropic in April 2026 and deployed through Project Glasswing, a collaborative effort with approximately 50 security research partners, Mythos is an AI model that outperforms human experts at finding and exploiting software vulnerabilities. In its first month, it identified more than ten thousand high- or critical-severity flaws across the most systemically important software in the world, including vulnerabilities that had gone undetected for 16 and 27 years.¹ It chains those findings into working exploits with minimal human involvement.
Anthropic has not released Mythos-class models publicly, as no company has yet developed safeguards sufficient to prevent serious misuse at that capability level.² But the underlying capability now demonstrably exists. Adversaries who build or access something equivalent will not announce it first.
What Glasswing Actually Demonstrated
The UK's AI Security Institute reported that Mythos Preview is the first model to solve both of their cyber ranges — end-to-end simulations of multi-step cyberattacks — without human assistance. Mozilla found and fixed 271 vulnerabilities in Firefox 150 during testing, more than ten times what the prior release cycle surfaced. An independent security platform called its web exploit precision "absolutely unprecedented."³ Automated testing tools had scanned a 16-year-old line of code five million times without catching what Mythos found and exploited.⁴
The takeaway isn't that Mythos is targeting industrial infrastructure tomorrow. It's that the expertise barrier is gone. Finding a vulnerability and turning it into a working exploit used to take weeks of skilled work. That process is now a prompt. The timeline has collapsed to near-zero, and the skill required to run it has collapsed with it.⁵
Speed Is the Threat, Not Sophistication — Mythos doesn't make OT attacks more sophisticated — it makes them faster and more accessible. Your adversary no longer needs advanced expertise. They need an exposed endpoint, a default password, and motivation. Mythos handles the rest.
Why OT Can't Just Patch Its Way Through This
Enterprise IT environments can adapt to an accelerating threat landscape through patching, reconfiguration, and rapid replacement. OT environments cannot. Industrial controllers, PLCs, SCADA systems, and DCS components are defined by longevity, safety requirements, and operational continuity — all of which resist the speed that Mythos-class discovery demands.
Many OT environments run on aging infrastructure that was never designed for the threat landscape it now faces. Some assets are no longer supported. Others can't be patched without a production shutdown. For years, defenders could rely on one implicit advantage: the lag between when a vulnerability was discovered and when it could be weaponized. Mythos eliminates that buffer. If a system is vulnerable in theory, it is now vulnerable in practice — and the window between those two states has collapsed to near-zero.
CISA has confirmed that threat actors are already present in OT environments — not through novel exploits, but through the pathways used every day: internet-exposed services, shared credentials, and unmanaged third-party access.⁶ What Mythos changes is not the existence of those entry points. It changes the speed and scale at which they can be turned into breaches. It accelerates every phase:
Rapid environment mapping — scanning for exposed endpoints and default credentials at machine speed across thousands of similar environments simultaneously
Exploit chaining — automating progression across IT/OT boundaries in real time
Credential mimicry — using valid credentials to mirror routine vendor operations, making detection far harder
The CISO's Core Question — "If an attacker authenticated as one of your vendors — from the right IP, with the right credentials — how long before you'd know? Would you be able to prove it wasn't that vendor?" CISA's advisory on the Iranian campaign against U.S. critical infrastructure illustrates exactly this: attackers used valid credentials to blend into legitimate operations. Mythos amplifies that at scale.
The Session Is Where Risk Lives
According to the SANS State of ICS/OT Security 2025 report, half of all OT cyber incidents began with external access.⁷ Not exotic exploits, but external access. The same mechanism your vendors use to maintain equipment and your engineers use to troubleshoot across sites.
Standard secure remote access controls such as MFA, segmentation, third-party access restrictions are more broadly implemented than they were two years ago, and that progress is real. But those controls govern the front door. They do not govern what happens after it opens.
Spycloud's 2025 Annual Identity Exposure Report found that nearly 80% of breaches still involve stolen credentials — not because MFA doesn't work, but because phishing, MFA fatigue, and session hijacking all operate after the credential check.⁸ In a world where adversarial AI can mimic legitimate vendor behavior at machine speed, the session is where the real question gets answered: was that actually your vendor?
The SANS report found that session recording and real-time session approval are fully implemented by only 13% of organizations surveyed.⁹ That gap — between access granted and access understood — is where a significant portion of remaining OT remote access risk lives.
Three Data Layers. Most Programs Have Two.
A complete OT remote access program needs to govern three things:
Identity — who is connecting. MFA, SSO, and authentication assurance level are the foundation. Behavioral baselines built over time add a second dimension: when does this user normally log in, from where, on which devices?
Device — what they're connecting to. A patched modern controller is a fundamentally different risk surface from a legacy PLC that can't be updated without a production shutdown. Asset visibility tools already know the difference. The question is whether that intelligence reaches the administrator at the moment of an access decision.
Connection — what actually happened during the session. Not just that access was granted, but what the user did, what they touched, and whether anything meaningful changed between login and logout. This is the layer that credential mimicry requires to detect. And it's the layer most programs are missing.
Identity tells you who came in. Device tells you what they were connecting to. Connection tells you what they actually did. Without the third layer, you have an access log. You don't have a security record.
What an Informed Access Decision Looks Like
A vendor authenticates successfully. MFA passes. The access window is open and the administrator clicks approve — the ticket is valid, the timing checks out.
But the login is coming from a new IP. The browser language has changed. The same account shows an authentication from a location that is geographically impossible given the prior login timestamp. Under a credential-focused model, none of that is visible at the moment of approval. The session opens. If something is wrong, the team finds out in the post-incident review, not in real time.
The administrator didn't make a bad decision. They made an uninformed one. The information existed, but it just wasn't surfaced where it mattered.
Session Forensics with Dynamic Risk Scoring in the Dispel Zero Trust Engine is designed around that gap. It dynamically scores every login and session against behavioral baselines built at the org, group, and individual user level. Critically, those baselines only learn from trusted logins — so a compromised account cannot train the system to accept anomalous behavior as normal. At the moment of access approval, the administrator sees a composite risk view: the user's current score alongside device risk data enriched from Nozomi Networks, TXOne Networks, Dragos, Forescout, or Armis. No new dashboards. The intelligence they've already invested in, surfaced where it's actionable.
Green user to a green device? Approve and move on. Red user to a red device? That's a conversation before the session opens.
Evidence That Holds Up
Every session generates a complete forensic record: authentication events, keystroke logs, screen recordings, SIEM-forwarded data, and timestamped evidentiary packages ready for NERC CIP, IEC 62443, NIST SP 800-82, and TSA SD02 audits. Failed authentication attempts are logged even when no session is granted — surfacing brute force activity that would otherwise go undetected.
In practice: an SOC analyst sees a suspicious privilege escalation in a SIEM alert. They pull the session, check the user's risk score at login, and review the recording live. They make an informed decision based on the full context of that specific session, not the alert alone. That's the difference between a forensic program and an access log.
Security That Doesn't Slow Operations Down
Adding session governance to an OT remote access program should not mean adding friction to every workflow. SANS found that 60% of organizations cite lack of internal resources as the top blocker to advanced secure remote access implementation.¹⁰ That's a real constraint. The answer isn't more headcount — it's risk-proportional oversight.
A green session from a familiar user on a known device moves quickly. A yellow or red session surfaces the context an administrator needs to make a deliberate decision rather than an automatic one. The program operates at full speed when conditions support it and slows down deliberately when the risk profile says it should.
When the session blind spot is eliminated, the secure path and the fast path become the same path. That's what OT teams building serious remote access programs are working toward — and in a threat environment defined by adversarial AI that looks exactly like a legitimate vendor until it doesn't, it's what the threat model now requires.
OT remote access is still the weakest link — but it doesn't have to be.
See how industrial teams are eliminating session blind spots and standardizing secure access across distributed operations. Read Takepoint Research: Reducing Operational Friction →
Footnotes
¹ Anthropic, "Project Glasswing: An Initial Update," May 22, 2026.
² Anthropic via CyberScoop, "Anthropic Mythos Software Flaws Glasswing."
³ Anthropic, "Project Glasswing: An Initial Update," May 22, 2026. UK AI Security Institute, Mozilla Firefox 150, and XBOW benchmark findings.
⁴ Forrester, "Project Glasswing: The 10 Consequences Nobody's Writing About Yet," April 10, 2026. "Automated testing tools scanned a 16-year-old line of code 5 million times and failed to catch something Mythos identified and exploited."
⁵ Forrester, "Project Glasswing: The 10 Consequences Nobody's Writing About Yet," April 10, 2026.
⁶ Dispel, "Claude Mythos & OT Cybersecurity Risk" solutions brief, 2026.
⁷ SANS Institute, "State of ICS/OT Security 2025."
⁸ Spycloud, "2025 Annual Identity Exposure Report."
⁹ SANS Institute, "State of ICS/OT Security 2025."
¹⁰ SANS Institute, "State of ICS/OT Security 2025."
Ready to Simplify OT Secure Remote Access?
See how Dispel helps industrial teams standardize connectivity and protect critical environments—without added complexity.
Recent Articles
Recent Articles
Products
Industries
Resources
Products
Industries
Resources
Products
Industries
Resources