Frontier Agentic Models Compress IT-to-OT Exploit Cycle Below 90 Seconds

Frontier models released in early 2026 shifted from code suggestion to active testing and weaponization loops. Organizations that integrated these agents into development pipelines simultaneously created the attack surface the same models exploit at machine speed. Internal red-team logs show single multi-homed devices serving as the sole bridge between corporate and factory networks, traversed in milliseconds once identified.

Public catalogs such as CISA KEV and EPSS assume human-scale dwell times and reusable signatures. Autogenous attacks generated on the fly leave no stable artifact for indexing. The result is an attribution gap where technical telemetry shows autonomous lateral movement while official statements continue to reference slower, human-operated campaigns.

Convergence of IT and OT removed prior segmentation assumptions. Protocols including Modbus and S7comm function as open pathways once an agent identifies the bridging asset. Physical outcomes such as valve actuation or line shutdown now occur on the same timeline as data exfiltration.

Asset inventory accuracy at Layer 2 has become the decisive control. Organizations without continuous, machine-readable mapping of every multi-homed endpoint will observe breaches that complete before human responders receive the first alert.