Critical Path Security has announced the development of a new AI-driven OT Digital Twin Engine designed to combine graph-based attack-path analysis, deterministic simulation, and Large Language Model-assisted reasoning to evaluate industrial environments without actively interacting with production systems.
The platform was developed in response to a growing problem across Operational Technology and critical infrastructure environments: traditional assessment methodologies were never designed for fragile industrial systems that cannot safely tolerate aggressive scanning, enumeration, or exploitation activity.
In many OT environments, a malformed packet can disrupt operations. A vulnerability scan against an aging PLC or RTU can destabilize communications. A failed authentication attempt can interfere with emergency operational access. The consequence of intrusive testing inside industrial infrastructure is fundamentally different than in enterprise IT environments.
The new Digital Twin Engine was architected around a different model.
Rather than interrogating live systems directly, the platform ingests existing operational and security artifacts already maintained within the environment, including firewall policies, switch configurations, asset inventories, VLAN mappings, zone definitions, routing structures, and industrial protocol configurations. The engine then builds a graph-based mathematical representation of the environment and performs adversarial simulation against the model itself rather than the production network.
Critical Path Security stated that the platform combines deterministic analysis with AI-assisted contextual reasoning. Deterministic simulation engines enumerate and calculate structurally viable attack paths across the environment, while integrated LLM workflows assist analysts in interpreting attack chains, explaining protocol risk, identifying architectural weaknesses, generating mitigation recommendations, and accelerating operational understanding for engineering and executive teams.
The company emphasized that the platform was intentionally designed to avoid “black box AI” decision-making.
Instead, the underlying graph traversal, probability scoring, segmentation analysis, and attack-path discovery remain deterministic and mathematically explainable, while AI and LLM components are leveraged to enrich context, accelerate analyst workflows, summarize findings, correlate architectural exposure, and generate human-readable operational intelligence.
The simulation engine currently supports multiple attack modeling methodologies, including exhaustive breadth-first attack-path enumeration, probabilistic Monte Carlo adversarial simulation, and weighted shortest-path calculations designed to identify the most likely routes an attacker would realistically select during lateral movement operations.
Each attack path is modeled as a sequence of adversarial actions that includes:
• Source and target systems
• Protocol exposure
• Lateral movement opportunities
• Authentication weaknesses
• CVE exposure where applicable
• MITRE ATT&CK for ICS mappings
• Defensive control influence on probability of success
• Feasibility and impact scoring
Critical Path Security noted that one of the primary drivers behind the project was the realization that many traditional vulnerability management platforms fail to accurately model the operational realities of industrial networks.
In OT, the largest risks are not always software vulnerabilities.
Many industrial protocols were designed decades before modern cybersecurity assumptions existed. Protocols such as Modbus TCP, EtherNet/IP, BACnet, S7comm, and legacy DNP3 implementations frequently operate without authentication, encryption, or integrity validation enabled by default.
The platform models those protocol characteristics directly during attack simulation.
This allows the engine to identify architectural exposure scenarios where segmentation failures create high-probability attack paths into critical systems even in the absence of exploitable CVEs.
The company also stated that AI-assisted analysis plays a major role in helping organizations operationalize findings. Large Language Models integrated into the platform can generate contextual summaries for engineers, SOC analysts, executives, auditors, and operational leadership teams while maintaining technical traceability back to the deterministic simulation layer.
Additional functionality includes:
• AI-assisted attack-path explanation
• Automated mitigation prioritization
• Segmentation gap analysis against Purdue Model architectures
• Node and edge criticality analysis
• Executive readiness scoring
• Risk narrative generation
• Continuous configuration reassessment workflows
• MCP-compatible AI agent integration
The platform additionally exposes API and MCP tooling designed to support integration with AI agents, orchestration systems, and future autonomous SOC workflows.
Critical Path Security stated that future development efforts will focus heavily on expanding AI-assisted operational reasoning, including enhanced contextual understanding of industrial communication patterns, autonomous risk explanation, security posture drift analysis, and AI-assisted remediation validation following configuration changes.
The company believes the future of industrial cybersecurity will increasingly require platforms capable of combining deterministic security modeling with AI-assisted operational reasoning at machine scale.
As adversaries continue accelerating their own use of automation and AI-driven targeting, organizations defending critical infrastructure will require systems capable of continuously understanding not only where vulnerabilities exist, but how attackers can realistically chain those weaknesses together across complex operational environments.
