When we kicked off the Dragos Platform 3.X series last fall, we set out to give OT defenders the fastest path to effective cyber defense, expand visibility and make it easier to act with speed and confidence. After all, according to the recently released Dragos Year in Review, fewer than 10 percent of OT networks worldwide have visibility and monitoring in place. There is work to do, and Dragos is here to help get it done.
Our latest Long-Term Support release is now available. This release brings Dragos AI capabilities to the forefront of our industrial cybersecurity platform, alongside meaningful expansions to visibility, operations, and deployment flexibility. Here is what’s new.
At Dragos, intelligence has always been at the core of what we do. Now our “actual intelligence” is empowered by artificial intelligence.
In Platform 3.0, we introduced AI in the Dragos Platform, implementing backend accelerated vulnerability matching and our new AI-powered assistant, which is a conversational interface built directly into the Dragos Platform that allows analysts to use natural language queries to ask questions and get answers grounded in their specific environment.
Since its initial release, the underlying models have continued to improve, delivering more refined outputs and expanding across analyst workflows throughout the Platform. Powered by the Dragos Intelligence Fabric which is built on a decade of frontline adversary research, OT-specific vulnerability analysis, extensive OT protocol and asset knowledge, plus frontline insights, analysts of any experience level can now investigate faster, prioritize with confidence, and close the gap between IT-trained security teams and the OT expertise the job demands. No other OT security vendor can bring that depth of intelligence to an analyst’s fingertips.
For organizations that want to go further and integrate Dragos Platform data into their own enterprise AI workflows, the Platform now supports the Model Context Protocol (MCP), available on both Cloud and On-Prem SiteStores. Think of it as a “bring-your-own” AI model. Connect your enterprise-approved AI tools directly to your Dragos Platform data, enabling natural language queries of your OT environment and custom automation tailored to your SOC workflows.
And this is just the beginning. As we continue to expand AI capabilities across the Dragos Platform, our core principles will not change. To learn more about our approach, read Building AI for OT Security: The Dragos Analyst-First Approach.
What is the Dragos Threat Intelligence Fabric?
The Dragos Intelligence Fabric is the connective system behind everything that is continuously unifying global OT telemetry, asset and protocol library and research, adversary tracking, vulnerability research, years of incident response, and artificial intelligence trained on the industry’s deepest OT dataset.
Having a complete OT asset inventory gives you the foundation for strong OT security. But when a vulnerability surfaces, do you know if that asset is still supported, or if a patch even exists?
A critical vulnerability on a supported device may have a clear remediation path. The same vulnerability on an end-of-life ICS asset may require segmentation, compensating controls, or an accelerated migration decision. That context changes everything about how you prioritize and respond.
This problem has become so critical that CISA issued Binding Operational Directive BOD 26-02 in February 2026, requiring federal agencies to inventory all end-of-support edge devices by May 2026 and remove them within 18 months. CISA is encouraging all organizations, not just federal agencies, to take the same approach.
The Dragos Platform now provides a complete asset inventory and automatically surfaces lifecycle status alongside vulnerability data with no manual lookups required. Coverage spans major OT and IT vendors including Rockwell Automation, Siemens, Cisco, and more, with additional vendors added continuously through weekly Knowledge Packs.
Helping organizations understand what is communicating in their network has always been central to ICS network monitoring and what Dragos does. The new Communications Hub takes that further, bringing full OT network visibility with communications analysis directly into the Platform, enriched with asset context for both endpoints of every communication. Filter, sort, search, and aggregate across any attribute of either asset or the communication itself. Zone-to-zone visibility, protocol usage tied to vulnerability context, and saved filters for the queries your team runs every day, all surfaced directly in the platform, exactly when you need them.
Demonstrating your security posture to auditors, leadership, and compliance teams requires consistent, accurate, and repeatable reporting. The Report Manager makes it easier to generate and schedule reports directly from the Platform, scoped by sensor, zone, or network, and delivered via download or email. Everyone from security analysts to executive leadership gets the information they need, even without direct Platform access.
The 3.X series has continued to expand where and how the Dragos Platform can be deployed, and this release takes that further.
We continue to expand Dragos Active Collection capabilities in this release. The Dragos Agent now runs natively on Linux, opening up a broader range of environments for deployment. It can also now run active queries directly on the Dragos Sensor itself, removing the need to provision separate infrastructure. Agents run as a service, survive reboots, and can be remotely upgraded or uninstalled through SiteStore.
For distributed and bandwidth-constrained sites, the Edge Sensor expands deployment options for remote or resource-limited locations where traditional sensor deployment has not been practical, bringing OT visibility to the industrial edge without the infrastructure overhead.
Platform 3.1 is packed with new capabilities, more than we could cover in a single blog post. It includes sensor configuration history with rollback capability, expanded protocol dissector support, sensor scalability improvements for environments with duplicative networks, and more.
Every release we ship reflects the same commitment: give you the tools and intelligence needed from our OT security platform to protect your critical environments effectively.
Dragos Platform AI capabilities fuse your specific OT environment data with the Dragos Intelligence Fabric is the connective system behind everything that is continuously unifying global OT telemetry, asset and protocol library and research, adversary tracking, vulnerability research, years of incident response, and artificial intelligence trained on the industry’s deepest OT dataset. Analysts can ask questions in plain English through the Analyst Assistant and receive answers grounded in their actual environment, without navigating between multiple systems.
The Dragos Platform MCP Server, available on both Cloud and On-Premises SiteStores, lets customers connect their own approved AI tools directly to their Platform data, enabling natural language queries and custom automation within their existing SOC workflows.
A Model Context Protocol (MCP) Server is a standardized way for enterprise AI models and agents to interact with external data sources and tools. It provides a consistent integration point that reduces complexity, enabling seamless communication between AI systems and the platforms they need to access.
Asset lifecycle management is the process of tracking assets from deployment through end of life, including knowing whether a device is still supported, approaching end of support, or no longer receiving security patches, which directly shapes how teams prioritize vulnerabilities and plan migrations. The Dragos Platform automatically surfaces lifecycle status alongside your asset inventory and vulnerability data, giving your team that context without manual lookups.
Understanding what is communicating in your OT network, and whatshouldn’tbe, is fundamental to detecting threats and conducting investigations in industrial environments. Without visibility into network communications, security teams cannotestablishbaselines of normal behavior,identifyunauthorized connections, orvalidatethat segmentation policies areactually working. The Dragos Platform Communications Hub brings this analysis directly into the Platform, enriched with asset context, so teams can investigate without leaving their workflow.
CISA Binding Operational Directive 26-02, issued in February 2026, requires federal agencies to inventory all end-of-support edge devices by May 2026 and remove them within18 months. CISA is also encouraging all organizations — not just federal agencies — to take the same approach to managing end-of-life assets in their environments.
2026 is going to be a very busy year for the Dragos Platform, packed with impactful releases and weekly updates continuing to fuel our context and intelligence; all with the goal of driving immediate value, making analysts’ lives easier, and protecting the critical assets and systems that matter most.
If you are already a Platform customer, your account team can walk you through everything that’s new.
If you’re exploring how to strengthen your OT security capabilities, the Dragos Platform delivers the visibility and threat intelligence needed to protect your environment. Connect with our team to learn more.
