"None of the OT companies, none of the organizations that are most representative of that portion of the ecosystem are participating in this and are being represented," said Tatyana Bolton, executive director of the Operational Technology Cybersecurity Coalition.
Tatyana Bolton and the operational technology exclusion
Bolton's observation frames a simple, consequential fact in this reporting: hyperscalers and other large IT companies are on the list of organizations getting special access to frontier AI models from Anthropic and OpenAI; operational technology (OT) companies are not. ISMG found that none of the half dozen specialist OT cybersecurity companies it queried had been approached by either Anthropic or OpenAI, and none of those OT firms appear in public disclosures about the labs' trusted-access programs.
Bolton characterized the gap as a culture clash: "When the big players get together, they are not thinking about small scale critical infrastructure operators, they are thinking about their peers. The other hyperscale businesses. When they think about critical infrastructure, they think about JP Morgan Chase, not about some rural water utility in Illinois." She added bluntly, "It's Silicon valley vs. rural America, different worlds."
Anthropic's Project Glasswing and OpenAI's Trusted Access for Cyber
Both frontier labs say restricting access to their most powerful models is intended to give defenders a head start: a chance to identify and remediate software flaws before similarly capable models are available to attackers. Anthropic has publicly invited 40 open-source projects into its Project Glasswing, while OpenAI's Trusted Access for Cyber program is distributing access on a tiered basis and promises that "thousands" of vetted and verified cybersecurity researchers will be able to gain access.
Despite those programs, the labs did not engage with many OT-focused firms. Anthropic's press office did not respond to repeated requests for comment, and OpenAI's press office did not respond by publication to a detailed summary of this story.
Allan Friedman on OT's different tempo and vulnerability metrics
Allan Friedman, identified in the reporting as a former CISA senior advisor and now a senior adjunct technical advisor at the Institute for Security and Technology, warned that processes designed for modern IT may not map cleanly to OT environments. "OT systems are designed to last decades, so security operates at a different rhythm, and according to different rules," he said.
Friedman argued that OT manufacturers should be treated as stakeholders in coordinated-disclosure processes—alongside open-source maintainers and large cybersecurity firms—and that vulnerability severity is measured differently in OT. "A process that works for the modern software industry and IT, probably wouldn't work as a direct port over to OT either from the vendor perspective or from the customers and users," he said.
Friedman added that Anthropic is working with the Apache Foundation and the Linux Foundation "to understand how vulnerability handling is different in open source compared to proprietary software," as part of recognizing that "not all stakeholders are the same."
Armis, Carlos Buenano, and adoption friction in OT markets
Some OT security vendors want in. Armis's Chief Technology Officer for OT, Carlos Buenano, said his company "would love to get involved" with either lab's trusted-access programs. He also flagged market resistance: "Any OT vendor lags, in terms of really adopting this type of [AI] technology, because of the dynamics of the OT [marketplace]."
Buenano pointed to a stubborn operational reality: vendors that have added security features can find customers reluctant to accept the necessary operational friction to adopt them. "That's the sad reality," he said, summarizing a constraint that complicates rapid deployment of AI-enabled defensive tools in many OT settings.
Pentagon designation and the reported cascading effect
The reporting notes a related political and procurement complication: the designation of Anthropic as a supply‑chain risk by Secretary of Defense Pete Hegseth. The story states, "The ban allows the military to continue using Anthropic ban for up to six months."
That designation, according to "one OT security industry executive" quoted in the piece, has real consequences for industry outreach: "I think the administration shot themselves in the foot by banning Anthropic. We're in this competition with China, with Russia and we can't use one of the best tools there is." The executive added that the designation was having a "cascading effect" through the technology sector, making industry players reliant on federal business wary of associating with Project Glasswing.
What this means for OT technologists, policymakers, and infrastructure operators
- OT technologists and security teams: They face a mismatch between the labs' trusted-access processes and OT operational realities. As Friedman noted, vulnerability severity and remediation timelines in OT diverge from IT norms, and OT vendors will need tailored disclosure workflows rather than a straight port of IT practices.
- Policymakers and procurement leaders: The Secretary of Defense's supply‑chain designation has already introduced procurement friction, and the quoted executive warned of a "cascading effect" that could make federally dependent vendors cautious about participating in programs like Project Glasswing.
- Infrastructure operators and OT equipment manufacturers: Operators that manage long-lived systems are being kept out of closed-door model access and coordinated-disclosure conversations despite, in Bolton's words, being "the biggest vulnerability that we have." Those operators will need to weigh whether current outreach suffices or whether labs must expand engagement to sectors beyond hyperscalers and large IT firms.
The current arrangement—powerful AI models tucked behind selective access, coordination efforts focused on open-source and large IT stakeholders, and an OT sector left largely outside the loop—leaves an unresolved question: will the frontier labs adapt their trusted-access and disclosure practices to the particular tempo and operational constraints of OT, or will OT operators have to build parallel defenses without direct access to the same discovery tools? For now, the labs' stated intent to give defenders a head start is clear; whether that head start reaches the OT systems Bolton warns are already under nation‑state pressure remains a pressing and unanswered practical problem.
https://www.govinfosecurity.com/ot-cybersecurity-frozen-out-by-frontier-labs-a-31536
