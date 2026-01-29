As AI proliferates defensive and offensive cyber, agencies need comprehensive visibility into both IT and OT assets, the Armis threat intelligence leader says.

It might seem discouraging at first glance: Agencies’ so-called cyberattack surfaces keep growing, not shrinking.

In reality, it’s because agency cyber practitioners — especially in the Defense Department — are gaining ever greater visibility into their assets subject to attack. In so doing, they’re gaining greater ability to repel attacks that could cripple critical systems.

“I’ve noticed, talking to a lot of different agencies, is they’re now understanding more of what really is in scope of what could be attacked,” said Michael Freeman, the head of threat intelligence at Armis during Federal News Network’s Industry Exchange Cyber 2026.

Specifically, he said, Defense agencies see that their weapons platforms are just as vulnerable as their business and command and control systems. That’s thanks to tools that integrate data gathered from disparate systems, not just IT systems but also including the operational systems that control physical platforms.

Of the latter, OT systems, Freeman said agencies realize “knowing that those systems are interconnected, they could also be attack surfaces they weren’t aware of two years ago but now are definitely aware of.”

That knowledge, Freeman said, brings cyber and operational teams together, because the offensive, warfighting capabilities of weapons systems become unavailable if an enemy compromises their control systems. One result Freeman said he’s noticed is that OT systems owners receive growing budgets.

“The OT side of the house is really getting a bigger say,” he said, “and an allocation of budget as well as a bigger stake at the table. People are really understanding now that operational technology is extremely critical.”

Keep pace with OT

Freeman pointed out that OT often entails old technology, or it comes from vendors for which cybersecurity was not a priority. Patches and fixes may not be readily available. Therefore, the organization, including those in the Defense Department, must get creative in ensuring archaic but connected systems come into the cybersecurity fold. This starts with understanding topography and where security gaps lie.

“Some newer methods using data science — attack graphing, for example — [help with] understanding attack paths, of how you would actually reach those systems,” he said. Attack graphing requires “pulling in your configurations for your network, switches, your firewalls and identifying what steps a threat actor would have to take to move within your environment.”

It would also help identify where an OT system attacker might hide.

Now, artificial intelligence offers promise in better understanding the code in OT systems and then rendering them less vulnerable, Freeman said. In fact, attackers are also using AI to discover security weaknesses. It’s important for defenders to get there first, Freeman said.

That’s the approach Armis has taken.

“We’re building AI tools that can identify vulnerabilities in your source code that even 20 years of your static analysis tools still can’t find,” he said. The company’s attack mapping capability lets users “quickly identify in real time if there’s a change in the environment before the attacker can find it.”

He added, “I see this AI arms race will come to the point where those who know the environment the best will be the winner, whether that’s the attacker or the defender.”

Skills of the people within an organization must also expand for AI, Freeman said, adding that upskilling should focus not just on prompt engineering but also on what he called context engineering.

“Prompt engineering is great when you have the ability to ask questions to the AI,” he said. That is, when a person interacts directly with a large language model, crafting the question is important to getting a reliable answer.

Context engineering, Freeman said, “is going to be great when you build AI agents.”

When designing automated AI processes, coders will need to ensure the bot accesses only the data relevant to the task. Especially in the agentic world, organizations will need to ensure the security of agents lest malicious actors obtain them and retrain them with other data — a phenomenon researchers at Armis have observed already.

“Understanding how to build better AI systems with better context is going to be key for most cyber security professionals to understand the future,” Freeman said.

Rethink testing

AI has also fundamentally changed the way organizations need to go about testing and verification of security. Freeman made the analogy of the internet, built on systems designed decades ago, often from long-forgotten companies.

“I think AI will be in a very similar situation,” he said. “When AI is leveraged correctly in a company to really move it forward, both from an operation standpoint to a cybersecurity standpoint, the ability to interact with that AI will be different than what it is right now.”

That will require built-in adaptability, he said. Freeman cited one current strain of thought that “cyber security professionals might have to give up certain controls and allow AI to do what it needs to do, because it’s getting attacked by AI systems and humans can’t react fast enough to those types of attacks.”

He said organizations will need to update how they conduct what-if and table-top exercises because AI-powered probes are so much more comprehensive than conventional ones.

Traditional disaster recovery scenarios remain relevant, Freeman said, but keeping AI at bay will require more comprehensive knowledge of systems and documentation than organizations typically have.

Freeman said Armis itself has continuously evolved from its foundation as an IT asset discovery and visibility tool provider. Now, he said, “we’re taking cyber security to a new level using AI.”

ServiceNow recently acquired Armis. The combination, he said, “could potentially be the next operating system of the enterprise.” He added, “If you know what physical assets you have, and you can have the documentation and the processes in place to manage those using AI – that is where ServiceNow is pivoting and can take great advantage of the technologies they’ve acquired from Armis.”

