Frenos, a vendor of AI native operational technology (OT) security posture management, announced on Wednesday the launch of Adversary Intelligence Engine, an IT/OT cybersecurity intelligence catalog designed to reveal how real-world threat actors operate across operational and IT environments.
Already in production, the new solution is actively powering Frenos’s AI engine, SAIRA, which enables security teams and researchers to examine how real-world threat actors operate within IT/OT environments.
“Security teams shouldn’t have to blindly trust black-box AI,” said Harry Thomas, co-founder and CTO of Frenos. “Frenos champions transparency, collaboration, and innovation. Frenos has 56 years of combined asset owner and operator experience defending critical infrastructure and we want to give back to the community something we wish we had when we were practitioners. By releasing a community version of how our AI agent SAIRA operates, we’re showing our work. We’ve curated and correlated thousands of intelligence sources to distill adversary knowledge into something anyone can understand. We’re excited to give back to the community and drive meaningful collaboration across IT and OT security.”
By analyzing attack paths and assessing whether threat actors can breach and laterally move through operational technology (OT) networks, organizations can act decisively on threat intelligence and move beyond static threat frameworks.
With the Adversary Intelligence Engine, organizations can establish a measurable and defensible cybersecurity posture that reflects how attacks actually unfold rather than how they are described in theoretical frameworks. Traditional MITRE ATT&CK techniques and D3FEND mitigations are translated into concrete adversary actions, breaking each technique down into discrete steps that mirror the real activities an attacker must carry out to achieve a specific objective.
This approach enables more accurate risk assessment and smarter allocation of security resources, ultimately lowering the probability of a breach and reducing business impact if an incident occurs. Each modeled action includes the conditions required for execution, the potential outcomes if it succeeds, and the relevant detection and mitigation guidance. Instead of treating risk as abstract or generic, organizations can evaluate feasibility, prerequisites, and consequences in a practical and operationally meaningful way.
By aligning defenses with real adversaries and tangible consequences, organizations can protect mission-critical systems more quickly and precisely while minimizing operational and financial risk. They can correlate their own threat intelligence with these modeled actions to understand real-world impact. Mapping known threat actors and intelligence to specific actions within the Adversary Intelligence Engine allows defenders to determine how an adversary could realistically affect their particular IT or OT environment, rather than relying on broad or abstract threat categorizations.
In August, Frenos partnered with N2K Networks to integrate N2K’s comprehensive professional certification dataset into Frenos’ SAIRA (Simulated Adversarial Intelligence Reasoning Agent), creating an initial OT security platform powered by industry-validated intelligence rather than generic AI models. The living dataset has evolved with the industry for over 25 years and is continuously updated to reflect the latest standards and technology changes.
