Ampyx Cyber Blog
The Intersection of Regulation & Resilience
Claude Mythos and the OT Threat Horizon: What Utility Operators Need to Know Now
Anthropic's Claude Mythos can autonomously discover zero-day vulnerabilities across every major OS and browser, and the same codebases run in OT/SCADA environments. This post breaks down why Mythos-class AI exploitation tools directly implicate utility operators, which NERC CIP obligations are already in play, and what actions defenders should take before the patch window closes.
The E-ISAC's 2025 Report: Real Progress, Remaining Constraints
The E-ISAC's 2025 End-of-Year Report shows real growth in membership, engagement, and threat intelligence output. But a structural challenge rooted in its funding and governance relationship with NERC continues to limit the incident sharing that collective defense depends on. Comparing E-ISAC's reported numbers against peer ISACs in health and financial services reveals how much ground remains.
Volt Typhoon and the Quiet Pre-Positioning of the U.S. Power Grid [Updated]
Volt Typhoon represents a quiet but strategic cyber threat to U.S. electric utilities, characterized by long-term access and persistence rather than immediate disruption. Rather than deploying malware, the actor relies on legitimate administrative tools to maintain durable access inside critical infrastructure networks. This blog examines what makes Volt Typhoon different and why early detection depends on behavioral context, not signatures.
Four Years In: What NERC’s Cyber Security Incident Reporting Data Tells Us (and What It Doesn’t)
In the world of Bulk Electric System (BES) cybersecurity, signals of risk don’t always arrive with alarms blaring or malware lighting up dashboards. Sometimes, the signs are quieter—brute force login failures, odd port scans, or a sudden spike in account lockouts. The annual CIP-008-6 report, filed March 21, 2025 by NERC, shines a small but telling light on just such signals.