Tosi Warns of Critical OT Security Gap Months Before Federal Advisory
Event summary
- Tosi's February 2026 report identified vendor remote access as the weakest OT security capability across all sectors surveyed.
- A federal advisory in April 2026 confirmed this vulnerability as the entry point for cyber-attacks on US critical infrastructure.
- Manufacturing scored just 1.67 out of 5 on vendor access to plant floor systems, the lowest score in the dataset.
- One in three US organizations takes hours or longer to revoke vendor access after job completion.
- Tosi Gateways are positioned as a solution to secure industrial controllers from direct internet exposure.
The big picture
Tosi's findings highlight a systemic vulnerability in OT security that has already been exploited in attacks on US critical infrastructure. The federal advisory validates Tosi's research, suggesting potential regulatory action to enforce better security controls. This dynamic positions companies like Tosi to benefit from increased demand for their security solutions as organizations scramble to comply with emerging standards.
What we're watching
- Regulatory Enforcement
- How quickly federal agencies will mandate secure gateways for industrial controllers following the advisory.
- Adoption Pace
- The pace at which critical infrastructure operators deploy solutions like Tosi Gateways to mitigate identified risks.
- Market Differentiation
- Whether Tosi can leverage its early identification of this vulnerability to gain market share in OT security.