Claroty has introduced a pioneering AI-powered library to address the longstanding challenge of identifying cyber-physical system (CPS) assets in critical infrastructures. By leveraging a hybrid architecture combining classic entity resolution with generative AI, the platform creates a unified digital identity for over 17 million industrial assets worldwide, streamlining security workflows and improving operational reliability.
- Automated resolution of ambiguous CPS asset identities reduces manual risk analysis overhead
- Lakehouse architecture unifies proprietary OT data and unstructured references into governed asset records
- Hybrid AI and classical entity resolution ensure high-fidelity traceability and auditability
Infrastructure signal
Claroty’s initiative underscores a shift towards robust cloud-native data architectures for OT security, employing a Medallion architecture on Delta Lake with Unity Catalog governance. This enables the ingestion and processing of vast heterogeneous data sets — including JSON payloads, proprietary protocol data, and unstructured PDFs — in a scalable environment. The adoption of Delta Lake’s schema evolution, time travel, and Change Data Feed supports rigorous data integrity and traceable audit trails required for critical industries.
By orchestrating these capabilities on Databricks’ Data Intelligence Platform, Claroty gains the compute power and real-time data transformation essential for managing a global catalog surpassing 17 million CPS assets. The removal of traditional data silos facilitates cross-domain insights and deterministic mappings from raw signals to canonical asset records, setting the foundation for more reliable and cost-effective cloud infrastructure usage in industrial cybersecurity.
Developer impact
Developers benefit from an AI-enhanced entity resolution engine that automates the conversion of ambiguous or incomplete asset identifiers into authoritative product mappings. This lowers manual intervention for vulnerability researchers and enables faster integration of industrial device data into security workflows. Automating this complex matching process also reduces error rates and accelerates time to remediation.
The platform’s multi-agent architecture combined with generative AI models facilitates continuous model improvement and adaptive learning, which developers can leverage to maintain asset data freshness and accuracy without heavy maintenance burdens. Furthermore, a governed pipeline utilizing Delta Change Data Feed enables developers to promote data through Bronze, Silver, and Gold layers systematically, improving observability, schema compliance, and easing debugging or forensic analysis.
What teams should watch
Security operations and OT teams should closely monitor how this AI-powered CPS asset identification reduces manual detective work around unknown or misclassified devices. The introduction of a universal CPS-ID standard backed by authoritative mappings and an immutable audit trail promises to improve vulnerability prioritization and compliance reporting. Teams will need to adapt processes to leverage these enriched data sources effectively.
Product and infrastructure teams should assess the cost and reliability implications of deploying such a data-intensive AI system anchored on a cloud lakehouse. While the solution offers scalability benefits and consolidates multi-format inputs, monitoring platform usage patterns and the impact on cloud resource consumption will be critical. Additionally, teams must maintain observability on AI model performance and data pipeline health to prevent drift and ensure confidence in automated CPS asset telemetry.