Claroty Claire Launches With Approval Boundaries for Factory and Hospital AI Security
Claroty introduced Claire, a CPS-native AI security agent. The launch shows why AI action in factories and hospitals has to be tied to asset data, approvals, and audit trails.
- What happened: Claroty introduced
Claire, a CPS-native AI Security Agent, on May 28, 2026.- The target is cyber-physical systems in factories, hospitals, data centers, utilities, and public infrastructure, where downtime can create physical risk.
- Numbers to inspect: Claroty cites 20k+ deployed sites, 40M+ protected assets, and 6,500+ OEM and MDM vendors.
- Builder takeaway: Security agents in CPS environments will compete on asset identity, approval logs, deterministic actions, and rollback paths, not only response speed.
Claroty introduced Claire on May 28, 2026 and described it as a "CPS-native AI Security Agent." CPS stands for cyber-physical systems: industrial PLCs, HMIs, medical devices, building controls, logistics equipment, and the power and cooling systems behind data centers. These are environments where a digital instruction can become an operational event.
Reading this as another security chatbot launch misses the product tension. Claroty's announcement argues that teams cannot tolerate hallucinated guidance when they are managing a power grid, surgical suite, or data center. The point is not whether an LLM can summarize an alert quickly. The harder question is whether an AI system might recommend a patch for the wrong device, change segmentation policy around a production line, or send a ticket without enough operational context.
Claroty's official release says Claire provides AI-powered CPS visibility, contextual insights, and agentic actions. The same release ties Claire to more than a decade of Claroty domain expertise, 20,000 deployed sites, over 50 sectors, and more than 60 countries. Claroty also points to data from more than 6,500 OEM and medical device manufacturers, plus Team82 threat research. The product page adds the figure of 40 million protected assets.
The official SVG points to something broader than a chat surface. Claroty connects a CPS data lake, CPS Library, asset identity, attack paths, alert evidence, and integrations so security and operations teams can move from a finding to an approved action. For an AI agent in a factory or hospital, the first audit question is not "what did it answer?" It is "which system did it intend to affect, based on what evidence, and who approved the action?"
Why AI Is Harder in CPS Security
Security automation is already familiar in IT environments. Tools can find vulnerable packages, triage endpoint alerts, enrich SIEM events, open tickets, and recommend rules. Failures can still be expensive, but many recovery paths are digital: roll back a deployment, restore a host, or revert a configuration.
CPS environments have a different failure mode. A stopped production line can affect delivery commitments and worker safety. A malfunctioning hospital device can affect patient care. Water treatment, energy, transportation, and building control systems convert cyber events into operational events. A CPS security product cannot prioritize work from a CVE score alone. It also needs device location, vendor, firmware, process role, network zone, maintenance window, and acceptable downtime.
That is why Claroty calls "speed and simplicity over accuracy" a dangerous trade-off in the Claire announcement. Fast alert summaries are useful. Wrong actions are more dangerous. An old PLC may have a known vulnerability and still be unpatchable today because the vendor has not approved a fix, a reboot would stop production, or the same model name is running different firmware on a different line.
Claroty's Data Argument
Claire's main claim is not a model name. Claroty uses the phrase "world's most advanced CPS language model," but the more practical question is which CPS data the agent can use. The official blog says Claire is grounded in Claroty's data lake and industry expertise.
The CPS Library sits at the center of that argument. Claroty describes it as an AI-driven global standard for identifying devices that often expose imprecise or conflicting product codes. In OT and medical environments, a vendor name, legacy protocol, firmware string, or network banner may be inconsistent. Before an agent recommends a change, it has to know exactly which asset it is talking about.
The public figures support that positioning. Claroty lists 20k+ deployed sites, 6.5k+ unique vendors, and 50+ industrial sectors on its product materials. The blog and release add 40M+ protected assets, 6,500+ OEM and medical device manufacturer references, 60+ countries, and Team82 research. Those numbers do not prove performance by themselves. They describe the kind of domain corpus a CPS agent needs before it can make useful recommendations.
Teams should still evaluate Claire on site-level behavior. The useful tests are device mapping accuracy, false positives, stale inventory rates, approved versus rejected recommendations, vendor evidence behind patch guidance, and failure handling across SIEM, SOAR, ticketing, firewall, and NAC integrations. In CPS, domain-specific data is a requirement, not a guarantee.
From Visibility to Action
Claroty announced Visibility Orchestration for xDome in April 2026. That release focused on visibility scores and automated recommendations for improving asset profiles through Claroty Edge, active queries, EDR integrations, and SNMP integrations. The problem was specific: having an inventory list does not mean a team has actionable visibility.
Claire wraps that visibility problem in agent language. Claroty describes a loop of visibility, insight, and action. Visibility means asset identity and enrichment. Insight means attack paths, alert evidence, confidence scores, and recommended vulnerability next steps. Action means passing work into tickets, SIEM or SOAR flows, segmentation policy changes, and compliance evidence.
That is deeper than the alert-summary pattern common in AI security tools. An alert summary creates prose for an analyst. Claire's agentic action language points toward approved patch details, source information, zone assignment, hardening measures, ticket generation, and firewall or NAC policy proposals. The actual scope of automation should depend on customer configuration and integration boundaries.
Claroty's emphasis on human-in-the-loop orchestration matters here. The company says "autonomous" can sound frightening on a plant floor or inside a hospital. Claire is therefore described as executing approved actions in trusted scenarios, not replacing human decision points. As security agents gain more authority, approval conditions, audit logs, rollback paths, and blast-radius limits become product features rather than governance afterthoughts.
The Agent Roles Are Job-Sized
One useful detail in the Claire announcement is the list of roles. Claroty does not describe a single generic assistant. It names an investigation lead, alert enricher, segmentation drift detector, behavioral baseline analyst, hygiene scout, compliance evidence generator, risk trend reporter, ticket author, and SIEM/SOAR bridge. That matches a broader 2026 AI agent pattern: narrow work-unit agents are easier to evaluate than a universal assistant.
Investigation lead and alert enricher convert raw alerts into a case file an analyst can inspect. Claroty mentions a 30-second first read. That claim is meaningful only when it includes evidence, confidence, related assets, known indicators of compromise, and MITRE ATT&CK mapping. A fast summary without source evidence does not help a CPS team decide whether a line can keep running.
Segmentation drift detector and behavioral baseline analyst are more specific to CPS. Factory and hospital networks often accumulate exceptions over time. Temporary connections, vendor remote access, device swaps, and maintenance exceptions can create cross-zone flows that the original design would have blocked. Claire is positioned to detect that slow policy erosion and flag flows that may carry uptime risk.
Hygiene scout is closer to a daily sweep for default credentials, insecure protocols, and old firmware. Compliance evidence generator and risk trend reporter map findings to frameworks such as IEC 62443 and NIST CSF. Ticket author and SIEM/SOAR bridge reduce manual work through integrations with systems such as ServiceNow, CrowdStrike, Cisco, and other security operations tooling.
| Claire role | Work described by Claroty | Operational metric to verify |
|---|---|---|
| Alert Enricher | Alert insight with evidence and confidence scores | False-positive reduction, analyst acceptance rate, and missed incidents |
| Segmentation Drift Detector | Detection of new cross-zone flows and policy erosion | Approved exception rate, pre-block approval trail, and rollback time |
| Hygiene Scout | Checks for insecure protocols and default credentials | Repeat-risk reduction and maintenance-window compliance |
| Ticket Author | Patch and configuration requests sent into internal systems | Rework rate, missing evidence, and failed execution after approval |
The Competitive Standard Is Changing
AI security products have spent several years clustering around query assistants and SOC copilots. Microsoft Security Copilot, CrowdStrike Charlotte AI, SentinelOne Purple AI, and Gemini features in Google Security Operations all try to compress analyst workflows. Claire belongs to that AI security category, but it narrows the problem around CPS constraints.
Vertical agents have one clear advantage: narrower work and deeper semantics. A general security agent that cannot distinguish a factory PLC from a hospital infusion pump becomes risky at the action stage. A CPS-aware agent with a device library, vendor mapping, site topology, and operational dependencies can make more specific recommendations. That is the concrete meaning behind Claroty's "not another dashboard" positioning.
The weakness is just as clear. Claire's value depends on Claroty's platform data and integrations. Customers with xDome, CTD, Edge, Team82 research, and the CPS Library deployed across their sites give the agent more ground truth to read. Customers with incomplete inventories, many uncovered sites, or limited SIEM, SOAR, and ticketing integration will get less reliable agentic action.
Liability is another competitive dimension. Automated remediation is risky in IT. In CPS, a bad segmentation policy can stop a production line, and a bad patch instruction can collide with a medical-device maintenance schedule. "Human-in-the-loop" is not enough as a slogan. Vendors need to show which person approved which action, which source evidence the model used, and which actions are prohibited when confidence is too low.
A Checklist for Developers and Security Teams
First, evaluate asset identity before model benchmarks. In CPS, one wrong device name can invalidate the entire recommendation. Confirm that vendor, model, firmware, location, network zone, and operational role are attached correctly.
Second, separate every approval step in agentic action. A triage summary, ticket draft, firewall policy proposal, and actual enforcement have different risk levels. If "AI recommended it" and "AI executed it" are logged the same way, incident review becomes harder. Teams need the before-and-after diff, approver, source evidence, and rollback plan.
Third, test compliance automation against real audit needs. Claire mentions mappings to frameworks such as IEC 62443 and NIST CSF. Auditors still need source assets, change history, patch approvals, exception reasons, and compensating controls. A report is useful only if each generated claim links back to evidence.
Fourth, inspect integration failure paths before success demos. If a ticket fails to create, does the agent retry or create duplicates? If an action is partially applied, how is that shown? If the maintenance window has passed, does enforcement stop? CPS automation should be judged by when it refuses to proceed as much as by how many manual clicks it removes.
Fifth, keep general AI agents and vertical agents under different authority models. ChatGPT, Claude, and Copilot can help write reports, summarize logs, and analyze code. Claire is closer to a system that understands the CPS asset graph and operational constraints. Giving both classes of agents the same network and ticketing permissions would blur governance.
What This Launch Means
Claroty Claire is not a benchmark announcement or a new foundation model launch. The news is useful because it shows the conditions an AI agent needs before it can enter industrial security: asset identity, operational constraints, approval loops, deterministic integrations, and auditable evidence.
Claroty still has to prove that these claims hold in customer environments. "Industry first" and "world's most advanced" are vendor language. Security and operations teams should measure false positives, remediation acceptance rates, mean time to triage, unauthorized-action prevention, rollback time, and the quality of compliance evidence.
The launch still points to a direction in the agent market. In 2025, many agent demos competed on broad ability: browse the web, edit code, operate documents, and take actions across apps. In 2026, the more durable contest is moving toward industry-specific data and approval boundaries. In factories and hospitals, the best agent is not the one that answers fastest. It is the one that stops when the evidence, authority, or maintenance window is not sufficient.
For Claire to become useful infrastructure, it has to be closer to an approved CPS action engine than an "AI security analyst" persona. Security teams should read fewer raw alerts, operations teams should see fewer avoidable disruptions, and audit teams should find evidence faster. A product that can satisfy all three constraints has a better chance of making agentic AI credible inside mission-critical infrastructure.