Picture a Class-A tower in a major metro on a Friday afternoon. A ransomware actor has been inside the building automation system for eleven days. The entry point was a BMS directly connected to the internet with default credentials from 2019, never changed.
At 3:47 PM, they detonate.
HVAC setpoints spike in a law firm's server closet on the 34th floor. Access control locks down the lobby turnstiles. Elevators run but skip their destination floors. The BAS operator's workstation displays a ransom note demanding seven figures in Monero, plus a second demand to prevent release of the integrator's network diagram. The actor already exfiltrated it.
By Monday morning, the same attacker has pivoted to three more buildings in the same portfolio, fingerprinted from a single integrator's customer list. None of the three have noticed yet.
Every piece of that scenario is a capability being used against real buildings today. The only variable is whether it happens to your portfolio or someone else's.
What Changed in April 2026
On April 7, Anthropic released Claude Mythos Preview. A week later, OpenAI followed with GPT-5.4-Cyber. The cyber capability of frontier models has moved from assisting human vulnerability researchers to doing the research itself.
The UK AI Security Institute's independent evaluation concluded that Mythos can run full attack chains on vulnerable networks and find and exploit vulnerabilities on its own. These are tasks that take human professionals days of work. Anthropic reported that engineers with no formal security training were able to generate complete, working exploits from prompts that essentially amounted to "please find a security vulnerability in this program."
AISI was careful to caveat the result: Mythos succeeded against small, weakly defended systems without active defenders, where network access had already been gained. That caveat describes almost every building automation network in commercial real estate.
Both Mythos and GPT-5.4-Cyber are restricted for now. Mythos is available to twelve founding partners and roughly forty critical infrastructure organizations under Project Glasswing. GPT-5.4-Cyber is available to vetted defenders through OpenAI's Trusted Access for Cyber program. Those restrictions help. They are not where the threat lives.
The threat is the capability curve. Within days of Google's Gemma 4 release this month, uncensored variants hit public sources. The vulnerability discovery capability Mythos demonstrated in April 2026 will be running on consumer hardware by 2027 or 2028, weaker than Mythos but dangerous enough.
A 2025 industry study found that over 45% of known vulnerabilities in large organizations remain unpatched after twelve months. That statistic covers enterprise IT. For CRE operational technology, it is charitable to the point of fiction.
Why OT Is a Soft Target
IT leadership in other verticals gets a cleaner job: one enterprise, one corporate network, one patch cadence, one endpoint fleet. CRE IT inherits a federation of unmanaged networks, operated by third parties, distributed across a portfolio, running protocols that predate the concept of a security update.
- BAS networks are flat. BACnet/IP, Modbus TCP, and KNX segments share broadcast domains with tenant networks, guest Wi-Fi, or management VLANs that were "temporarily" bridged in 2017.
- The integrator is the real attack surface. Niagara, Metasys, Desigo, EcoStruxure. Somebody installed it. That integrator has remote access. They are a small business with limited security maturity. Their credentials are your credentials.
- Budget ownership is fragmented. IT runs the corporate network. Facilities owns the BAS. Property management owns access control. Nobody owns the parking cameras. No single budget line is big enough to fund OT security across the portfolio, so none exists.
- Patching cadence is measured in years. A controller firmware update means a vendor site visit, a change window, tenant notification, and often a forklift upgrade of dependent devices. Firmware between eight and twelve years old is routine. Past vendor EOL is common.
- M&A poisons the inventory. REITs acquire buildings faster than they integrate them. Every acquisition imports unknown OT, unknown integrators, and unknown remote access paths onto a portfolio whose original inventory was never complete.
None of this is news to practitioners. But none of it is priced into the threat models that actually drive security spend. That is about to change.
Five Questions Your Organization Should Be Able to Answer
If the IT Director, CISO, or fractional CISO responsible for your portfolio cannot answer these today, the exposure is already live:
- Where are all the OT devices? A current, authoritative inventory of every controller, sensor, and gateway in every building, including firmware version and last known configuration state.
- Who has remote access, and how? Every integrator, vendor, and third party with a path to any OT device. The path itself. The authentication on it.
- Is OT segmented from IT, verifiably? Not "we have VLANs." Show me packet captures that prove the BAS cannot reach the corporate domain controller, and vice versa.
- What is your patch and EOL posture? Tracked by device, by firmware version, by vendor. Including buildings you acquired recently and have not fully inventoried.
- Is anyone watching? 24/7 monitoring that understands OT protocols. Not just EDR on corporate laptops. If the BAS operator's workstation ran malware for eleven days, would you know?
Most CRE organizations can answer one or two. A small number can answer three. Almost none can answer all five with confidence.
The Era of Attacker Indifference Is Ending
OT security debt has gone uncollected for two decades for one reason: skilled attackers were scarce and expensive, and they had richer targets elsewhere. Commercial buildings were soft targets that were not worth attacking.
That economic indifference was a gift, and it is expiring. AI vulnerability research collapses the skill curve. What used to require a scarce human now requires a commodity tool. The pool of actors capable of hitting a real estate portfolio is about to grow by an order of magnitude. The cost of doing so drops by another.
The window to build real OT posture is short, and it closes while attackers are still calibrating new capabilities. Eighteen months is optimistic. Twelve is realistic. Six is the honest answer for whichever portfolio makes the news first.
The work is not glamorous: asset inventory, segmentation, vendor access discipline, patch cadence, monitoring. It is unsexy, can be expensive if done wrong, and until recently it was arguable whether it was worth the spend.
That argument is no longer available.
.webp)
.svg)
