Smoke and Mirrors: final results

6 views

Skip to first unread message

Vasilios Mavroudis

unread,

Apr 29, 2026, 5:00:40 AMApr 29

to ai-for-cy...@googlegroups.com

Hi all,

Less than a year ago we set out to build a system that could elicit OT malware behaviour without physical hardware or weeks of manual protocol work.

The "Smoke and Mirrors" project is now complete, and the final writeup is now live on our substack!

If you followed our May 2025 update, you might remember we were exploring LLM-based responders. In this piece we explain why that didn't scale, and which primitive turned out to be the right one.

Writeup: https://airgapped.substack.com/p/smoke-and-mirrors-systematic-ot-malware

Code: https://github.com/alan-turing-institute/navigator

Docs: https://alan-turing-institute.github.io/navigator/docs/index.html

If you're working on OT security, malware analysis, or AI for cyber defence, we'd welcome your feedback or the chance to collaborate.

Kind regards,

Vas

Vasilios Mavroudis

https://mavroud.is

The Alan Turing Institute is a limited liability company, registered in England with registered number 09512457. Our registered office is at British Library, 96 Euston Road, London, England, NW1 2DB. We are also a charity registered in England with charity number 1162533. This email and any attachments are confidential and may be legally privileged. If you have received it in error, you are on notice of its status. If you have received this message in error, please send it back to us, and immediately and permanently delete it. Do not use, copy or disclose the information contained in this message or in any attachment. DISCLAIMER: Although The Alan Turing Institute has taken reasonable precautions to ensure no viruses are present in this email, The Alan Turing Institute cannot accept responsibility for any loss or damage sustained as a result of computer viruses and the recipient must ensure that the email (and attachments) are virus free. While we take care to protect our systems from virus attacks and other harmful events, we give no warranty that this message (including attachments) is free of any virus or other harmful matter, and we accept no responsibility for any loss or damage resulting from the recipient receiving, opening or using it. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or be incomplete. If you think someone may have interfered with this email, please contact the Alan Turing Institute by telephone only and speak to the person dealing with your matter or the Accounts Department. Fraudsters are increasingly targeting organisations and their affiliates, often requesting funds to be transferred to a different bank account. The Alan Turing’s bank details are contained within our terms of engagement. If you receive a suspicious or unexpected email from us, or purporting to have been sent on our behalf, particularly containing different bank details, please do not reply to the email, click on any links, open any attachments, nor comply with any instructions contained within it, but contact our Accounts department by telephone. Our Transparency Notice found here - https://www.turing.ac.uk/transparency-notice sets out how and why we collect, store, use and share your personal data and it explains your rights and how to raise concerns with us.

Reply all

Reply to author

Forward

0 new messages