Accenture is moving deeper into critical-infrastructure cybersecurity with an agreement to acquire a majority stake in Dragos and buy all of runZero and NetRise, a set of deals the company values at about $4.175 billion. The June 18 announcement puts one of the best-known industrial cybersecurity vendors inside a much larger consulting and services machine at a moment when power grids, factories, pipelines, water systems, distribution facilities, and data centers are becoming more connected and more exposed.
The transactions are expected to close in August or September 2026, subject to regulatory approvals and other customary conditions. Dragos will continue to operate as an independent business led by co-founder and CEO Robert M. Lee, while runZero and NetRise are set to operate under Dragos after closing. Accenture said the combined group will give industrial operators one platform for seeing what is on their operational technology networks, understanding device and software exposure, and speeding up detection and response.
The deal is worth watching because it is not just another cybersecurity roll-up. It is a bet that operational technology, or OT, is becoming a strategic security market in its own right. OT covers the systems that monitor and control physical processes: industrial control systems, SCADA environments, plant equipment, sensors, embedded devices, cloud-connected control software, and the networks around them. Accenture and Dragos are using the broader term xOT to describe that expanded environment, where traditional plant systems now touch IT networks, cloud tools, supply chains, analytics platforms, and internet-connected devices.
What Accenture Is Buying
Dragos is the centerpiece. Its platform focuses on OT asset visibility, threat detection, vulnerability prioritization, response playbooks, and industrial threat intelligence. That matters because industrial networks do not behave like normal office IT. A patch that is routine for a laptop fleet can be risky in a plant environment, where taking equipment offline may disrupt production or safety systems. OT defenders often need compensating controls, network segmentation, vendor coordination, and carefully timed maintenance windows instead of simple “patch everything now” guidance.
runZero adds exposure assessment and asset intelligence across IT, OT, IoT, and cloud environments. In practical terms, that helps security teams answer a basic but stubborn question: what devices and services actually exist, where are they reachable, and what is exposed? NetRise adds firmware and software supply chain visibility for connected devices. That gives the combined platform a way to examine the software inside industrial and embedded systems, where hidden components and outdated dependencies can create risk long before a conventional endpoint tool sees anything useful.
Those pieces fit a real operational problem. Many industrial organizations still have a split between enterprise security teams that manage corporate IT and OT specialists who protect plants, substations, factories, or field equipment. The attack surface no longer respects that boundary. Remote access tools, cloud dashboards, vendor-maintained devices, smart sensors, and data pipelines can all connect operational environments to the same identity, network, and software supply chain risks that affect the rest of the enterprise.
Why AI Changes the Urgency
Accenture framed the deal around AI-driven cyber threats and geopolitical risk. That framing can sound broad, but it has a concrete OT meaning. Attackers do not need AI to understand that industrial systems are valuable targets. What AI may change is the speed at which adversaries can analyze exposed systems, generate exploit paths, search documentation, translate IT access into operational impact, or scale reconnaissance across poorly inventoried environments.
Dragos has made a related point from the defender side: AI for OT cannot simply be a generic chatbot pointed at industrial networks. The company argues that useful OT security AI needs asset data, protocol context, vulnerability research, adversary intelligence, telemetry, and incident-response experience specific to industrial systems. Its public materials describe AI-assisted workflows for plain-English asset queries, vulnerability prioritization, and threat investigations, but also warn that AI-only detection or poorly grounded answers can create noise or unsafe recommendations in environments where wrong decisions may affect physical operations.
That is where the deal’s data story matters. Accenture brings scale, delivery relationships, and existing OT security services. Dragos brings industrial threat intelligence and platform data. runZero brings asset discovery and exposure mapping. NetRise brings firmware-level visibility. If the combination works, the platform could give industrial defenders richer context before they decide whether to patch, segment, monitor, isolate, or escalate a finding.
A Platform Push, Not Just a Services Deal
Accenture said its cybersecurity business generated $10 billion in fiscal 2025 revenue, up from $700 million in 2016. The company also pointed to an estimated $7 billion OT cybersecurity services market and a broader OT cybersecurity market that it says is worth about $27 billion in 2026 and could approach $59 billion by 2031. Dragos, runZero, and NetRise together are estimated to generate about $208 million in annual recurring revenue as of June 2026, with 53% year-over-year growth.
Those numbers explain the structure of the move. Accenture already sells services into large industrial and public-sector organizations. Buying into Dragos gives it a software platform around which those services can scale. For Dragos, Accenture offers reach into global industrial customers that a specialist vendor may struggle to serve quickly on its own.
The tension is neutrality. Industrial customers often operate multi-vendor environments, and OT security products need to work across equipment makers, cloud providers, integrators, and security tools. Accenture and Dragos both emphasized that Dragos will remain independent and vendor-neutral. Lee wrote that Dragos will continue working with partners, including competitors to Accenture, and that customers should not see day-to-day operational changes. That promise will be one of the first things customers test after the deal closes.
What Industrial Operators Should Watch
For security teams, the near-term takeaway is not to wait for the acquisition to close. The deal is another signal that OT security is moving from a specialist concern into the main enterprise risk conversation. Boards and operators should be asking whether they have a current asset inventory for operational environments, whether remote access paths are controlled, whether firmware and device software are visible, and whether vulnerability decisions are tied to operational impact rather than generic CVSS scores alone.
They should also watch how the combined Dragos platform treats AI. The useful version is not autonomous remediation in a plant. It is better triage, richer context, faster investigation, and clearer prioritization with human operators still accountable for changes that can affect physical systems. The risky version is AI-generated confidence layered over incomplete asset data or weak segmentation.
If Accenture and Dragos execute well, the deal could make OT security easier to deploy at global scale. If they stumble, it could become another complex enterprise platform pitch in a market that needs precision more than breadth. Either way, industrial cybersecurity has moved squarely into the AI-era infrastructure race.
Sources: Accenture announcement, Dragos CEO Robert M. Lee, Dragos AI for OT security overview.
