Polyglot files are specially crafted to conform to more than one file format simultaneously—for example, a single file that is both a valid PDF and a JPEG image, or an archive and a script. This characteristic allows them to appear harmless to one application while executing malicious behavior when opened by another. In operational technology (OT) environments, where strict content inspection is often lacking and legacy systems are common, such files pose a serious security risk. They can be used to bypass traditional filters, evade detection, and potentially trigger unauthorized actions on control systems.

The article warns that polyglot files can be vectors for malware in environments where devices are routinely updated via USB drives or where human-machine interface (HMI) stations process mixed media. Without robust inspection tools and strict access control, OT systems may unwittingly execute embedded malicious code. To counter this threat, organizations are encouraged to implement deep content inspection, enforce file-type restrictions, and strengthen user awareness around handling unfamiliar or suspicious files.

‍

Source: https://gca.isa.org/blog/what-are-polyglot-files-and-what-is-their-ot-security-risk