Despite the fact that ATGs seem like some of the most basic systems in the forecourt, securing ATGs from hackers is an urgent priority. Hardening the forecourt should be at the top of your priority list.
In May 2026, CNN reported that U.S. officials believe Iranian state-sponsored hackers have systematically breached Automatic Tank Gauge (ATG) systems at gas stations across multiple states in the US. The hacker’s entry point was not sophisticated. The systems were online and unprotected by passwords. In several cases, attackers manipulated display readings without ever setting foot on a forecourt.
So far, no physical damage has been confirmed. But cybersecurity experts have been quick to note that the intrusions could have enabled problems such as fuel leaks going undetected, inventory data spoofed to halt deliveries, and safety alarms disabled at the controller level.
ATG Platform Security Issues
This is not a fringe scenario. Bitsight TRACE researchers, working alongside CISA, have documented critical zero-day vulnerabilities across six ATG models from five different manufacturers. That’s eleven vulnerabilities in total. Half of those vulnerabilities scored 9.8 out of 10 on the CVSS severity scale. CISA followed up with a separate advisory covering the Veeder-Root TLS4B, one of the most widely deployed ATG platforms in the country, flagging a command-injection flaw scored at 9.9.
Meanwhile, the Energy Marketers of America has confirmed at least 15 successful ATG intrusions at a single Tennessee retailer, with attacks documented on both Veeder-Root and other manufacturer’s systems. The Utah Department of Public Safety has identified more than 4,000 vulnerable ATGs across the U.S.
The ATG is no longer just an inventory tool. It is an active cyber-target.
Why the ATG Became a Cyber Risk
For most of its operational life, the ATG has been considered to exist in something of a security vacuum. The ATG monitors tank levels, reports leaks, logs deliveries, and delivers environmental compliance records. Typically, access has been physical or dial-up. The idea of a remote intrusion has been largely theoretical.
That changed as fuel retail environments have been integrated into corporate networks. Remote polling, cloud-based reporting, and network-connected dispensers have all created pathways that did not exist before. The ATG went from an isolated device to a networked endpoint, often without the security architecture to match.
Researchers have documented the structural vulnerabilities in ATGs that attackers now exploit.
Unprotected remote access
You can actually access many ATG systems over the public Internet, without being faced with password protection. The Iranian intrusions confirmed by CNN exploited exactly this gap.
No audit trail
Legacy ATG configurations frequently lack any way to log configuration changes. Nothing leaves a record, whether it’s a calibration adjustment, a threshold modification, or a disabled alarm.
Siloed system architecture
Silos cause gaps in intelligence and security. When POS systems, ATGs, and dispenser meters operate in separate IT silos, there’s no way to cross reference in real-time what was authorized at the terminal, what left the tank, and what the meter recorded. The gap is where hackers can sneak in.
Outdated software
Thousands of sites operate with active ATGs that contain end-of-life firmware with unpatched vulnerabilities. The Veeder-Root TLS-350 and TLS-450 Plus consoles involved in recent attacks had no network or password protection, despite cybersecurity bulletins issued by Veeder-Root addressing the issue.
What Attackers Can Actually Do
You need to understand the access vector and what an attacker can do with that vector. Once you get that, you have a real sense of the urgency.
According to Bitsight’s research and federal advisories, a compromised ATG can enable:
- Blinded leak detection. An attacker with controller access can disable alarms or alter threshold parameters so that a genuine fuel release doesn’t generate an alert. A site could spill thousands of gallons of fuel into the soil or groundwater before anyone notices.
- Inventory spoofing. Hackers can use manipulated tank level readings to trigger artificial shortages, delay deliveries, or mask systematic theft over the period of weeks or months.
- Dispenser overrides. By eliminating or compromising cross-referencing of ATG data with dispenser meter data, hackers can hide siphoning from USTs. An ally who can get to the site may be able to steal fuel.
- Cascading network access. ATG vulnerabilities that allow command injection or lateral movement give attackers a foothold into connected site networks. Suddenly, the ATG becomes the entry point, a way to compromise POS systems, fleet accounts, or environmental compliance records.
The Bitsight principal research scientist’s assessment is worth quoting directly: “…attackers who gain access can overfill tanks to trigger environmental disasters, disable critical safety alarms, or override physical relays to cause permanent, irreversible damage. The consequences extend well beyond data theft.”
The Hardening Protocols
To protect your ATG infrastructure you need to make deliberate architecture decisions. It’s not just about adding software patches. The following protocols reflect current CISA guidance, industry best practice, and the operational requirements of multi-site fuel environments.
Remove the ATG from the public internet
This is the single most impactful step. CISA is explicit: minimize network exposure for all control system devices and ensure they are not directly accessible from the internet. If remote access or polling is required, route it through a secure out-of-band communication path rather than a direct internet-facing port.
Apply network segmentation
Back-office systems, POS networks, and ATG infrastructure should operate in separate network segments. A breach of one should not provide a path to the others. This is standard OT security practice and directly addresses the pivot risk documented in the ATG vulnerability research.
Enforce password protection and change defaults
The intrusions confirmed in Tennessee and across the broader attack campaign exploited ATGs that were not password-protected for remote access. Every ATG should have a site-specific password. Default credentials are well-known and should be treated as no credentials at all.
Implement electronic data change audit trails
Any metrologically significant configuration change, threshold adjustment, or software modification should generate a permanent, tamper-evident log entry. At minimum, each record should capture the parameter ID, the exact date and time of the change, and both the original and new values. Without this, unauthorized modifications are invisible until the damage accumulates.
Keep firmware current
Veeder-Root has released firmware updates addressing known vulnerabilities, including the Version 11.A update for the TLS4B that addresses CVE-2025-58428. Patching OT systems is not as simple as enterprise software updates, but end-of-life firmware with known critical vulnerabilities is not a manageable risk posture.
Prepare manual operating procedures
For any network outage or cyber incident, sites should have documented manual gauging and control procedures. Dependency on networked systems without manual fallback creates unnecessary operational fragility.
Where AI-Driven Monitoring Changes the Equation
Hardening the network perimeter is necessary. It is not sufficient.
Even a well-secured ATG can be compromised if the attacker gains valid credentials or exploits a software vulnerability that predates the latest patch cycle. Static monitoring, which flags variances on a daily or weekly reporting cadence, will not catch manipulation that moves slowly and deliberately.
An AI-driven intelligence layer changes that calculus by operating continuously across integrated data streams. Rather than reviewing a static ATG report at the end of the day, an AI layer running against live POS, ATG, and dispenser meter data can reconcile in real time what was authorized, what left the tank, and what the meter recorded.
Advanced Variance Analysis (AVA) Gives You an Edge
This capability is what the industry refers to as Advanced Variance Analysis (AVA). When analysts compare the three data streams dynamically, you can see:
- An immediate discrepancy when a dispenser override bypasses the physical meter.
- A detectable anomaly against the historical baseline when an unauthorized threshold change masks a rising inventory variance.
- When tank inventory drops without a corresponding POS transaction, alerting you to a “theft in progress” scenario.
For multi-site operators, this matters at the portfolio level. Attackers targeting networked environments frequently execute small, distributed manipulations across multiple sites, betting that no individual site variance will trip a manual review threshold. A centralized AI layer processing uniform data across all sites makes cross-network manipulation visible in a way that site-by-site static reporting never will.
This is also how the security posture shifts from reactive to condition-based. The system flags deviations as they occur, not at a later point in time. You can push security patches and updated audit protocols to every ATG asset across the portfolio simultaneously to eliminate the unpatched outlier.
The Bottom Line
The Iranian ATG intrusions are not an isolated incident. CISA, Bitsight, and federal law enforcement have been documenting this exact threat environment for years. Mixed retail and corporate network environments expose a large attack surface, a number of entry points, and thousands of vulnerable systems.
The most effective operational response consists of two components. First, harden the infrastructure: remove public Internet access to ATGs, segment your networks, enforce authentication, implement strict audit logging, and update firmware regularly. These are not aspirational best practices. They are the minimum viable security measures given the current threat environment.
Second, add the AI intelligence layer to deploy continuous monitoring. This way, you can catch the tampering that evades simple perimeter controls. AI-driven variance analysis, running in real-time across POS, ATG, and dispenser data, turns anomaly detection into a powerful 24/7, 365-day operational capability.
If you want to understand how Bridgera’s approach to operational intelligence applies to ATG security and fuel asset monitoring at your sites, schedule a consultation with our team.
Frequently Asked Questions (FAQ)
1. Our ATG isn’t Internet-facing. Are we still at risk?
Internal network segmentation, access controls, and audit logging matter even when the ATG is not directly Internet-facing. Network segmentation and VPN configurations can be a risk if hackers compromise the corporate network.
2. What’s the difference between patching the ATG and monitoring it?
Patching software addresses known vulnerabilities in the firmware and software. But, monitoring catches behavior that deviates from expected baselines, such as manipulation that exploits unpatched vulnerabilities or valid credentials. Both are necessary. Patching alone does not detect active exploitation; monitoring alone does not prevent initial access.
3. How does AI variance analysis work with existing ATG hardware?
The AI platform sits above the hardware as an intelligence layer, not inside it. The AI platform ingests data from POS systems, ATG consoles, and dispenser meters by way of standard integration protocols and sometimes APIs. You won’t need to perform a rip-and-replace of your hardware or software. The Veeder-Root TLS-450, Franklin Fueling systems, and other common platforms are all compatible via existing communication interfaces.
4. We manage multiple sites. Does centralized monitoring actually work across different ATG brands?
Yes. The AI platform normalizes transaction and inventory data across systems and sites, regardless of vendor. The platform and Jera agents can monitor any multi-site portfolio running, for instance, Veeder-Root systems at some locations and Franklin or OPW systems at others.
5. How quickly can we implement AI-based ATG monitoring?
Bridgera’s structured 90-day proof of value can typically validate how the AI platform performs anomaly detection against your actual system data. Often we can perform this validation in under 90 days.
About Bridgera
Operational Intelligence. Production-Ready AI.
Bridgera partners with operations-heavy enterprises to move AI beyond pilots and into real production systems. Through AI consulting, specialized talent, and scalable platforms like Interscope AI™, Bridgera embeds intelligence directly into the operational workflows that power the business.
