Rapid Advancement in Cyber Attacks, Artificial Intelligence, and Hacking within the Automotive Sector is resulting in Monumental Financial Losses totalling Billions of Dollars.
=========================================================================================================================
A ransomware attack in June 2024 disrupted operations at over 15,000 North American dealerships, highlighting the growing threat of cyberattacks in the automotive industry. The VicOne 2025 Automotive Cybersecurity Report, released this year, warns of escalating threats in this sector, particularly for Software-Defined Vehicles (SDVs).
The report identifies several emerging risks, including supply chain vulnerabilities, AI and data security challenges, long-term governance issues, and the increasing sophistication and volume of attacks targeting connected and software-defined vehicles.
Supply chain risks
Vulnerabilities stemming from third-party vendors and components demand enforced transparency and validation. This is achieved through software bills of materials (SBOMs) and machine learning bills of materials (MLBOMs), combined with rigorous vulnerability checks.
AI-related security challenges
As AI becomes integral to vehicle systems, securing AI designs is critical. This involves limiting data access, employing encryption, real-time monitoring, and managing AI risks via frameworks like NIST’s AI Risk Management Framework. These measures are essential to prevent sensitive data leaks and ensure trust.
Data protection vulnerabilities
Protecting sensitive training and operational data is necessary to prevent unauthorized access. This is achieved through encryption, audit trails, and compliance with privacy laws.
Long-term security governance
Given the long lifespan of vehicles (12-15 years), cybersecurity must be addressed as a long-term strategic commitment. This involves creating dedicated AI and cybersecurity teams, establishing clear governance frameworks, and fostering a security culture within organizations.
The report signals a shift in automotive cybersecurity toward integrating AI-specific protections, securing increasingly complex supply chains, and addressing vulnerabilities exposed by the expanded connectivity and software dependency of modern vehicles. Furthermore, VicOne advocates for industry-wide collaboration and zero-day vulnerability discovery initiatives to strengthen defenses.
In 2024, over 77 percent of automotive vulnerabilities were found in onboard vehicle systems. Cyberattacks between 2022 and 2024 caused tens of billions of dollars in damages. The latest vulnerabilities are increasingly concentrated in in-vehicle infotainment (IVI) platforms, operating systems, and electric vehicle (EV) charging infrastructure.
The U.S. Department of Transportation's white paper, Understanding AI Risks in Transportation, warns that AI-enabled systems are vulnerable to misuse and abuse throughout their lifecycle. At Pwn2Own Automotive 2025, security researchers uncovered 49 previously unknown vulnerabilities, with the majority affecting IVI and EV charging systems.
The automotive industry's shift towards software-defined vehicles is creating an urgent need to confront the growing attack surface on automotive systems. The widespread use of AI is reshaping governance structures, raising questions about liability and risk management in the automotive industry. The rapid growth of electric vehicles (EVs) has revealed flaws in charging infrastructure, including outdated communication protocols and insecure payment systems.
The security of large language models (LLMs), the backbone of generative AI, is a pressing concern due to their reliance on vast amounts of enterprise data and self-learning mechanisms. Risks such as unsecure plug-in designs, flawed output handling, and adversarial attacks highlight the challenges of integrating AI safely into the automotive industry.
In conclusion, the VicOne 2025 report underscores the critical need for the automotive industry to address the growing cybersecurity threats it faces. By implementing the recommendations outlined in the report, the industry can work towards creating a safer, more secure future for connected and software-defined vehicles.
The VicOne 2025 report emphasizes the need for the automotive industry to integrate AI-specific protections, in light of the increasing use of AI in vehicle systems. To secure AI designs, it is crucial to limit data access, employ encryption, use real-time monitoring, and manage AI risks through frameworks like NIST’s AI Risk Management Framework.
In response to supply chain vulnerabilities, software bills of materials (SBOMs) and machine learning bills of materials (MLBOMs) combined with rigorous vulnerability checks can help ensure transparency and validate third-party vendors and components.
The automotive industry also needs to focus on data protection. Protecting sensitive training and operational data is necessary to prevent unauthorized access, which can be achieved through encryption, audit trails, and compliance with privacy laws.
