Automotive IQ recently announced the Top 20 Voices in Automotive Cybersecurity 2026 – a list celebrating the leaders who are shaping the future of cyber resilience across the global automotive ecosystem.
During the selection process, we asked our Top 20 Voices three important questions:
- What emerging cybersecurity technology or capability do you believe will have the greatest impact on the automotive industry over the next five years?
- What is your biggest concern facing automotive cybersecurity today, and how should the industry address it?
- Which area of automotive cybersecurity or connected mobility are you most excited about over the next three years, and why?
Here is what five of our experts had to say.
Yoav Levy, Co-Founder, CEO, Upstream Security
What emerging cybersecurity technology or capability do you believe will have the greatest impact on the automotive industry over the next five years?
Over the next five years, the capability that will have the greatest impact on automotive cybersecurity is the maturation of agentic AI inside security operations.
The industry is moving from static detection models to systems that can reason, investigate, and act. As vehicles become software defined and increasingly powered by AI, the security challenge is no longer just about identifying anomalies. It is about understanding intent, correlating signals across domains, and responding at machine speed. That is where agentic AI becomes transformative.
SDVs today operate as distributed platforms spanning cloud backends, APIs, mobile applications, and embedded AI agents. In this architecture, threats do not remain confined to a single layer. They traverse APIs, supplier systems, and vehicle functions. A purely reactive SOC model cannot keep pace with that complexity.
Agentic AI changes the model. Instead of relying on analysts to manually stitch together telemetry, API logs, threat intelligence, and vehicle data, AI agents can autonomously correlate signals, build investigative context, and surface prioritized insights. They can continuously monitor behavior across vehicles and backend systems, identify early indicators of systemic risk, and accelerate root cause analysis.
This is aligned with the broader shift from services to software. Cybersecurity is no longer a collection of disconnected tools or outsourced functions. It becomes an integrated, product-level capability embedded into the architecture of the mobility platform itself.
In a Physical AI world, where software decisions directly influence real-world outcomes, security must also operate with intelligence and autonomy. Agentic AI is not simply an efficiency layer. It is the engine that enables a true Product SOC. It allows organizations to move from reactive alert handling to proactive investigation and prioritized response.
The impact of this shift is structural. It enables earlier identification of cross-layer threats, reduces investigation time, and provides a unified, AI-native control plane for the entire mobility product. Over the next five years, this transition to agentic, product-centric cybersecurity will define which organizations can scale innovation with confidence.
What is your biggest concern facing automotive cybersecurity today, and how should the industry address it?
My biggest concern is that the industry is embedding AI into vehicles, and more specifically SDVs, faster than it is adapting its security models to match the new reality.
LLMs are moving from experimental copilots into embedded systems that interpret intent and influence behavior. Orchestration layers such as MCP enable these models to dynamically invoke tools and services across cloud and vehicle environments in real time. Unlike traditional APIs, which can be cataloged and monitored, these AI driven interactions are fluid and context dependent, creating less predictable and harder to secure attack paths.
As outlined in our 2026 report, AI introduces a new, systemic attack surface that spans software-defined vehicles, cloud backends, enterprise systems, and the broader digital supply chain. We have already seen research demonstrating black box denial of service attacks against LLMs that can exhaust compute resources and degrade availability, as well as critical remote code execution flaws in AI orchestration frameworks. These are early signals of a structural shift in how risk manifests across the ecosystem.
At the same time, remote attacks dominate the landscape and ransomware has industrialized. A growing share of incidents now have the potential to impact thousands or even millions of mobility assets. When AI enabled architectures are layered on top of hybrid cloud-to-vehicle connectivity, a single weakness in a supplier system, an exposed API, or a misconfigured AI enabled service can cascade into fleet-wide impact.
What worries me most is not a single vulnerability. It is the interconnectedness of the ecosystem. In SDV environments, these risks extend beyond data and into safety, availability, and trust.
The industry must respond in three ways.
First, treat APIs and AI orchestration layers as first order architectural concerns. They are the nervous system of the software-defined vehicle.
Second, operationalize continuous monitoring across the full lifecycle. This is no longer just a best practice; with the introduction of H.R. 7390 (the SELF DRIVE Act of 2026), it is becoming a regulatory mandate. The bill’s requirement for a "Safety Case" means manufacturers will have to provide documented evidence that their AI orchestration and ADS are secure by design before they hit the road. Compliance with R155 and ISO 21434 should be the baseline, but the SELF DRIVE Act raises the stakes for transparency.
Third, embrace defensive AI inside security operations. If attackers are using AI to scale, defenders must do the same to monitor, detect, investigate, and respond in real time.
The gap between offense and defense is widening. Closing that gap requires architectural change, not incremental improvement.
Which area of automotive cybersecurity or connected mobility are you most excited about over the next three years, and why?
What excites me most over the next three years is the secure scaling of SDVs.
Automotive is the first industry deploying AI systems that directly influence the physical world at scale. Vehicles already integrate perception, decision making, connectivity, and actuation across cloud and edge. As AI copilots and autonomous systems mature, the vehicle becomes a distributed, continuously learning platform.
That changes the security model. We are no longer securing isolated ECUs or perimeter networks. We are securing model training, orchestration layers, APIs, cloud backends, and the runtime behavior of AI systems that can influence physical outcomes.
Regulators are beginning to recognize this shift. The EU Artificial Intelligence Act introduces structured obligations for high risk AI systems, and the recent EU Coordinated Risk Assessment on Connected and Automated Vehicles identifies processing and decision making systems, cloud infrastructure, and high risk suppliers as critical assets, while acknowledging that traditional type approval frameworks were not designed to address systemic and state backed risks.
But architecture may well move faster than regulation.
Over the next three years, the real opportunity is to embed continuous monitoring, cross layer visibility, and AI driven investigation directly into the product. If we treat the vehicle, the cloud, and the AI control plane as a unified security domain, cybersecurity becomes the foundation that enables trusted autonomy at scale.
That is the transformation I am most excited about.
Dr. Mathias Dehm, Chief Product Security & Privacy Officer, AUMOVIO
What emerging cybersecurity technology or capability do you believe will have the greatest impact on the automotive industry over the next five years?
Advances in software fuzzing combined with AI, significantly strengthening security by design (e.g., identifying 500+ previously unknown 0‑day vulnerabilities with Claude AI without extensive pre‑training).
The use of AI‑driven in‑vehicle intrusion detection systems to enable more sophisticated detection and analysis of cyberattacks.
What is your biggest concern facing automotive cybersecurity today, and how should the industry address it?
The rapid advancements in AI will significantly influence cybersecurity in the automotive industry. Today’s protocols differ substantially from those used in enterprise IT, creating a high entry barrier for potential attackers. As these barriers diminish, we must anticipate both more sophisticated and more frequent attacks.
Which area of automotive cybersecurity or connected mobility are you most excited about over the next three years, and why?
Cybersecurity is a team effort that spans from the vehicle manufacturer to every component and software provider. Today, each contributor largely works in siloed environments, which leaves overarching residual risks unclear. In the coming years, I am eager to see whether these silos can be broken down to achieve greater transparency and a more unified view of cybersecurity across the entire supply chain.
Abdulrahman Yacoob, Product Cybersecurity Consultant, Alten USA
What emerging cybersecurity technology or capability do you believe will have the greatest impact on the automotive industry over the next five years?
Over the next five years, AI-Driven Autonomous Threat Detection will have the most significant impact on the automotive industry.
Why it matters: Modern vehicles are transitioning into "Data Centers on Wheels," generating terabytes of data daily. Traditional signature-based detection (looking for known "fingerprints" of malware) is no longer sufficient for the speed and variety of modern exploits.
Real-time Response: AI/ML models deployed at the "Zonal Gateway" level can identify anomalous behaviour such as unexpected signals on the CAN bus or unusual external data requests and isolate the affected Electronic Control Unit (ECU) in milliseconds.
Predictive Defense: This technology shifts the industry from a reactive posture to a predictive one, where the vehicle can defend itself against "zero-day" attacks before a human analyst even identifies the threat.
What is your biggest concern facing automotive cybersecurity today, and how should the industry address it?
The most pressing concern today is the opacity of the Software Supply Chain. A modern vehicle contains upwards of 100 million lines of code, sourced from hundreds of different Tier 1 and Tier 2 suppliers.
The Risk: A vulnerability in a single open-source library used by a sub-supplier can inherit its way into millions of vehicles. Unlike a standard IT environment, you cannot simply "reboot" a car traveling at 70 mph if a supply-chain exploit is triggered.
How the industry should address it:
Mandatory SBOMs: The industry must enforce a Software Bill of Materials (SBOM) for every component. This is a "nutrition label" for software that allows OEMs to instantly identify which vehicles are affected when a new vulnerability is discovered.
"Shift Left" Development: Security testing must be integrated into the earliest stages of software design rather than being an afterthought during vehicle assembly.
VEX (Vulnerability Exploitability eXchange): Moving beyond just listing vulnerabilities to actively sharing data on whether those vulnerabilities are actually exploitable in a specific vehicle context.
Which area of automotive cybersecurity or connected mobility are you most excited about over the next three years, and why?
The area of greatest excitement over the next three years is the maturation of Automated Vehicle Security Operation Centers (VSOCs).
Why it is exciting: Until recently, the concept of a "Security Operations Center" was reserved for corporate IT. Now, we are seeing the birth of VSOCs specifically designed for fleets.
Standardization via ISO/SAE 21434: We finally have a global "language" for automotive security. This allows different manufacturers and technology providers to communicate threats in a standardized format.
Fleet-Wide Immunity: When one vehicle in a fleet detects an attack, the VSOC can automatically distribute a "vaccine" (a security patch or configuration update) to every other vehicle in that fleet via Over-the-Air (OTA) updates.
The Mobility Link: This is the backbone of connected mobility. Without a robust, automated VSOC, autonomous ride-sharing and V2X (Vehicle-to-Everything) communication cannot scale safely. The excitement lies in the shift from protecting a car to protecting an entire ecosystem.
Felix Maag, Cybersecurity Architect, Daimler Truck
What emerging cybersecurity technology or capability do you believe will have the greatest impact on the automotive industry over the next five years?
On an everyday work level, AI will fundamentally change how we operate in cyber security – from how we analyze threats to how we create security work products. That impact is already visible and accelerating fast.
From an in-vehicle and architectural perspective, however, I strongly believe that crypto agility, digital identities, and trust assessment will be the real foundational enablers. Together, they form the basis for security architectures that can cope with long vehicle lifecycles, increasing connectivity, and continuously evolving threats.
Anyone who wants to explore these topics in more depth should take a look at the Automotive Security Trends Radar – it provides a very structured view on where the industry is heading.
What is your biggest concern facing automotive cybersecurity today, and how should the industry address it?
While I am convinced that quantum computing will become a major challenge for automotive cyber security – and one we already need to prepare for today due to long product lifecycles – this is not my biggest concern.
What worries me more is the growing bureaucracy associated with security in the automotive domain. Regulations are clearly a strong driver here and absolutely necessary, but in large organizations we must be careful that security does not become overly inefficient or perceived as a general blocker for the business.
The industry needs to ensure that cyber security remains effective, risk-driven, and pragmatic, rather than process-heavy for its own sake.
Which area of automotive cybersecurity or connected mobility are you most excited about over the next three years, and why?
I am most excited about the opportunity to fundamentally change the security mindset alongside the transition to the software-defined vehicle.
As the automotive industry becomes truly software-driven, security is increasingly accepted as an integral success factor, not just a compliance requirement. This gives us a unique opportunity.
Now we need to use this momentum to embed a modern, efficient cyber security culture – not only in architecture and tooling, but in the mindset of every manager and, even more importantly, every developer.
That cultural shift will be just as critical as any technology.
Kartheek Kumar, Senior Automotive Cybersecurity Expert at MAHLE, Limited Partner at Destrosolution
What emerging cybersecurity technology or capability do you believe will have the greatest impact on the automotive industry over the next five years?
Over the next five years, AI-driven threat detection and response systems—=, augmented by quantum-resistant cryptography, will exert the greatest influence on the automotive industry. These systems harness machine learning to identify anomalies in real time across vehicle networks, V2X communications, and software-defined architectures, enabling proactive mitigation of evolving threats such as ransomware and over-the-air exploits. By embedding predictive intelligence and quantum-secure encryption directly into software-defined mobility platforms, they transition cybersecurity from reactive patching to continuous, autonomous defense.
What is your biggest concern facing automotive cybersecurity today, and how should the industry address it?
My primary concern is the expanding attack surface across chip-to-cloud domain , where cyber incidents have grown massively in 2025 due to fragmented governance. The industry should address this through lifecycle-oriented risk management, establishing unified accountability under an integrated Cybersecurity Management System (CSMS). This approach should incorporate secure-by-design zonal architectures, cross-domain monitoring, and AI-powered quantum security protocols to ensure future-proof protection.
Which area of automotive cybersecurity or connected mobility are you most excited about over the next three years, and why?
I am most excited about AI-powered cybersecurity advancements in connected mobility, particularly secure V2X ecosystems and autonomous defense systems fortified by quantum security, over the next three years. These innovations enable dynamic threat mitigation that adapts to sophisticated AI-driven attacks while resisting quantum computing risks, creating resilient platforms that safeguard data integrity and enhance the driver experience in software-defined vehicles. This convergence will unlock seamless, trustworthy autonomous mobility ecosystems essential for the industry's future.