Research on Automotive Information Security: AI Fusion Intelligent Protection and Ecological Collaboration Ensure Cybersecurity and Data Security

At present, what are the security risks faced by intelligent connected vehicles? Automotive information security covers two aspects: cybersecurity and data security. Cybersecurity measures and data security technologies are embedded in the information security framework to form multi-layer protection.

intelligent connected vehicles have become integrated mobile smart terminals. The EEAs continue to evolve, but automotive information security attacks are increasing, including autonomous driving safety attacks (sensor failure and deception, software vulnerabilities and network attacks, decision algorithm defects, data privacy and security), vehicle-road-cloud integrated network attacks (Internet of Vehicles platform attacks, roadside infrastructure tools, satellite Internet attacks), and attacks on charging networks (new energy vehicle battery system attacks, charging station network attacks). For example, Toyota's network was reportedly hacked in August 2024, and Qualcomm identified a zero-day vulnerability, CVE-2024-43047 in October 2024, affecting its chipsets. Jaguar Land Rover was hacked in March 2025, resulting in the leakage of 700 internal documents. According to the 3 million+ vehicles monitored by Vecentek VSOC, security incidents in 2024 increased by 31% year-on-year compared with 2023.

In terms of policy, OEMs and specific models for both export and domestic markets must meet established standards and specifications (the European General Data Protection Regulation (GDPR), UN ECE WP.29 R155/R156, ISO/SAE 21434 "Road Vehicles-Cybersecurity Engineering", GB44495-2024 "Technical Requirements for Vehicle Information Security", GB/T 44464-2024 "General Requirements for Automotive Data", etc.). Only after meeting the information security specifications can vehicles be qualified to be launched on the market.

1. The trend of flattening the supply chain requires ecological collaboration and protection, and the shortened SDV iteration cycle increases the pressure of security testing

Software-defined vehicles (SDV) separate software and hardware. OEMs are currently adopting an iterative R&D model to shorten the new function release cycle to 3-6 months, so that the pressure of automotive software security testing is prominent. Faced with the threat of cybersecurity and data security, OEMs are increasingly integrating security practices into all phases of the vehicle lifecycle development within their agile DevOps for development and operation. They are gradually embracing the integrated development of DevSecOps.

With the trend of flattening the supply chain, OEMs now have to face more suppliers, and it is difficult for them to obtain device source code, and there is a lack of efficient firmware security testing tools. In view of this, OEMs are gradually increasing vulnerability management efforts and continuously strengthening software supply chain security efforts. Effective response measures include software bill of materials (SBOM) management, software composition analysis (SCA), code review, SAST, IAST, DAST, fuzz testing and other technologies. Among them, the software bill of materials (SBOM) includes not only component names, version numbers, suppliers, etc., but also license information, copyright statements, vulnerability data and other information. As one of the important tools for open source software governance and software supply chain security management, SCA generates SBOM as one of its important core functions, providing essential basic information for security in subsequent stages.

It is also worth noting that DAST has a collaborative value with IAST and SAST. DAST (dynamic application security testing) is a black box security testing technology that simulates external attacks (such as malicious request injection) when the application is running, and detects its dynamic response to detect security vulnerabilities. Collaboration between DAST and IAST: With Interactive Application Security Testing (IAST) accurate vulnerability positioning (such as code line level) is realized, the DAST false alarm rate reduces (from 30% to <5%). DAST and SAST are combined to form a "double inspection mechanism" (SAST for early repair of code defects + DAST for later verification of runtime security) to offer the protection in the full life cycle.

2. The application of AI in the field of automotive information security is evolving from single-point defense to intelligence and systematization

AI is reshaping the paradigm of automotive information security, shifting from passive protection to a closed loop of "prediction-defense-response". The application of AI in the field of automotive information security is evolving from single-point defense to intelligence and systematization. The main trends are reflected in two aspects: technology application and industrial ecology. The technology application trends include the following:

Cloud-edge-vehicle linkage: For example, NavInfo and Alibaba Cloud jointly build an intelligent cloud base to support the closed loop of autonomous driving R&D data and security strategy collaboration.

Deep collaboration between OEMs and technology companies (such as vertical foundation models and zero-trust architecture) will become mainstream, such as FAW Toyota × Tencent Cloud and NavInfo × Alibaba Cloud for joint research and development, focusing on the construction of "AI+security” platforms. Compliance requirements and global deployment will further drive scenario-based innovation of AI technology in line with regulations such as UN R155 and GB 44495-2024, and promote the application of AI in cross-border data and privacy protection (such as Vecentek's compliance solution for the EU).

In addition, VSOC (Vehicle Safety Operation Center) is developing towards intelligence and cloud computing to reduce the global deployment cost (Chery VSOC supports real-time translation in multiple languages).

Callisto S3-VSOC: Based on the AI-native automotive cybersecurity platform, Callisto S3 relies on the self-developed foundation model platform “Butterfly AI 2.0” (Automotive Safety Agent Cluster) to build an automotive safety agent cluster that integrates compliance, cognition and operation, enabling the process from vehicle abnormal reporting to cloud AI alarm analysis, automatically generating "Security Incident Investigation Report" in one sentence, and assisting compliance engineers in natural language interactive investigation, reducing the time spent on daily security operations by 65%.
Cognitive evolution (from experience to reasoning): Butterfly AI understands the semantics of CAN signals, diagnostic signals, remote control signals, etc. through foundation models, establishes attack maps and signal sequence behavior reasoning mechanisms, and truly transforms "data from traffic to attacks".
Ecological collaboration (from closed to linkage): TSP, remote diagnosis, OTA and intelligent driving platforms are connected to achieve natural language-driven collaboration between systems and support integrated automatic response processes.
Risk governance (from static defense to dynamic closed loop): Users can build and adjust security policies using natural language, and agents can continuously learn and evolve monitoring strategies based on feedback.

Inchtek’s inVSOC Automotive Security Operation Platform: inVSOC V3 uses a self-developed high-performance DAG execution engine to support multiple analysis operators such as sequence, parallel, extreme value, and difference, and conduct real-time processing and correlation analysis of massive vehicle logs.
① Dynamic strategy adjustment: Based on AI's adaptive learning, it continuously optimizes threat detection rules to respond to novel attacks (such as 0-day vulnerability);

② Generative AI-driven investigation response (GenAI) includes:
Alarm analysis assistant: Automatically associate the CVE/NVD vulnerability library, Auto-ISAC threat intelligence, generate alarm summary and disposal suggestions (for example: automatically match √CVSS score and recommend patch strategy).
Data insight assistant: Support natural language interaction (such as "show high-frequency attack sources in the past 7 days"), automatically generate visual charts, and accelerate operational decision-making.
Knowledge base Q&A: Integrate automotive safety knowledge base to answer operational questions such as compliance processes and incident handling specifications, and reduce personnel training costs.

Baidu's Vehicle Security Operations Center (VSOC)
AI risk assessment: When the VSOC receives events reported by IDPS, it only means that an event has occurred. Whether this event really poses a security risk can be automatically assessed by a foundation model, and a recommended solution can be given.
Alarm noise reduction: Based on the AI foundation model, the alarms can be whitened, deduplicated, aggregated, and automatically ignored to reduce noise.
Operation robot - Copilot: The VSOC integrates a natural language interactive robot dubbed Copilot based on a foundation model, which can guide the VSOC to perform automated statistics, report generation, risk interpretation, work order creation, security response, etc. through natural language.

With the continuous evolution of AI technology, the application of agents in security operation has moved from concept verification to actual implementation. In the existing intelligent operation system (such as the VSOC), agents mainly assume the following roles:
Automatic handling of simple events: For standardized and common security events with clear rules, agents can complete rapid detection, correlation analysis, and disposal based on preset rules and self-learning strategies, greatly avoiding manual intervention.
Complex event decision-making assistance:For security events with complex correlations and wide-ranging impacts, agents can integrate multi-source data, draw preliminary analysis conclusions, and provide decision-making references for operators. Finally, manual confirmation and optimization are carried out to achieve efficient response under human-machine collaboration.

With the continuous advancement of the deep integration of the VSOC and agents, security operation is evolving towards "agent centralization". A more efficient and intelligent security operation model will consist of VSOC + agent center + a small number of elite operators.

3. The application of post-quantum cryptography technology in the automotive industry has moved from technical accumulation to industrialization

The application of post-quantum cryptography technology in the automotive industry has moved from technical accumulation to industrialization under the impetus of both quantum threats and intelligent cybersecurity demand. In the short term, chip performance and standard unification should be handled. In the long term, a full-stack protection system of "algorithm-chip-communication-cloud platform" will be formed. OEMs should give priority to the layout of hybrid encryption, automotive chip certification and V2X security upgrades to cope with quantum security challenges in the next 10 years. The post-quantum cryptography migration strategy of the US NIST clearly states that for important infrastructure and business systems, the existing PKI algorithms will be replaced in 2028-2030.

Traditional asymmetric encryption algorithms like RSA and ECC are indeed vulnerable to attacks from quantum computers using algorithms like Shor's. This means that, if powerful quantum computers become a reality, public key cryptography systems relying on these algorithms for vehicle-to-cloud communication, OTA updates, and identity authentication could be compromised. The life cycle of a car is as long as 10-15 years, and quantum computers may break through in the next 10 years, so post-quantum protection should be deployed in advance.

One way to establish a quantum security system is to design Post-Quantum Cryptography (PQC), such as lattice cryptography and hash cryptography, and build a new public key cryptography system on this basis. Another way is to apply  Quantum Key Distribution (QKD) technology that guarantees security with physical laws.

QKD does not rely on certain mathematical problems and can achieve absolute security of information theories. Under such security, no matter how powerful the eavesdropper's computing power is (even if s/he has a quantum computer), s/he cannot crack the quantum key generated by QKD.

Case 1: In June 2025, Geely officially released the world's first quantum security technology for intelligent connected vehicles, pioneering the integration of quantum-resistant encryption, quantum secure communication and other technologies, from identity authentication to communication encryption, from command transmission to data protection, and then to behavior monitoring, to build a comprehensive security protection chain, and create a security foundation with quantum security as the core. Geely plans to connect data centers in Hangzhou, Huzhou, Deqing and other places to the national wide-area quantum security backbone network, using quantum state superposition, indivisibility, and non-cloning physical properties to produce and distribute quantum keys, and advance the security line to the initial stage of data generation, transforming the paradigm to "Security as a Service".

Case 2: In March 2025, UNI-SENTRY officially released the world's first "SPHINCS+ post-quantum cryptographic accelerator hardware IP" that supports mainstream MCUs, providing chip-level solutions for the next-generation information security through a software-hardware collaborative architecture. It enables all hardware, and uses specially optimized high-performance parallel cores and fully pipelined hash cores (SHA256) to accelerate the core components of SPHINCS+. In addition, compared with high-performance processors (Intel E3-1120 @ 2100MHz), it is more than x260 times faster than C code implementation.

On April 26, 2025, UNI-SENTRY and SemiDrive signed a strategic cooperation agreement. By integrating the hardware trust root of the dual-mode encryption engine (supporting Kyber key encapsulation and Dilithium digital signature), it will enable E3650 to better meet the millisecond-level response requirements of zonal controllers, chassis domain controllers, and intelligent driving domain controllers under the protection of post-quantum cryptographic algorithms. Based on E3650, they jointly developed a variety of flexible and configurable information security solutions that can meet the UN WP.29 R155, the national standard GB 44495-2024 and enterprise standards, and support national encryption algorithms.

In May 2025, UNI-SENTRY's solution of Sphincs+ post-quantum cryptographic algorithm was fully adapted to Renesas RH850 U2X. In June 2025, UNI-SENTRY officially released the world's first "ultra-lightweight 3-in-1 (Kyber+Dilithium+SHA3)" post-quantum cryptography (PQC) hardware accelerator IP. This product integrates the NIST standardized algorithm Kyber (key encapsulation) and Dilithium (digital signature) into a single IP core, providing a chip-level post-quantum attack solution for smart cars, covering core controllers for the power domain, intelligent driving domain, chassis domain, cockpit domain, and body domain.

4. Stricter policies and regulations force OEMs to make safety design in advance, shifting from "after-the-fact remediation" to "full life cycle safety design"

Since the release of the "Data Security Law" in 2021, national ministries and commissions have issued a total of 39 policies and regulations related to data security in the automotive industry (such as "Several Provisions on Automotive Data Security Management (Trial)", "Guidelines for Detecting Important Data in Connected Vehicles and Autonomous Driving", GB/T 41871-2022 "Information Security Technology - Security Requirements for Automotive Data Processing", GB/T 44464-2024 "General Requirements for Automotive Data", GB/T "Intelligent Connected Vehicles - Data Security Management System Specifications" (under preparation)) and 7 standards, so that the industry's data security management system is becoming perfect.

At present, the data security challenges faced by OEMs include a wide variety of data types and diverse attacks, such as 0-day attacks, supply chain risks (OEMs share data with many partners and suppliers, so third-party risks become an important source of data leakage), and human factors (employees' weak security awareness and operational errors are also important causes of data leakage). Therefore, it is necessary to construct a data protection and governance system for the entire life cycle, and it is recommended to strengthen the construction in the following aspects (see the figure below).

For example, Agile Technology's data life cycle security protection solution with the data guard system (DGS) as the core includes data classification and grading, data encryption and decryption, data leakage prevention, outbound control, watermark traceability, log audit and other functional modules, effectively preventing data leakage and providing integrated data security protection and management for OEMs. Agile Technology's data security protection solution has currently protected the data security of industry benchmark OEMs including FAW, Changan, Dongfeng, Geely, Hozon, smart, Wuling, and Yutong.

In addition, security provider Eagle Cloud has developed its own integrated office security platform based on the SASE architecture - Eagle Cloud Hub, which integrates Zero Trust Network Access (ZTNA), Data Leakage Prevention (DLP), Extended Detection and Response (XDR), and Unified Endpoint Management (UEM), providing a comprehensive, flexible and secure SASE integrated office security solution. Its customers include Geely, SERES, Leapmotor, Avatr, WeRide and others.