AUTOCRYPT, a leading global provider of digital key and automotive cybersecurity solutions, announceditsparticipationatthe 2026 Consumer Electronic Show (CES) in Las Vegas from January 6-9, whereitwillpresentitsfoundational and future-readysecuritysolutions.
Showcasing technologies that protect every layer of mobility, AUTOCRYPT will demonstrate three interconnected domains of expertise:
End-to-End Vehicle Key Management System: AUTOCRYPT’s key management infrastructure provides full-lifecycle generation, distribution, authentication, and access control of cryptographic keys across both on-board and off-board environments. By combining Public Key Infrastructure (PKI) and the Key Management System (KMS) with hardware-based protection through Hardware Security Module (HSM) and isolated execution via Trusted Execution Environment (TEE), cryptographic keys and digital access credentials are stored, transmitted and verified in a tamper-resistant manner. A demonstration of AUTOCRYPT’s digital key system featuring secure vehicle-user communication and cross-account key sharing will be available on-site.
Connected Mobility Security: Supporting safe interactions between the vehicle, user, environment and charging infrastructure, AUTOCRYPT provides robust and interoperable systems for Digital Key, Vehicle-to-Everything (V2X) communications, and Plug&Charge (PnC). These technologies support OEMs and mobility operators in meeting rigorous automotive safety and quality standards while enabling trusted connectivity across all mobility touchpoints.
Next-Gen Vehicle Security with Lifecycle Management: Adopting a holistic approach to automotive cybersecurity across every stage of the vehicle lifecycle, AUTOCRYPT will showcase AI-enabled risk assessment and automated testing solutions. This includes AI-based Threat Analysis and Risk Assessment (TARA) Automation, which applies AI-generated inputs to accelerate and strengthen fault injection and vulnerability testing. The Cybersecurity Testing Platform (CSTP) provides integrated validation aligned with global standards such as UN R155/156 and ISO/SAE 21434. CSTP Fuzzer, a core component of the platform, recently passed Amazon Web Services’ (AWS) Foundational Technical Review (FTR), enabling scalable, cloud-based security testing and proof-of-concept (PoC) deployments.
“As we reinforce our foundational security pillars and introduce future-ready, AI-driven capabilities, we remain committed to protecting all parts of the vehicle and mobility landscape,” said Seokwoo Lee, Founder and CEO of AUTOCRYPT. “By delivering tailored digital infrastructure solutions for OEMs, suppliers and end users, we will continue expanding our global ecosystem through strategic collaborations.”
Exhibiting at CES for the third consecutive year, AUTOCRYPT continues to demonstrate technological innovation within the automotive cybersecurity space. With additional on-site events to be announced, attendees are encouraged to visit AUTOCRYPT’s booth #4667 at the Las Vegas Convention Center’s West Hall for demonstrations and in-depth discussions with the company’s team of experts. Meetings are available by reservation only. Book a meeting at https://calendly.com/autocrypt_global/.
AUTOCRYPT is the leading player in automotive cybersecurity. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. Its comprehensive suite of automotive cybersecurity testing services and platforms includes the award-winning AutoCrypt CSTP, which supports automotive OEMs and suppliers in meeting regulatory standards ilke ISO/SAE 21434, UNECE WP.29 UN R155, and CRA.
In recent years, headlines showcasing how AI technology is being incorporated into automotive software solutions have become increasingly common. The establishment of dedicated AI facilities(e.g. Izmo’s Automotive AI Factory, Qualcomm’s AI R&D Center) and collaborative initiatives regardingAutomated Driving Assistance System (ADAS)development (e.gBosch & Cariad, GM & NVIDA) arejustafewexamplesofhow the automotive sector is rapidly embedding AI across the vehicle lifecycle.
When it comes to automotive safety software, AI adoptionhas advanced along two simultaneous fronts. In one dimension, AI is positioned as a Safety Enabler,actively embedded in tools and solutions to strengthen resilience, detect risks and improve the reliability of vehicle platforms. From another perspective, AI is treated as aSafety-Critical Element, subject to rigorous standards and certificationsto ensurethat its deployment is trustworthy, robust and auditable.
This blog aims to explore these two complementary perspectives on AI in automotive safety—one driven by industryinnovation and the other shaped by regulatory and standards-based assurance. Together, they illustrate how AI has evolved from a promising technology to a core component of both engineering practice and compliance frameworks.
AI as a Safety Enabler
Across both the development and operationalstages,OEMs, Tier1 suppliers and cybersecurity firms are applyingAIto augment safety functions— strengthening resilience through proactive risk detection, automated testingand system-wide awareness.
I. Development Stage
In the development stage, AI is increasingly used to validatesafety-criticalcomponentsby automating test generation and expanding scenario coverage.
Fault Injection and Vulnerability Testing
Traditional fuzzing relies on random or manually crafted test inputs, which can miss subtle flaws. AI-enabled fuzzing, by contrast, generates protocol-specific, context-aware test cases at scale, uncovering vulnerabilities more quickly and systematically. A representative example is theAutoCrypt CSTP Security Fuzzer Solution which leverages AI-generated inputs to probe in-vehicle communication protocols and expose weaknesses in ECUs, braking controllers and telematic units with greater depth and coverage.
Scenario Generation & Simulation
Another area where AI enhances safety is in the generation of synthetic, edge-case scenarios that supplement baseline test datasets. Addressing a key challenge of ADAS and AV validation surrounding reflection for rare, safety-critical scenarios,AI allows engineers to proactively evaluate system safety under unusual conditions. The Gatik Arena platform illustrates this approach, employing techniques such as NeRFs, 3D Gaussian splatting and diffusion models to create synthetic scenarios, which are then fed into a modular simulation engine for end-to-end validation.
System-Level AI Safety Architecture
Beyond individual tools, AI is also embedded into holistic safety frameworks that span the entire lifecycle of software-defined vehicles. Theseframeworksaccountfor the multi-dimensional nature of automotive software, monitoring and validating AI performance from training to deployment. The NVIDIA AI Systems Inspection Labhighlights this application, offeringasafety framework that integrates cloud-based training oversight, model inspection and in-vehicle runtime validation to ensure system-wide assurance.
II. Operational Stage
AI also plays a crucial role in maintaining and extending safety during vehicle operation, both at the individual and fleet level.
Sensor-Aided Risk Detection
Leveraging multi-modal data fusion, AI enables vehicles to analyze real-time inputs from tires, cameras, radar and LiDAR to identifyconditions that could compromise safety.The collaboration between AEye and Blue–Bandillustrates this approach: bycombining AEye’sOPTIS™ autonomous system and Apollo long-range LiDAR with Blue–Band’s AI orchestration platform, the solution delivers real-time insights for traffic monitoring, incident detection, and adaptive road safety management.
Fail-Safe & Safety Redundancy Systems
Overcoming the limitations of traditional automotive systems which often fail to account for systemic decision-making errors, AI continuously interprets both the driving environment and system health to determine when fallback responses are necessary. The patent forGuident’s Remote Monitoring and Control Center (RMCC)representsthis scenario: it’s AI-driven fusion system processes sensor data from multiple autonomous vehicles and can assume remote control when risk levels exceed predefined safety limits.
Reflecting the fact that safety hazards regarding environmental disruptions affect entire fleets, AI enables fleet-level data aggregation and threat analysis, transforming distributed sensor inputs into system-wide safety insights. NIRA Dynamic’s partnership with BANFdemonstratesthiswiththeintegration of triaxial tire sensor data into fleet management systems, enabling large-scale hazard detection and broadcast-level warnings to improve fleet safety.
AI as a Safety-Critical Element
While AI enables safer and more resilient automotive systems, it is also recognized as a safety-critical elementrequiring rigorous evaluation to ensure trustworthiness. This perspective is reflected in a series of international standards: ISO 26262: 2018, ISO 21448: 2022 and ISO/PAS 8800: 2024.
I. ISO 26262: 2018 (Functional Safety)
The ISO 26262standard focuses on addressing hardware and software faults inside road vehicles that can lead to hazardous behavior. While it does not directly reference AI or ML, AI modules are implicitly covered as safety-related componentthat may fail due to defects in software implementation, hardware execution, or system integration.
The first connection appears in the definition of a “safety-related item” under Part 3. System & Item Definition. Any component which failure could lead to a hazard qualifies, and thus AI modules can be treated as such. Similarly, Part 3. System & Item Definitionand Part 4. Hazard Analysis & Risk Assessment (HARA)define “hazards” asmalfunctionsrequiringassignment of an Automotive SafetyIntegrityLevel (ASIL). Underthisframework, AI failuressuchasobject misclassification or aneural network crash can be classified and addressed as safety hazards.
The standard also indirectly applies to AI within software and hardware development. For example, Part 5. Hardware Developmentrequires diagnostic coverage and safety mechanisms for critical hardware faults. This extends toSoCs or accelerators running AI inference (e.g. GPUs, NPUs), which must be safeguarded to prevent silent failures that could compromise AI workflows.
While ISO 26262 provides a baseline framework for addressing AI malfunction scenarios, it falls short in covering the non-deterministic behavior of AI systems. These gaps have prompted the development of complementary standards — ISO 21448, ISO/PAS 8800— to more fully address AI-related safety risks.
II. ISO 21448: 2022 (Safety of the intended functionality, SOTIF)
WhereasISO 26262 focuses on risks from system malfunctions, ISO 21448addresses situations where the system behaves as designed butstill poses safety risks under certain conditions. As with ISO 26262, terms explicitly referencing AI or machine learning are absent. Nevertheless, the standard is widely recognized as highly relevant to AI-driven systems, which are especially sensitive toincomplete data, edge cases and unknown scenarios.
One key concept appears in Clause 11. Hazardous Scenarios, which introduces the distinction between “known hazards” (anticipated cases) and “unknown hazards” (unanticipated conditions). The latter is particularly relevant to AI, as machine learning models are prone to failure when exposed to out-of-distribution inputs. The standard emphasizes the need to achieve acceptable residual risk even in such unknown conditions.
Expanding beyond definitions,Clause 9. Verification and Validationstresses the importance of robust validations strategies that go beyond normal operating conditions. This is especially critical for AI/ML systems, as traditional deterministic testing methods cannot guarantee complete coverage of rare, long-tail scenarios.
By incorporating concepts of non-deterministic behavior and unquantifiablerisks, ISO 21448plays a crucial role in framing AI-related safety challenges in automotive systems. Ithighlights how limitations in AI perception and decision–makingcan result in unsafe outcomes. However, with methodologies for residual risk evaluation still relying on conventional statistical methods, there remain limitations in guaranteeing coverage for rare or unforeseen inputs.
III. ISO/PAS 8800: 2024 (Safety and artificial intelligence)
Building on the foundations of ISO 26262 and ISO 21448,ISO/PAS 8800provides the first global assessment framework dedicated to systematically evaluating AI systems in road vehicles. The document explicitly states its intent to extend and adapt the principles of functional safety (ISO 26262)and SOTIF (ISO 21448) to AI and machine learning elements.
ISO/PAS 8800 raises AI-specific safety concerns directly, linking identified hazards to clear safety requirements and goals. It details procedures covering the entire lifecycle of AI systems including dataset quality management, model development and safe deployment practices. In addition, the standard also places emphasis on runtime monitoring and post-deployment governance, ensuring continuous oversight of AI performance.
Through this framework, ISO/PAS 8800 ensures that AI safety measures are embedded from the earliest stages of system design through post-deployment operation, closing gaps left by prior standards and providing a structured foundation for AI assurance in automotive systems.
Future Progress of AI in Automotive Safety
As illustrated in the previous sections, the automotive safety industry has approached AI from two contrasting angles: as a defense mechanism to strengthen safety levels, and as a potential risk factor requiring strict evaluation. Nevertheless, both perspectives converge on the same overarching goal— leveraging AI to improve resilience of automotive systems against internal flaws (i.e.software errors, model weakness) and external risks (i.e.environmental hazards, cyber threats).
Looking ahead, the progress of AI in vehicle systems will center on two parallel developments: advancing innovation in AI-driven safety tools and establishingrigorous compliance and certification frameworks. As this dual evolution unfolds, AUTOCRYPT is committed to playing a leading role in not only providing solutions that integrate AI to enhance safety and resilience but also by staying closely aligned with the evolving regulatory landscape that governs the safe deployment of AI-embedded vehicle systems.
AUTOCRYPT, a leading automotive cybersecurity solutions provider, announced that the company’s automotive software testing tool, AutoCrypt CSTP Fuzzer, successfully received the Amazon Web Services (AWS) Foundational Technical Review (FTR) validation, enabling the solution to earn Partner Software Path Certification. The FTR is a rigorous technical assessment conducted by AWS to ensure that solutions meet best practices in areas such as security, reliability, and operational compliance. This achievement lays the groundwork for offering the solution in a cloud-based Software as a Service (SaaS) format.
The AutoCrypt CSTP Fuzzer solution is a key component of the AUTOCRYPT’s Cybersecurity Testing Platform (CSTP), a security diagnostic tool that leverages fuzzing techniques to automatically detect and analyze potential vulnerabilities around vehicle communications. By passing the AWS FTR validation process, the solution has demonstrated compliance with AWS standards for Security, Reliability and Operational Excellence.
Strengthening Global Presence with AWS Integration
Through listing the solution on the AWS Marketplace, AUTOCRYPT anticipates expanded opportunities to serve international markets by making it easier for customers to access its authorized software solutions. With the solution accessible through virtual Windows environments based on AmazonWorkSpaces,a fully managed desktop computing service, users can perform security testing and proof-of-concept (PoC) activities in a SaaS environmentwithout complex installation or hardware setup.
Cybersecurity Mandates Fuel Demand for SaaS solutions
With automotive cybersecurity regulations set to become mandatory by 2028 for most vehicles sold globally — and the Cyber Resilience Act (CRA) extending security requirements across all digitally connected industries — demand for cloud-based SaaS solutions have emerged as a strategic choice for stakeholders seeking to balance development efficiency and regulatory compliance.
In response to these shifts, AUTOCRYPT is pursuing broader cloud-based deployment of its automotive cybersecurity solutions, starting with the launch of AWS-certified SaaS products. This supports the company’s long-term strategy to scale its SaaS business model, diversify revenue streams, and accelerate international growth.
Founder and CEO, Seokwoo Lee said, “This marks a significant milestone for Autocrypt as it validates the reliability of our technology within the cloud ecosystem. With the global SaaS market projected to reach USD 370 billion, and the automotive software market estimated at USD 600 trillion by 2030, we are committed to reinforcing our global footprint by positioning cloud-based security solutions as a key pillar of future growth.”
AUTOCRYPT is the leading player in automotive cybersecurity and smart mobility technologies. It specializes in the development and integration of security software and solutions for in-vehicle systems, V2X communications, Plug&Charge, and fleet management, paving the way towards a secure and reliable C-ITS ecosystem in the age of software-defined vehicles. Its comprehensive suite of automotive cybersecurity testing services and platforms includes the award-winning AutoCrypt CSTP, which supports automotive OEMs and suppliers in meeting regulatory standards ilke ISO/SAE 21434, UNECE WP.29 UN R155, as well as other emerging global standards.
As we enter an era increasingly populated by highly autonomous vehicles, there is a vast range of dynamic driving scenarios that Automated Driving Systems (ADS) may encounter. From hazardous environmental conditions to internal system failures and external cybersecurity risks, ensuring ADS safety across diverse operating situations is essential for enabling safe autonomous driving experiences.
The recent release of “ISO 34505: 2025”underscores this need by providing a structured framework for generating, evaluating and managing test scenarios that reflect real world driving conditions. By standardizing how test scenarios should be defined and tested, the initiative aims to enable consistent, repeatable validation practices across the industry and thereby support development of robust ADS provision.
As autonomous systems grow more complex, the need for robust, scalable validation practices become increasingly critical. In response, an integrated approach — combining regulatory audits, system-level testing and adversarial simulations — provides OEMs and Tier 1 suppliers a structured path for both vehicle safety and regulatory compliance. Focusing on cybersecurity, this blog outlines the key components and methodologies of ADS Validation, and demonstrates how an integrated approach can be effectively executed.
Automated Driving System (ADS) Validation: Approach & Methodology
According to “SAE J3016: 2021”, Autonomous Driving System (ADS) refer to thecollective technology stack responsible for performing dynamic driving tasks (DDT) at SAE Level3 and above. With the system taking full responsibility for autonomous decision-making and vehicle control, validating ADS safety calls for identifying diverse validation targets and a multidisciplinary process for executing them.
The first pillar, Functional Performance, focuses on ensuring theembedded vehicle system behaves as expected across a full range ofdriving conditions — particularly under abnormal scenarios such as complex environments or sensor limitations.In alignment with the“ISO 34505: 2025” standard, which outlines scenario-based ADS testing, this pillarevaluates system capabilities in perception, decision making and control execution under realistic conditions.
The second pillar,Internal System Reliability, addresses resilience against system-levelfaults. This includes the inspection offault detection mechanisms, hardware failure mitigation strategies, and adherence withAutomotive Safety Integrity Level (ASIL) grades. Relevant to the “ISO 26262: 2018” standard defining the framework around electrical/electronic (E/E) system failures, this pillar assesses the system’s ability to maintain safety in the presence of internal malfunctions.
The third factor, External Cybersecurity Resilience, evaluates the system’s tolerance against external cybersecurity threats. Verification over secure communication and data integrityunder potential attackssuch as vehicle hacking, spoofing and denial-of-service (DoS)) is a key objective of this pillar. Associated with the “ISO/SAE 21434: 2021” standard illustrating cybersecurity risk management for vehicle E/E systems across the lifecycle, this phase assesses the system’s ability to proactivelymitigate attack vectors targeting sensors, ECUs and OTA updates.
II. Techniques
While various techniques exist to evaluate functional performance, system reliabilityand external attack resilience, this blog focuses on three core cybersecurity validation methods — Compliance Auditing, Software-in-the-Loop (SiL) Module Testing, Hardware-in-the-Loop (HiL) Penetration Testing — to better illustrate the differences across diverse validation approaches.
The first technique, Compliance Auditing, focuses on verifying whether development practices and system architectures align with established safety and cybersecurity regulations (e.g. ISO/SAE 21434, UN R155). This method is widely used by OEMs and Tier 1 suppliersto conduct gap analyses during early-development stages or in preparation for CSMS Certification audits, to check whether internal processes conform to regulatory requirements.
AutoCrypt CSTP Complianceserves as a representative tool to accommodate these needs by validating vehicle vulnerabilities on a unified platform. It supports multiple testing domains including Security Validation, Functional Testing, Penetration Testing, Fuzz Testing and Vulnerability Testing and consolidates results into a comprehensive reportsuitable for regulatory submission.By combining testing execution and documentation, it reduces redundant tasks and streamlines the compliance process.
Another key validation technique is Software-in-the-Loop (SiL) Module Testing, which assesses robustness of embedded security components in virtualized test environments before hardware integration. Commonly applied to TEE (Trusted Execution Environment) based key management testing and V2X certificate handling simulation, this technique enables rapid iteration and early validation of security logic in controlled conditions, before advancing to high-cost hardware testing.
In accordance with these needs, the AutoCrypt CSTP Functional Tester validates hardware-dependent security functions using virtual ECU models in a Software-in-the-Loop (SiL) environment. By integrating communication interfaces, debugging tools, ECU source code and test code, this solution facilitates early detection of design flaws and integration issues well before mass production.
Another core testing approach is Hardware-in-the-Loop (HiL) Penetration Testing,which evaluates cybersecurity resilience of physical ECUs by simulating real-world attack vectors in controlled HiL testing environments. Often applied for in-vehicle network fuzz testing and Telematics Control Units (TCUs) penetration testing, this technique identifies system vulnerabilities under actual runtime configurations, moving beyond theoretical scenarios.
Serving this purpose, the AutoCrypt CSTP Fuzzer solution actively injects malformed, unexpected inputs into in-vehicle networks to test ECU-level resistance to cyber intrusions. Coveringa broad spectrum of communication layers including theNetwork Layer (e.g. CAN, CAN-FD, Automotive Ethernet), Application Layer (e.g. UDSonCAN, UDSonCAN-FD) and Transport/Data Layer (e.g. VehicleCAN, VehicleCAN-FD), the tool enablesprecise testing of vehicle systems under a wide range of adversarial conditions.
Effective ADS Validation through an Integrated Approach
With a wide range of checkpoints to address and multiple techniques available, establishing a cohesive and effective strategy for ADS validation is essential. To meet this need, a structured progression — fromCompliance Auditing to Software-in-the loop Testing and finally to Penetration Testing — offers a practical pathway for comprehensive and efficient ADS validation.
At the first stage, Compliance Auditingdefines the baseline and sets the strategic direction through regulatory compliance and process control.
Next, software design implementation and testing activities are supported through Software-in-the-Loop (SiL) Module Testing, which enables validation before hardware integration.
Lastly, Hardware-in-the-Loop (HiL) Penetration Testing technique can be utilized to observe real-world cybersecurity readiness under adversarial conditions.
This layered approach demonstrates how each phase builds upon and reinforces the next, enabling a robust and scalable validation framework.
With AUTOCRYPT being an authorized Vehicle Type Approval (VTA) Technical Service (TS) Provider , the firm is uniquely positioned to integrate diverse testing techniques and facilitate comprehensive ADS validation through the AutoCrypt CSTP Platform. From the AutoCrypt CSTP Compliance, which ensures design-level safety, to the AutoCrypt CTSP Functional Tester, which verifies correct functional behavior and the AutoCrypt CSTP Fuzzer able to test attack resilience, the platform enables a unified security analysis by consolidating all validation layers into a single, integrated platform.
Supporting a streamlined process for Vehicle Type Approval fromADS validation to export of results into compliance documents (e.g. TARA Report, Cybersecurity Test Report), the whole approval process can be effectively managed.
To learn more about the Autocrypt CSTP platform, check this page. For more information about our comprehensive suite of our automotive products & offerings, check this page.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
