Automotive Data and AI Drive Cybersecurity in an Era of Massive-Scale Cyber Threats

This guest blog post is authored by Yoav Levy, CEO and Co-founder of Upstream Security, a company that provides a cloud-based data management platform purpose-built for mobility and IoT, delivering unparalleled cybersecurity extended detection and response (XDR) and data-driven applications. The Upstream Platform secures more than 25 million connected vehicles and IoT devices and is trusted by large vehicle manufacturers and IoT service providers.

The automotive industry is undergoing a seismic transformation, driven by connected vehicles, software-defined architectures, electric vehicles, and AI-powered mobility solutions. However, with this innovation comes an escalating wave of cyber threats targeting critical systems, from telematics and APIs to backend infrastructures. To combat these threats, automakers and mobility providers are turning to the power of digital twins to enhance cybersecurity, predict risks, and fortify resilience.

Upstream’s 2025 Automotive & Smart Mobility Cybersecurity Report underscores the urgency of this shift, revealing that 409 new publicly reported cyber incidents occurred in 2024 alone. Nearly 60% of these incidents had a high-scale impact, affecting millions of vehicles, fleets, and mobility services. The digital twin offers a cutting-edge approach by leveraging automotive data for real-time monitoring, anomaly detection, and AI-powered response mechanisms.

Digital Twins: A New Paradigm for AI-Powered Automotive Cybersecurity

Traditional approaches have been largely reactive, responding to threats only after they occur. With cyberattacks growing in sophistication—such as the 108 ransomware incidents recorded in 2024 that disrupted dealership networks and vehicle operations—a proactive, network-wide approach is needed. 

The solution lies in harnessing AI-driven digital twins to provide real-time threat intelligence and automated mitigation.

A digital twin is a dynamic, virtual representation of a vehicle, fleet, or mobility ecosystem. By continuously ingesting real-world data from sensors, telematics, API endpoints, and backend infrastructures, digital twins enable automakers to detect anomalies, and anticipate cyber threats before they escalate, impacting safety, operations, data integrity, and trust.

Digital twins make it possible for frameworks to detect irregularities, identify unauthorized access and mitigate threats through predictive AI models. Those capabilities are essential to address the ever-changing threat landscape. For example, a recent API vulnerability leveraged license plate numbers to access unauthorized dealer and vehicle registrations. By leveraging vast amounts of network data, digital twins continuously learn from anomalies detected across an entire ecosystem, rather than just within a single vehicle or system. This network-centric approach ensures that threat intelligence is shared across all connected entities, significantly reducing response times and mitigating risks before they propagate.

Expanding Digital Twins Beyond the Vehicle

The electrification of mobility has introduced new cybersecurity risks, particularly in EV charging networks. Cyber incidents targeting EV charging infrastructure surged by 50% in 2024, with nearly 74% of attacks resulting in service disruptions. The interconnected nature of charging stations makes them a prime target for cybercriminals aiming to exploit backend vulnerabilities. A digital twin-based cybersecurity framework could flag such vulnerabilities, preventing potential serious security risks.

Digital twins don’t stop at the vehicle. They offer a network-wide perspective – integrating vehicle infrastructure, IoT device, and backend data into a single intelligent framework. This allows for real-time threat detection, continuous monitoring of charging station security, and correlation between charging activities and their impact on vehicles. With AI-driven analytics, mobility providers can detect early signs of cyber threats and activate automated responses, stopping attacks before the cause harm. 

Upstream & Cisco: Enabling Innovative Cybersecurity with the Power of the Network 

Automakers can’t fight this battle alone. Strategic partnerships are essential in building a resilient and secure mobility ecosystem. Upstream’s collaboration with Cisco – through its integration with Cisco’s Mobility Services Platform, including IoT Control Center, a global leader in connected vehicle management, and Splunk’s digital resilience platform – exemplifies how industry leaders are working together to enhance network-wide cybersecurity visibility and response.

Cisco’s industry-leading security infrastructure, combined with Upstream’s AI-driven automotive cybersecurity detection & response platform (XDR), creates an advanced, layered defense strategy. By integrating Cisco’s network security capabilities with Upstream’s expertise in connected vehicle data analysis, this enables comprehensive threat detection across multiple attack vectors—including cloud services, vehicle APIs, backend networks, and connected devices.

Beyond Compliance: The Evolution of AI-Powered Vehicle SOCs

Regulations like UNECE WP.29 R155 and ISO/SAE 21434 provide an important foundation—but they aren’t enough.

As attacks become more sophisticated, the future of cybersecurity lies in AI-driven vehicle security operations centers (vSOCs) that integrate digital twins for real-time analysis, predictive threat detection, and automated incident response.

Next-generation vSOC frameworks use digital twins to map out potential attack scenarios, simulate security breaches, and refine cybersecurity strategies before real-world threats occur. This approach ensures that automakers and mobility providers remain ahead of cybercriminals, safeguarding vehicles, fleets, and critical infrastructure against large-scale disruptions.

Upstream’s Ocean AI: AI & ML Advanced Anomaly Detection, Investigations and Response for the Automotive Ecosystem

At the core of this AI-driven approach is Upstream’s Ocean AI—an advanced AI suite embedded within the platform. Ocean AI empowers cybersecurity and teams with ML-powered detection, advanced profiling, as well as large-scale investigation capabilities: natural language insights, investigation workflows, and generative capabilities that analyze vast amounts of vehicle, API, and telematics data in real time.

As one of today’s most transformative technology trends, generative AI unlocks new opportunities for the automotive sector. With Ocean AI, users can query the system in simple language, receive contextual summaries of incidents, generate hypotheses about root causes, and automate tasks that once required extensive manual effort.

Looking forward, Upstream’s broader vision involves deploying additional AI agents—each focused on a different domain, from threat detection and vulnerability assessment to anomaly resolution. This direction represents a leap forward in how automakers and mobility providers can scale their operations and stay ahead of complex challenges.

By leveraging the power of network-wide automotive data, digital twins coupled with advanced AI enable stakeholders to secure their entire mobility ecosystem, enhance API and telematics security, and ensure the resilience of IoT devices and EV charging infrastructure. As the mobility landscape continues to evolve into critical infrastructure, cybersecurity must be embedded into every layer of innovation—and digital twins provide the key to making that vision a reality.