Automotive Cybersecurity Threats: GenAI Models Possibly Imperiling the Supply Chain

In the rapidly evolving world of technology, generative AI (GenAI) models, systems that learn independently, evolve, and act autonomously, have become integral components of various IT systems. However, their widespread adoption also brings forth a new set of cybersecurity concerns, particularly in the automotive industry.

GenAI models, deeply embedded in the core of AI-capable, software-defined vehicles, pose a persistent, "living" cybersecurity risk to the supply chain. Cyber attackers can manipulate these models to bypass security checks, potentially exposing personal data.

One significant concern is the lack of transparency and traceability. In many cases, the identity of the creator of the GenAI model is not disclosed, and the source of the training data cannot be verified. This opaque nature of AI development raises concerns about data quality and transparency in AI applications for automotive use.

Moreover, the behaviour of GenAI models depends on the data they are trained on and their continuous learning process. Manipulated GenAI models can be exploited by cybercriminals to trigger unintended or harmful behaviour. The Imprompter attack demonstrated this vulnerability by exfiltrating personal data using concealed malicious prompts in open-source chatbots.

The behaviour of these models can also be impacted by the Model Context Protocol (MCP) proxies placed between the application and the GenAI model. While these proxies are essential for governance, their practices can impair transparency, traceability, and risk management.

Without an AI-specific Software Bill of Materials (AI-SBOM) or equivalent tracking, DevOps teams risk unknowingly using outdated or untrustworthy MCP proxy versions, opening new attack vectors. Robust security tests, including penetration tests and prompt injection tests, should be conducted before AI model deployment to detect abnormal behaviour and evaluate robustness against cyber attacks.

The cybersecurity risk is distributed across all phases of the lifecycle of a GenAI model. If such techniques were applied to speech assistants or infotainment systems in vehicles, cyber attackers could issue false navigation commands, secretly record private voice interactions, or trigger other unauthorized actions.

Addressing these challenges requires a redefinition of the cybersecurity framework for AI in the automotive industry. VicOne CEO Max Cheng discussed this redefinition in a recent YouTube presentation. VicOne has also unveiled a new threat intelligence platform, xAurient, designed specifically for the automotive industry.

However, the issue of AI potentially replacing half of the workforce, as expressed by Ford CEO, adds another layer of complexity to the discussion. As we navigate this digital transformation, striking a balance between technological advancement and cybersecurity will be crucial.

Automotive Cybersecurity Threats: GenAI Models Possibly Imperiling the Supply Chain