VicOne’s analysis of the automotive cybersecurity incidents in 2025 reveals a structural shift: attacks are no longer confined to a single layer of the automotive ecosystem. Compared to 2024, when incidents were largely concentrated on cloud and backend systems, recent attacks increasingly span enterprise IT, off-board infrastructure, and in-vehicle environments.
Expanding attack surface reflects governance gaps
What may appear to be an expanding attack surface is not a sudden evolution in attacker strategy, but the result of architectural convergence. Vehicles, cloud platforms, and enterprise IT are now tightly coupled by design while governance, ownership, and decision-making remain fragmented.
Figure 1. Cyber incidents in 2025 increasingly span multiple system domains, underscoring the growing disconnect between integrated automotive architectures and fragmented risk governance
As technical boundaries dissolve and accountability structures lag, the automotive industry is no longer managing isolated risks. Overlapping legacy platforms, software-defined systems, and AI-enabled technologies must be secured under governance models built for separation rather than convergence.
Overlap era: A new operating reality
In its 2026 Automotive Cybersecurity Report, “Crossroads: Automotive Cybersecurity in the Overlap Era,” VicOne defines the Overlap Era as the sustained phase in which traditional vehicle platforms and software-defined and AI-enabled technologies coexist within the same operational ecosystem. In this new operating reality, risk does not phase out as platforms evolve; it accumulates across domains and generations.
Drawing from VicOne’s unparalleled threat intelligence, including incident analysis, vulnerability data, and independent research, the report identifies where exposure is compounding andwhere governance must evolve to keep pace.
Key findings from the overlap era
Figure 2. Growth of critical and high-severity automotive vulnerabilities in the last decade.
High-severity risk is compounding across generations. In 2025, 765 critical and high-severity automotive vulnerabilities were observed, continuing a sustained upward trendsince 2017. Many weaknesses persist across shared platforms and long product lifecycles, increasing the effective duration of cyber risk rather than allowing it to decline through remediation cycles.
11% of risk lives outside CVE visibility. While most vulnerabilities are tracked through CVEs, a meaningful portion emerges through zero-day discoveries and independent research. Since 2024, 174 automotive zero-day vulnerabilities have been uncovered through Pwn2Own Automotive, demonstrating that governance models that rely solely on formal enumeration leave blind spots in executive risk awareness.
Figure 3. AI risk patterns examined in the Vicone 2026 Automotive Cybersecurity report: model supply-chain compromise, automated exploitation through AI orchestration, and assistant-mediated content injection.
AI is redefining the in-vehicle attack surface. As in-vehicle AI evolves from passive assistance to agentic functionality, new attack paths emerge. Traditional cloud-centric guardrails are insufficient for real-time, edge-based environments.
The convergence of legacy platforms, software-defined systems, and AI-enabled technologies has brought the industry to a critical crossroads — one where decisions made today aroundcybersecurity governance, architecture, and accountability will determine how trust, safety, and resilience are sustained across future vehicle platforms.
Download the full “Crossroads: Automotive Cybersecurity in the Overlap Era” report to understand the risks and the practical steps forward in modern automotive cybersecurity.
