The automotive industry’s early adoption of artificial intelligence has opened it to a sharp spike in cyberattacks. That’s the finding of cybersecurity specialist Upstream in its 2026 Global Automotive and Smart Mobility Cybersecurity Report published Feb. 18.
Upstream operates a cloud-based, AI-powered data management platform purpose-built for connected vehicles, smart mobility, physical AI and the IoT ecosystem, per the release. The company is backed by Alliance Ventures (operated by Renault, Nissan and Mitsubishi), as well as Volvo Group, BMW and Hyundai Motor Group.
The company’s report found that cybersecurity attacks targeting automotive and smart mobility organizations more than doubled in 2025. According to Upstream, ransom-related cyberattacks accounted for 44% of all incidents, which is twice the number reported in 2024.
Upstream’s report follows the auto industry’s most prominent cyberattack, which last year targeted Jaguar Land Rover. The attack crippled the company’s IT systems and led to a worldwide vehicle production shutdown lasting nearly 40 days.
The rise of software-defined vehicles is also opening more avenues for potential cyberattacks, according to Upstream. In January, WardsAuto reported on NXP’s “post-quantum cryptography” technology, which the company claims may help offset the increased threats of automotive cybersecurity attacks.
The report concluded that the rise in cybersecurity threats is being driven by the rapid expansion of application programming interfaces (APIs) and AI-driven, software-based vehicle architectures, combined with the increased sophistication being used by organized threat actors.
It adds that there is a widening gap between the auto industry’s cybersecurity capabilities and those of sophisticated hackers, who are steering ransomware as the fastest-growing and most disruptive threat to the industry, per the report.
Upstream’s study analyzed 494 publicly reported cybersecurity incidents from 2025 within the automotive and smart mobility sector worldwide and identified two main trends.
First, AI-based architectures have dramatically expanded attack surfaces by introducing new entry points and systematic exposures across the entire ecosystem.
The second is financially motivated, with well-resourced and coordinated attack groups increasingly targeting the automotive and smart mobility sector. This led to a major escalation of ransomware attacks, which can potentially translate into billions of dollars in operational and economic losses.
Ransom attacks, however, are now spreading beyond IT and enterprise systems and into vehicles on the road. In mid-2025, attackers accessed remote vehicle command and control systems (through a companion app) and locked owners out by taking remote control of functions such as ignition and door locks. The attackers then demanded ransom payments to restore access to the vehicles.
The 2026 Global Automotive and Smart Mobility Cybersecurity Report found:
- 71% of cyberattacks were from black hat actors, up from 65% in 2024.
- 92% of automotive attacks were conducted remotely, of which 86% required no physical proximity to vehicles and systems.
- 67% of incidents involved telematics and cloud systems as attack vectors, where APIs serve as the enabler of a significant portion of incidents.
- 68% of incidents involved data and privacy breaches, while 34% of incidents were focused on business and operational disruption.
- 61% of incidents had the potential to impact thousands to millions of mobility assets, 20% of which were massive-scale events.
However, while the auto industry’s early adoption of AI has accelerated cybersecurity risks, it also provides faster response time to attacks, said Upstream’s co-founder and CEO Yoav Levy in the release.
“AI is also enabling attackers to move faster, at greater scale and with more automation, while the industry is still relying on security models built for a far more static world,” he added.
“Our 2026 report shows that AI significantly expands the cybersecurity attack surface, as traditional perimeter defenses no longer suffice when AI systems adapt dynamically and directly influence physical outcomes,” Levy said.
Analysts’ view
AI is a real risk for the automotive sector, providing AI‑enabled attack tools to use against the industry's broad and diverse supplier ecosystem, Andrei Quinn-Barabanov, supply chain industry practice lead at Moody's Analytics, said in an email to WardsAuto.
“Many small suppliers may have limited resources, either human or financial, to implement advanced cybersecurity measures,” Quinn-Barabanov wrote.
“A practical way to help mitigate this risk is to design and follow a disciplined process of sharing sensitive information with vulnerable suppliers, focusing on what information is essential to share and how to share it securely,” he added.
Meanwhile, there is an expectation that AI will be capable of deploying malware that rewrites its own code, exploits previously unknown security flaws and launches automated campaigns against thousands of targets simultaneously, said Eric Greaser, vice-president of the corporate finance group Moody's Ratings.
“A growing concern is the use of AI to automate vulnerability discovery, continuously scanning networks and applications for flaws such as missing patches or misconfigurations, at a scale and speed that outpaces defenders' ability to remediate them,” he said in an emailed response.
As of December 2025, Moody’s Ratings found that the automotive sector had the highest percentage of issuers that experienced a cyber-incident within the last 24 months,” according to Greaser. “At the same time, implementation of key cyber-controls is uneven and supply chain vulnerabilities remain a key concern,” he said.
