Finite State to Showcase AI-Driven Automotive Cybersecurity Strategies at Auto-ISAC Europe 2026
Finite State, a recognized leader in product security and software supply chain risk management, has announced that its Chief Security Officer, Sharon Hagi, will deliver a keynote presentation at the Auto-ISAC Europe Cybersecurity Workshop 2026. The keynote, titled “AI Closes the Window: Automotive Supply Chain Security in an Accelerated Threat Environment,” is scheduled to take place from 11:40 a.m. to 12:10 p.m. on June 24, 2026, at the renowned Spazio Ferrari Maranello in Maranello, Italy.
The presentation comes at a time when the automotive industry is undergoing a profound digital transformation. Vehicles are rapidly evolving into highly connected, software-defined platforms that rely on millions of lines of code, cloud services, mobile applications, and extensive supplier networks. While these advancements are enabling new features, services, and business models, they are also introducing unprecedented cybersecurity challenges.
Hagi’s keynote will address the realities of protecting modern automotive ecosystems in an environment where cyber threats are accelerating and software complexity continues to grow. The session will focus on how organizations can strengthen product security programs, improve visibility across software supply chains, and build scalable security workflows capable of keeping pace with modern vehicle development.
The Growing Cybersecurity Challenge for Automotive Manufacturers
The automotive industry has become one of the most technology-intensive sectors in the world. Today’s vehicles are no longer isolated mechanical machines; they function as interconnected computing platforms equipped with advanced driver assistance systems, over-the-air update capabilities, telematics services, cloud connectivity, and increasingly autonomous features.
This shift toward software-defined vehicles has transformed cybersecurity from a compliance requirement into a critical business priority. Original equipment manufacturers (OEMs), suppliers, and mobility providers must now manage software security throughout the entire vehicle lifecycle—from design and development to deployment and maintenance.
As the volume of software increases, organizations face mounting challenges related to software complexity, vulnerability management, supplier oversight, and regulatory compliance. Security teams are tasked with identifying genuine risks among thousands of reported vulnerabilities while simultaneously ensuring that development cycles remain efficient and competitive.
According to Finite State, the increasing complexity of connected vehicle ecosystems requires a more comprehensive approach to cybersecurity—one that integrates visibility, automation, and continuous risk assessment across every layer of the software supply chain.
Addressing the Reality of Modern Vehicle Development
A key focus of Hagi’s keynote will be helping automotive organizations understand how traditional security approaches are struggling to keep pace with modern development environments.
Historically, cybersecurity programs often relied on manual processes, fragmented tools, and periodic assessments. While these methods may have been sufficient for less complex systems, they are increasingly ineffective in environments where software is continuously updated and sourced from numerous suppliers.
Modern vehicles contain dozens, and often hundreds, of electronic control units (ECUs), each running firmware and software components obtained from various vendors. Managing security across these interconnected systems requires organizations to maintain accurate visibility into what software exists within their products and how vulnerabilities may affect deployed vehicle platforms.
Hagi is expected to discuss how AI-powered security approaches can help organizations close the gap between rapidly evolving threats and the industry’s ability to respond. By automating analysis, improving visibility, and accelerating decision-making, security teams can focus their resources on the vulnerabilities and risks that truly matter.
Navigating Regulatory and Compliance Pressures
European automotive organizations are facing increasing cybersecurity requirements as regulators introduce stricter expectations regarding software transparency, vulnerability management, and product security governance.
Vehicle manufacturers and suppliers must demonstrate not only that they have implemented cybersecurity controls but also that those controls remain effective throughout the lifecycle of a vehicle. This requires continuous monitoring, detailed documentation, and evidence-based compliance processes.
Hagi’s keynote will explore how organizations can adapt to evolving regulations while maintaining development agility. Topics are expected to include vulnerability disclosure management, software bill of materials (SBOM) requirements, risk assessment practices, and methods for demonstrating ongoing compliance.
The session aims to provide practical guidance for OEMs, Tier 1 suppliers, and mobility providers seeking to balance innovation with security obligations.
Understanding the Real Risks in Connected Vehicles
Finite State CEO and Founder Matt Wyckhouse highlighted the industry’s progress in addressing automotive cybersecurity challenges while emphasizing that significant work remains.
According to Wyckhouse, modern vehicles face many of the same cybersecurity risks as other connected products. Rather than a single point of failure, threats often emerge through a chain of weaknesses spanning multiple systems.
These vulnerabilities may exist in vehicle software, companion mobile applications, cloud infrastructure, third-party components, or supplier-provided technologies. Attackers increasingly exploit combinations of weaknesses to gain unauthorized access or disrupt operations.
Wyckhouse noted that the automotive industry has made meaningful advancements in several key areas, including secure software update mechanisms, improved engineering practices, coordinated vulnerability disclosure programs, software bills of materials, and cybersecurity standards designed specifically for automotive environments.
However, he emphasized that one of the greatest challenges remains maintaining accurate visibility into what software is actually deployed within vehicles. Organizations cannot effectively secure systems they do not fully understand, making comprehensive software inventory and analysis essential components of modern cybersecurity programs.
Demonstrating Practical Automotive Security Workflows
In addition to the keynote presentation, Finite State will conduct a series of live demonstrations during the Auto-ISAC Europe Cybersecurity Workshop. These demonstrations are designed to showcase practical, artifact-backed workflows that address some of the most pressing security challenges facing automotive organizations.
Unified Product Intelligence
One demonstration will focus on creating a unified view of vehicle software ecosystems. Automotive organizations often manage data from firmware, binaries, source code repositories, supplier submissions, and development environments.
Finite State’s approach aims to connect these disparate sources into a continuously updated system of record that accurately reflects what software is deployed across vehicle platforms and electronic control units.
This unified intelligence model can help organizations improve visibility, streamline investigations, and make more informed security decisions.
Exploitability-Based Vulnerability Prioritization
Security teams frequently struggle with vulnerability overload. Thousands of vulnerabilities may be reported, but only a fraction represent meaningful risk to deployed systems.
Finite State plans to demonstrate exploitability-based prioritization techniques that evaluate vulnerabilities within their operational context. Rather than treating every vulnerability equally, organizations can focus on those that are reachable, exploitable, and relevant to their specific vehicle architectures.
This approach helps reduce alert fatigue and enables teams to allocate resources more effectively.
Accelerating Impact Analysis for New Vulnerabilities
When a new Common Vulnerabilities and Exposures (CVE) entry is published, automotive organizations often face significant challenges determining whether their products are affected.
Finite State will demonstrate workflows that rapidly connect newly disclosed vulnerabilities to impacted vehicle platforms, software builds, and ECU variants. These capabilities can help teams move from vulnerability notification to impact assessment much faster than traditional manual approaches.
The process also supports consistent Vulnerability Exploitability eXchange (VEX) decisions and provides traceable documentation for security and compliance teams.
Design-to-Deployment Traceability
Another demonstration will focus on maintaining traceability throughout the software lifecycle.
Automotive manufacturers must increasingly show how security requirements, risk assessments, threat models, and architectural decisions connect to deployed software systems. As products evolve through updates and feature enhancements, maintaining this alignment becomes increasingly difficult.
Finite State’s traceability capabilities aim to bridge the gap between design-time security planning and operational deployment, ensuring that organizations can demonstrate how security considerations are implemented and maintained over time.
Continuous Compliance Reporting
Compliance reporting is another area where automation can deliver significant value.
Traditional compliance activities often involve extensive manual effort to generate reports, collect evidence, and validate documentation. As regulations evolve and software updates become more frequent, maintaining current compliance records becomes increasingly challenging.
Finite State plans to demonstrate automated generation of key cybersecurity artifacts, including software bills of materials, VEX documents, traceability reports, and audit-ready compliance outputs. These reports are designed to remain current across software releases, reducing administrative burdens while supporting regulatory readiness.
The Future of Automotive Cybersecurity
The automotive industry’s transition toward software-defined vehicles is expected to continue accelerating in the coming years. Emerging technologies such as artificial intelligence, autonomous driving systems, vehicle-to-everything (V2X) communications, and cloud-native services will further increase software complexity and expand the attack surface.
As a result, cybersecurity programs must evolve beyond traditional approaches and embrace continuous, data-driven security operations. Organizations will need greater visibility into their software supply chains, stronger collaboration with suppliers, and more sophisticated methods for prioritizing and mitigating risks.
Industry events such as the Auto-ISAC Europe Cybersecurity Workshop provide an important platform for sharing knowledge, discussing emerging threats, and exploring solutions that can help secure the future of connected mobility.
Through her keynote presentation, Sharon Hagi is expected to provide valuable insights into how automotive organizations can navigate these challenges, leverage AI-driven security capabilities, and establish resilient cybersecurity practices that support both innovation and regulatory compliance.
Attendees participating in the workshop will also have the opportunity to engage directly with Finite State experts, explore live demonstrations, and discuss strategies for strengthening security across increasingly complex vehicle software ecosystems.
As cyber threats continue to evolve and software-defined vehicles become the industry standard, the ability to understand, manage, and secure automotive software supply chains will remain a critical factor in ensuring the safety, reliability, and trustworthiness of next-generation mobility solutions.
Source Link:https://www.businesswire.com/
