The automotive industry’s rapid embrace of artificial intelligence (AI) has led to a significant increase in cyberattacks, according to Upstream’s 2026 Global Automotive and Smart Mobility Cybersecurity Report. Released on February 18, the report details a more than twofold rise in cybersecurity incidents targeting automotive and smart mobility organizations over the past year.
Upstream, a cybersecurity firm specializing in connected vehicles and smart mobility, noted that it has backing from major automotive players including Alliance Ventures, Volvo Group, BMW, and Hyundai Motor Group. The report highlights a troubling trend: ransom-related cyberattacks constituted 44% of all incidents in 2025, a stark increase from the previous year.
This surge in cyber threats comes on the heels of a notable cyberattack against Jaguar Land Rover in 2025, which incapacitated the company’s IT systems and triggered a global vehicle production halt lasting nearly 40 days. The report emphasizes that the emergence of software-defined vehicles has exacerbated vulnerabilities, with new avenues for potential cyberattacks continually opening.
According to Upstream, the rise in cybersecurity threats is being fueled by the rapid expansion of application programming interfaces (APIs) and AI-driven software architectures, as well as the growing sophistication of organized threat actors. The findings indicate a widening gap between the automotive industry’s cybersecurity measures and the capabilities of increasingly adept hackers, who are leveraging ransomware as the most disruptive threat.
The report analyzed 494 publicly reported cybersecurity incidents from the previous year and identified two primary trends. Firstly, AI-based architectures have significantly broadened the attack surface, introducing new entry points and systematic vulnerabilities throughout the entire ecosystem. Secondly, financially motivated groups are increasingly coordinating their efforts to target the automotive sector, resulting in a surge in ransomware attacks that could lead to billions of dollars in operational and economic losses.
Ransomware attacks are now encroaching beyond traditional IT systems, with incidents in mid-2025 highlighting attackers gaining access to remote vehicle command systems through a companion app. This allowed them to lock owners out by controlling vital functions such as ignition and door locks, subsequently demanding ransom payments to restore access to the vehicles.
The report reveals that 71% of cyberattacks originated from black hat actors, an increase from 65% in 2024. Furthermore, 92% of automotive attacks were executed remotely, with 86% of these incidents requiring no physical proximity to the vehicles or systems. Notably, 67% of incidents exploited telematics and cloud systems, where APIs played a significant role in facilitating many of the attacks.
Data and privacy breaches were involved in 68% of incidents, with 34% focused on disrupting business operations. The potential impact of these incidents is alarming, as 61% had the capability to affect thousands or even millions of mobility assets, with 20% classified as large-scale events.
While the automotive sector’s move toward AI has heightened cybersecurity risks, it also offers faster response capabilities to attacks. Yoav Levy, Upstream’s co-founder and CEO, emphasized that AI is enabling both attackers and defenders to operate at greater speed and scale. “AI significantly expands the cybersecurity attack surface,” Levy noted, stressing that traditional perimeter defenses are no longer adequate in this dynamic landscape.
Analysts are increasingly concerned about the implications of AI for the automotive industry. Andrei Quinn-Barabanov, supply chain industry practice lead at Moody’s Analytics, pointed out that many small suppliers may lack the resources to implement advanced cybersecurity measures. He suggested a disciplined approach to sharing sensitive information with vulnerable suppliers as a way to mitigate risks.
Eric Greaser, vice-president at Moody’s Ratings, echoed these concerns, predicting that AI could soon enable malware that rewrites its own code and exploits previously unknown vulnerabilities. “The use of AI to automate vulnerability discovery is a growing concern,” Greaser said, highlighting the potential for attackers to scan networks for flaws at a pace that outstrips defenders’ remediation efforts.
As of December 2025, Moody’s Ratings reported that the automotive sector had the highest percentage of issuers experiencing a cyber incident within the last 24 months. This underscores the uneven implementation of critical cyber controls and the persistent vulnerabilities within the supply chain, signaling an urgent need for enhanced cybersecurity measures across the industry.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
