AI Excites and Scares Cybersecurity Professionals at WCX

April 27, 2026

Roberto Baldwin

It's not difficult to find warnings about the dangers of AI. The recent news that Anthropic's new AI tool is too dangerous for the public due to its alleged hacking capabilities should be of concern to every company making software. That includes automakers. Software has been part of the vehicles in our driveways for decades. In the past few years, even more so, with the push for Software-Defined Vehicles (SDV).

At SAE's 2026 WCX conference, a group of cybersecurity professionals from the vehicle industry discussed what AI and SDVs mean for current and future vehicles and how their jobs are about to get simultaneously easier and more difficult.

The AI Threat

In the cybersecurity world, to test systems, researchers split up into two teams. The red team is the attack team, while the blue team is the defense team. For companies looking to secure their systems, they'll typically hire a red team to pen test (penetration test) their setup in a variety of ways to make sure that they've covered their bases as best they can from intrusions.

In the real world, nefarious actors, like these pen testers, will use a variety of strategies to get into a company, including social engineering. The late security researcher Kevin Mitnik once told me that when social engineering is available, his company, Mitnik Security, always gets into a system.

Now there's a new threat, AI. "I'm particularly passionate about, concerned about AI. We've all seen the news of Anthropic. If that doesn't make you nervous as a cyber person, I don't know what does," John Krzeszewski, cybersecurity & functional safety senior engineering specialist at Brunswick, told the audience. He continued, "I think what's going to happen is we're going to see attacks much more prevalent, so it's going to be a lot more challenging."

What Krzeszewski and others on the panel agreed on is that AI tools allow those without deep hacking skills to create attacks. The panel also noted that many of these systems will be defended by AI.

Louis Nguyen, team lead for cybersecurity FEV said that previously, there was a level of expertise needed to launch an attack on a vehicle or automaker. Now with AI, with just a cursory amount of expertise in the automotive world or EV architecture, they can use an AI agent to become a multiple subject expert to launch an attack. "AI is going to lower the entry point for a lot of attackers," Nguyen said.

The issue becomes important as automakers begin their migration to the next platform.

SDVs: A better or worse for security?

Software-defined vehicles will take a complex mishmash of computers and SOCs (systems on chips) and move them to a more robust architecture that's controlled by maybe a few powerful computers handling everything. It will save automakers money on development, hardware (fewer wires), and production. But it also gives nefarious actors a more focused target.

"Does SDVs introduce more risk? Yes, by just exposing more surface area of the vehicle to every domain. So you can get access to ADAS, you can get access to all these different systems in the vehicle," Wills Frantz, senior director of software release and OTA updates at Ford, told the audience. Frantz continued, "but it also creates the opportunity to have a strong control plane that we just don't have in a domain-based architecture today, where there's a lot of fragmentation of the implementation across different domains. That doesn't create a lot of control within the system of the vehicle."

Hojun Choi, Hyundai senior manager, agreed and elaborated that the upside is that with the over-the-air updates available on SDVs, a fix can be deployed quickly and without the need for a vehicle to go to a shop to fix critical software issues.

"I think that when you when you know the spots you have to focus on, it's much easier to apply your limited resources to securing that system," Victor Murray, assistant director at Southwest Research Institute, said.

But the move could lead to increased attacks, according to Murray. "There were 400 attacks on vehicles, which is an incredibly small number. There's millions of vehicles produced only 400 attacks. But when you're moving towards Software Defined vehicles, the vehicle starts to look more like an IT server. This opens it up to a whole new group of attackers. You're going to see a parabolic increase in attacks on vehicles."

Murray continued, "But we will also have better defenses. I think it's a net positive, but it's something we need to stay focused on and be vigilant and continue to invest in."