“We’re Number One!” - Why VicOne Is Creating an ‘Automotive Security Arena

2026 Master of Pwn winner, Fuzzware.io. From left: Dustin Childs, Head of Threat Awareness at TrendAI ZDI; Max Cheng, CEO of VicOne; and Brian Gorenc, Vice President of Threat Research at TrendAI ZDI.  

In-vehicle AI as a new variable, an expanding attack surface that now includes SDV regulations, supply chains, and charging infrastructure - and the reality that this shift is no longer about discovering vulnerabilities, but about the speed of response. At Automotive World 2026, VicOne guided us through this changing landscape. What followed was not a simple technology briefing, but a process of verifying the basis behind CEO Max Cheng’s bold declaration: “We’re number one.”

By Sang Min Han _ han@autoelectronics.co.kr
한글로보기





“So you’ve landed a major Japanese OEM?”
It was a question I posed during our final exchange, after hearing their “number one” declaration. I didn’t receive a definitive answer - but in Japan, a “major OEM” is almost synonymous with conservative validation and procurement processes. If VicOne truly crossed that threshold, then the “number one” claim can’t be dismissed as mere bravado.
Throughout his explanation of security risks, market shifts, and technology roadmaps, Max Cheng’s message never wavered.
“VicOne is just over three years old, but we’ve already become a global leader in automotive cybersecurity solutions.”
If that were empty talk, customers would have turned away long ago. Automotive security is a field where results are determined not by words, but by real-world deployment and repeatable execution. Today’s vehicle is no longer a simple collection of ECUs. Conversational AI lives inside the car, charging infrastructure connects it to the outside world, and the supply chain is filled with third-party software and models. The attack surface is expanding, patches are slow, and responsibility is becoming increasingly complex.
So where does his confidence come from? Or more precisely: if it’s true, where is that truth proven?
Max did not frame growth merely as service delivery. Instead, he pointed to tightening regulations, rising customer demands, and continuous solution innovation required to keep up. He mentioned figures such as more than 200% year-over-year growth - but he didn’t lean on numbers. He started with a more fundamental reality: as vulnerabilities increase, attacks inevitably follow, and industry pressure converges on one imperative - mitigation.
What remains is to identify exactly what automotive security is fighting today.




Masaki Hara, Head of Technology at VicOne, explains the security implications of the Physical AI era at Automotive World 2026.



The Car as the First Mass-Deployed Physical AI

The person who structured this understanding was Masaki Hara, VicOne’s Head of Technology. After Max elevated “Physical AI” as the key theme of the day, Hara broke down what that term means in real-world automotive security through five distinct tracks.
These five tracks were not a table of contents, but coordinates - showing where automotive security is heading and why 대응 is no longer about one-time patches, but about continuous management, proof, and response speed.
The first track was in-vehicle AI. Once generative AI enters the vehicle, inputs open up through natural language, images, and conversational interfaces. From that moment, traditional approaches - blocking specific inputs or relying on simple filters - are no longer sufficient. The question Hara posed was direct:
“How do we defend agentic AI operating at the edge?”
He then pushed the issue further into the supply chain. Once models come from multiple vendors and fine-tuning enters the picture, the question shifts to responsibility: Who owns it? When is it executed? Is the final output truly safe? Hara wrapped this into a single conclusion:
“AI must be redesigned from a lifecycle management perspective.”
In other words, AI is no longer a feature - it’s an ongoing responsibility.
At this point, Akinobu Oda, Country Manager, grounded the discussion in productization. He argued that in-vehicle AI security ultimately converges on one question: what do you inspect, and what do you control?
“We first check the prompt to determine whether it’s malicious, and then we inspect the AI-generated output to decide whether it’s safe to deliver to the user.”
The key takeaway: AI inputs and outputs are the new attack surfaces. And this doesn’t stop inside the vehicle. The same pattern extends outward - to infrastructure and other physical systems.
Oda also highlighted an interesting divergence: automotive and robotics expanding in opposite directions. Tesla moves from cars to robotics; Honda from robotics to cars. The directions differ, but the technological overlap makes both possible. And crucially, that overlap opens first through regulation, not markets. Security design, vulnerability disclosure, update responsibility, and proof of response - requirements first imposed on cars - are now spilling over into robotics.

Vulnerabilities Are About “Time Left,” Not “Discovery”

The second track focused on vulnerabilities and regulation. In an SDV world, software composition analysis (SCA) becomes a baseline requirement, and identifying, tracking, and sharing vulnerability information turns into a constant obligation. Hara cited Linux kernel vulnerabilities as an example, emphasizing that these risks are no longer confined to servers - they extend directly into automotive software stacks such as Automotive Grade Linux.
But his focus wasn’t on where vulnerabilities exist - it was on how long they remain. Unlike servers, vehicles respond slowly. Patches are delayed, deployments are difficult, and regulations and validation processes are tightly interwoven.
“Compared to server-side responses, vehicle-side responses take much longer. That means vulnerabilities remain in the environment for extended periods.”
Hara referred to these as “invisible vulnerabilities” - zero-days, or CVEs that exist without full disclosure, lingering in a waiting state. What matters most is response speed once details become public. Organizations that move only after disclosure fall behind those already prepared with mitigation and patch plans. Ultimately, vulnerability response becomes not a matter of knowledge, but of state of readiness.
Oda widened the frame further. As cybersecurity and software update regulations (such as UNECE R155/R156) become baseline requirements in Europe, and AI regulatory frameworks begin to overlap, security shifts from an option to a prerequisite. And once it becomes a requirement, competition is no longer about owning technology - it’s about responsibility allocation, evidence, and response speed.



EV Chargers: An Interface That Can Lead to Physical Accidents

The third track was EV charging. Hara noted that this topic surfaced last year and remains just as relevant this year. The reason is clear: chargers are network-connected, directly interface with vehicles, and if compromised, can lead to physical risks - overheating and even fires.
Crucially, compliance does not equal safety. Even standards-compliant systems can have zero-days. Compliance is the starting line, not the finish. Once chargers become part of the attack surface, security expands beyond the vehicle itself into the entire connected ecosystem - charging networks, backends, and protocol tools.



Ransomware Doesn’t Stop Cars - It Stops Production Lines

The fourth track was ransomware. Hara cautioned that while ransomware may not directly target vehicle vulnerabilities, it can bring production lines to a halt if automotive companies are attacked. Ransomware is not a hacking incident - it’s a business continuity risk. Defending only the vehicle is insufficient; the entire supply chain must be covered.
This hits especially hard for traditional OEMs, where security responsibilities are often fragmented across organizations and decision-making is slow. Ransomware doesn’t wait for alignment. It undermines business continuity before technology teams can react.



Old Attacks Are Still Entry Points

The fifth track focused on in-vehicle networks and protocols: CAN injection, hard-coded seeds, intrusion via guest Wi-Fi. The frightening part is that none of this is new. The fact that old attacks still work means many systems remain open in the same ways.
Hara emphasized two fundamentals. First, endpoint detection that spans ECUs, domains, and gateways. Second, control and management of cryptographic keys. He pointed out that once seed-key mechanisms used in diagnostics and access authentication are hard-coded, they become entry points for attackers. When basics are postponed, expanded attack surfaces open far more easily.







Pwn2Own Automotive:
Turning Vulnerabilities into Industry Learning

Max’s “number one” claim cannot be sustained by customer lists or growth rates alone. To be accepted by the industry, it must be proven in how vulnerabilities are discovered, disclosed, and fixed - in the speed of learning.
That’s where Pwn2Own Automotive, operated by Trend Micro’s Zero Day Initiative, comes in. Held annually at Automotive World, it pits real targets - vehicles, IVI systems, EV chargers, charging protocol tools, and operating systems - against white-hat hackers in a public zero-day competition. What matters is not who gets breached, but what the industry learns.
White-hat hackers turn vulnerabilities into tangible outcomes, while the program connects them to responsible disclosure and patch preparation. Automotive security becomes field validation, not just documentation.
Attitudes toward external validation also reveal company character. When asked how important white-hat hackers are to OEMs, Max didn’t rank Tesla, Chinese OEMs, and traditional OEMs outright - but his direction was clear. Some treat security as a strategic asset and mobilize resources proactively; others focus on compliance first and react only after issues surface. The difference lies less in technology than in organizational speed and accountability.
Pwn2Own is not a hacker show - it’s a mechanism by which the industry invites attacks, measures attack surfaces, and feeds results back into improvement loops. The inclusion of chargers as targets symbolizes how security has expanded beyond the vehicle into charging networks, backends, and protocol ecosystems (including OCPP tools).




Akinobu Oda (left), Country Manager, and Max Cheng, CEO.



Is VicOne Number One?

The question “Is VicOne number one?” is not about boasting numbers. Max pointed to strengths beyond threat intelligence depth - namely lightweight integration and long-term support suited to resource-constrained, long-lifecycle environments like automotive and robotics.
“We’re number one.”
For that statement to be real, it requires acknowledging the pace at which vulnerabilities increase - and taking responsibility for running the discover → deliver → fix loop just as fast. What VicOne demonstrated at Automotive World 2026 was not only a method that makes this possible, but an arena in which the industry itself can verify it.


 

AEM(오토모티브일렉트로닉스매거진)

---