This year’s competition attracted cybersecurity experts from 13 countries, who successfully discovered 49 zero-day vulnerabilities across systems integral to the future of mobility, including in-vehicle infotainment (IVI) systems and electric vehicle (EV) chargers. Sina Kheirkhah of Summoning Team claimed the title of Master of Pwn for 2025.
“As software-defined vehicles (SDVs) revolutionize the automotive industry, cybersecurity becomes paramount to ensuring safety and reliability,” said Max Cheng, CEO of VicOne. “Initiatives like Pwn2Own Automotive are critical to identifying and mitigating risks before they escalate, setting a new standard for vehicle security.”
The rapid evolution of the automotive industry—driven by advancements in SDVs, artificial intelligence, and over-the-air (OTA) updates—has expanded the attack surface for cyber threats. According to VicOne’s forthcoming 2025 annual report, the number of automotive-related vulnerabilities nearly doubled from 2019, reaching 530 reported cases in 2024. Cyberattacks on the industry last year caused damages exceeding $22 billion, with $20 billion stemming from data breaches and personal information leaks. Suppliers and dealers bore the brunt of these attacks, underscoring the need for robust security measures across the supply chain.
Showcasing Solutions at Automotive World 2025
At Automotive World, a global stage for cutting-edge automotive technologies featuring over 1,800 companies, VicOne unveiled several innovations designed to safeguard the connected-car ecosystem:
- xZETA: A solution addressing software bill of materials (SBOM) management and zero-day vulnerabilities.
- Smart Cockpit Protection: AI-powered security to protect against data breaches and AI-targeted attacks in advanced vehicle interfaces.
- xCarbon: Real-time vehicle data analysis using edge AI, enabling early detection of cyberattacks and electronic control unit (ECU) malfunctions.
- xNexus: A Vehicle Security Operations Center (VSOC) platform offering comprehensive threat monitoring and response.
- Penetration Testing xScope: Advanced vulnerability analysis and customized remediation recommendations.
VicOne emphasized its collaborative approach, working with original equipment manufacturers (OEMs), hardware suppliers, and semiconductor vendors to fortify the automotive cybersecurity landscape.
The Road Ahead
The rising tide of supply chain vulnerabilities, ransomware, and emerging threats like AI manipulation and cloud-based attacks calls for an industry-wide shift toward a security-first mindset. “Proactive collaboration and innovation are essential for securing the future of mobility,” Cheng stated.