Cyberattacks between 2022 and 2024 caused tens of billions of dollars in damages. Automotive vulnerabilities reached record highs in 2024, with over 77 percent found in onboard vehicle systems, underscoring the urgent need for stronger security measures.
The report identifies several emerging risks. Artificial intelligence, while improving in-car features, has introduced new attack surfaces like prompt injection vulnerabilities and compromised training data.
The rapid growth of electric vehicles (EVs) has revealed flaws in charging infrastructure, including outdated communication protocols and insecure payment systems that could impact both vehicles and power grids. Cybercriminals are increasingly using dark-web forums to exchange stolen vehicle data and advanced hacking techniques, posing new risks for automakers and consumers.
A ransomware attack in June 2024 on a dealership software provider disrupted operations at over 15,000 North American dealerships, exposing weaknesses in the supply chain. The report notes that 530 automotive-related vulnerabilities were identified in 2024 alone, nearly double the number recorded in 2019.
Security experts at Pwn2Own Automotive 2025, a global hacking competition, discovered 49 unique zero-day vulnerabilities, mainly in in-vehicle infotainment (IVI) systems and EV-charging networks. Large language models (LLMs) used in AI-powered vehicle systems have also become prime targets for cybercriminals due to their reliance on sensitive enterprise data.
One of the most disruptive incidents occurred in June 2024, when a ransomware attack on a dealership software provider rippled across the industry, affecting more than 15,000 dealerships across North America. The attack underscored the fragility of the automotive sector’s digital backbone, where a single compromised supplier can cause widespread operational paralysis.
An analysis of underground criminal networks suggests that such attacks are only becoming more sophisticated. The findings indicate a shift from isolated, manual hacks—once the domain of car modification enthusiasts—to broader, systemic threats such as identity theft and remote vehicle manipulation.
At the same time, security researchers are documenting an accelerating rise in vulnerabilities across automotive systems. In 2024, the number of automotive-related software vulnerabilities, known as CVEs (Common Vulnerabilities and Exposures), climbed to 530—nearly double the total recorded in 2019. While earlier security flaws often stemmed from hardware-related issues, the latest vulnerabilities are increasingly concentrated in in-vehicle infotainment (IVI) platforms, operating systems, and electric vehicle (EV) charging infrastructure.
The severity of these threats was underscored at Pwn2Own Automotive 2025, an elite cybersecurity competition held in Tokyo in January. Over the course of three days, security researchers from 13 countries uncovered 49 previously unknown vulnerabilities, with the majority affecting IVI and EV charging systems.
AI and LLM are introducing a host of operational, financial and strategic risks that industry leaders are scrambling to address.
A September 2024 white paper from the U.S. Department of Transportation, Understanding AI Risks in Transportation, warns that AI-enabled systems are vulnerable to misuse and abuse at various stages of their lifecycle. “AI-enabled systems may encounter misuse and abuse throughout their lifecycle due to factors such as over- or under-utilization, operating outside of operational envelopes, and malice,” the report states. The role of humans in these systems, it adds, can either exacerbate vulnerabilities or serve as a safeguard against them.
Among the most pressing concerns is the security of large language models (LLMs), the backbone of generative AI. These models rely on vast amounts of enterprise data and self-learning mechanisms that can be difficult to control—making them an attractive target for cybercriminals. Risks such as unsecure plug-in designs, flawed output handling, and adversarial attacks highlight the challenges of integrating AI safely into the automotive industry.
Beyond operational threats, automakers also face deeper strategic and financial risks. The widespread use of AI is reshaping governance structures, raising questions about liability and risk management, and even challenging traditional brand identities. As the industry navigates this seismic shift, one thing is clear: the road to AI-driven innovation comes with its own set of hazards.
As the automotive industry races toward an era of software-defined vehicles, the growing attack surface raises urgent questions about how automakers, suppliers, and regulators will confront a challenge that is no longer theoretical—but increasingly inevitable.
Download “Shifting Gears: VicOne 2025 Automotive Cybersecurity Report.”