William Dalton of VicOne

00:00 Introduction to Vehicle Cybersecurity

Today in The Garage, we’re recording live at AutoTech Detroit with VicOne. VicOne is the automotive subsidiary of cybersecurity leader Trend Micro. In today’s master class in vehicle cybersecurity, we talk about the nature of cybersecurity threats to vehicles, how SDVs can improve the landscape of cyber threats. We talk about incredibly unique programs that VicOne and Trend Micro use to help companies find zero day threats to, their products and their vehicles, and even how AI is a double-edged sword in cybersecurity.

Let’s go.

00:45 Guest Introduction

Welcome to The Garage. I’m John Heinlein, chief marketing officer with Sonatus. We’re recording live at AutoTech in Detroit, and our guest today is William Dalton from VicOne.

Willy, welcome to the garage. Great to be here. We’re so excited to to meet you and to, have you on the podcast. Start by introducing yourself.

Tell us about you and your background. Yeah. My name is William Dalton. Delighted to be here in, AutoTech this week and, speaking with you guys.

My background is is, varied. I started out in, as an engineer, a software programmer. I did that for seven years in the contract electronic manufacturing space. And, over that time, we built up manufacturing control systems.

And then I joined Trend Micro, in 2004 as a database administrator. Well, now almost more than twenty years ago. Yeah. More than twenty years ago.

And, almost every year or every two years, I’ve changed roles some some some shape or form. And, started out in engineering side, got into technical management, started working on some global projects who with our CEO now, Max Cheng, in VicOne. And, every two years, changed roles from technical to operational to business roles, over that twenty-year span. And, two and a half years ago, I had the opportunity to go work with Max on, VicOne, which is a subsidiary company, from Trend Micro to focus on solving problems within the automotive sector.

That’s great. We’ll talk more about VicOne in a second, but you have to start us off with a fun fact about you. Sure. I’m not it’s really fun.

I think a lot of people do it these days, but I do brew my own beer, which is not probably, strange for a person from Ireland. But I have my own pub, and I actually upcycle. So every time there’s something to be thrown out, I try to find a way to use that. And I’ve, over the years, I’ve accumulated different, elements to the pub.

Some being a bed, some being a piece of scrap furniture. And it’s it’s a collection of…it’s a misfit in some ways. And, I have my friends over regularly.

And, as a consequence, I needed to find a way to produce beer cheaper, a good conversation piece, and actually learn something along the way. So, yeah, a little bit of fun fact about me. You you were showing us pictures of that, and and so it sounds when you talk about upcycling, people can’t quite visualize. But if you if you share us a picture, we’ll put it in the episode so people can see it.

It’s a it’s a brilliant woodworking, beautiful space that anyone would be jealous of. I’ve shared this, the derivative of this fun fact earlier in the year, but I have to use it again, is that I when I had a job in Oregon in the US many years ago, I learned to brew beer. And so I did some home brewing for quite a few years, and it’s good fun because there’s a bit of science. Right?

There’s a lot of mistakes. Yeah. A lot of mistakes. The good part about about brewing versus distilling, which is illegal in most places, but is you can’t kill yourself.

It will just taste bad. It will taste bad. Yeah. Distilling, you can kill yourself if you… my friends are still alive.

Exactly. But they had a couple of rough sessions.

Very good. Very good.

03:49 Background of VicOne

Great. So tell us about VicOne, the company’s origins, and what you focus on.

So VicOne is, is been incorporated since May 2022, but on the back of many years of research, which Trend Micro has been doing within the automotive sector. And one of the findings, you know, back in 2017 when they started to do this research, they realized that the cybersecurity challenges, especially with the advent of SDV, electrification, change in regulation, that the the way to solve cybersecurity issues in the automotive sector is very different than the enterprise domain. Right. And they made a conscious decision to invest in that sector to create a separate company that had that operates at a different speed, has a different level of engagement with customers, and actually delivers a different product set.

So we created a whole series of, you know, true market analysis, working with different, proof of concepts, proof of values, with different customer profiles to actually build out a set of solutions ready for the automotive sector. And then we we launched that in May 2022. And over that period, we’ve had phenomenal growth in regards to product changes, adaptions in line with customer. Because there’s an element of co-design always with this.

Sure. Whether that’s embedded in the vehicle or whether that’s off-board, or whether that’s integrated with the process or our operation practice or with your regulatory regulatory, demands or requirements. So there’s there’s a very bespoke approach in general. And, on the back of bringing those products to market, we’ve had a huge number of partnerships.

Everything, you know, from the SDV space to, onboard to offboard systems, but also solution, solution providers in regards to providing a wide array of capabilities depending on the needs of customers. So it’s been a fun fun ride and, high velocity. Right. And, very interesting journey so far understanding customer problems and solving them.

That’s great.

05:42 Transition to Software-Defined Vehicles

So, you know, people we talk about SDV and vehicle software in this podcast a lot. And when I talk to customers, when I talk to industry folks, there’s sometimes a hesitancy in some sense to shift to SDV, feeling like that increased software is going to cause a greater attack surface. I think that’s true.

What’s your perspective on, on that on the shift to SDV and cybersecurity? It’s something that’s gonna happen regardless. We’ve seen it in the enterprise space. We’ve seen software-defined networking, software-defined WAN, software-defined data center, software-defined storage.

Everything is becoming software defined. Software is eating everything up. And the reason that is is, obviously, that brings a huge amount of efficiencies in regards to software delivery cycles, software delivery mechanisms, the frequency, and the iterations that you can update your products and keep them safe, or or add more functionality, add add a cost profile that make that makes sense. So it’s very ephemeral in use case.

Right? So depending on what you need at the time, you use the resources that you require to sustain or to satisfy those requirements. So it’s a lot more cost effective in a lot of ways. So it’s going to happen.

It’s and and what you see now, the demands in the electrical vehicle, is it requires regular software updates, you know, for a change in. And and actually this change in architecture, allows the ability to actually, once the car is post production, to actually bring new changes into the vehicle. And that requires a fundamental shift from the traditional way of delivering software or where there’s a lot of software hardware coupling. In this case, you’re abstracting a lot of software where actually it’s working independently and then and then you have an abstraction layer to the hardware.

So the the advantages that provides not only to automakers but consumers is is huge, and this is what they’ll demand. So it’s going be consumer driven. That’s a really interesting point you make about, the ability to update because a number of the most famous vehicle hacks, you know, the Jeep Cherokee hack, and people many know about many of these. Those are not software-defined vehicles.

Those are conventional vehicles. So you say, oh god. If I do a software defined vehicle, it’ll be hackable. Well, conventional vehicles are hackable, but it’s a hell of a lot harder to fix a non-software-defined vehicle.

With a software defined vehicle, you can make improvements. You can make patches. You can respond to those threats much more quickly. So I think that’s a misperception from some people that SDVs, while there is potentially an increased attack surface, there’s also an increased ability to respond to attacks more quickly.

That’s one of the things your company does.

Correct.

08:08 Cybersecurity in Software-Defined Vehicles

Yeah. I mean, we’ve we’ve successfully demonstrated with a a partner of ours at CES where they actually, were able to remotely update the…flash

the car…and actually, up and mitigate a risk. So, you know, this is, this is real. It’s, and I guess back to your point, you know, the traditional vehicles, the the attacks that we see, they’re they’re the same type of attacks that we see in in the enterprise space.

It’s the same type of vulnerabilities. It’s the same type of issues that we see. So they they’re they’re still, at a chip level. They’re at at software level.

They’re, not patched systems, access management not managed correctly. So it’s the same type of issues that we’re seeing in the enterprise space, actually, in the vehicle space as well. And that’s no different to whether they’re software defined or traditional. Okay.

Okay.

08:59 Deployment of Cybersecurity Solutions

So now when you deploy your solutions, are these deployed in the cloud, in the vehicle, a combination? Tell us about that. So they’re across the board.

So we we do onboard and off-board. And we think this is really, necessary because if you’re just doing offboard, it means the point where the car is disconnected from the cloud, which will happen in attack because that will be one of the steps that they will take, you’re you’ve lost control. And, by having the solutions embedded in the vehicle, you can actually maintain some level of control to mitigate against those attacks. So we would have, our IDS solution.

We call it xCarbon. IDS is intrusion detection system. Intrusion detection. IDPS, actually. Great. Intrusion detection and prevention mechanisms.

Great. So we’ve we’ve technology, which we’ve brought from Trend. And one of the points I mentioned earlier when we when we came from Trend is three distinct elements which we brought, IP, talent, and, strategic financial independence. And some of that IP is IDPS technology, which has been running in the enterprise data centers for many years.

And this is really this is wireframe, inline protection, deep packet inspection of every packet inspecting every packet in order to data center for the largest multinationals and even automakers in the industry. I think we’ve topped eight of the top ten automakers using our IDPS technology in the data center. And this technology has been running for many years, and we’ve adapted some of that into the vehicles. So if we want to, you know, act network layer or the CAN layer, or you want to look at the host level, you can actually look at all the different types of attacks in the vehicle.

So if you look at anomalous behavior, if you’re looking at different signals that are happening in the vehicle to identify the different TTPs or the tools, techniques, or or practices that have been applied by the threat actors, you can actually mitigate and shut them down in the vehicle. So sometimes decisions in the vehicle make sense, but sometimes decisions off-board make sense. So if you wanna look at a macro situation around attacks against multi vehicles, you can’t do that with a side vehicle. Right.

So you need a combination of these two. And and, we have, as I said, we have our intrusion detection mechanism that it’s it’s in the vehicle to report on those, to to send them off-board. And we have our IDPS, we actually can make those decisions in the vehicle as well. And, we have, the capability to apply, rule sets or pack, patches to the vehicle where you don’t need to go through that whole software testing and validation process.

You can actually mitigate it before you actually, if you want to we call it like a “band aid” solution. So you put the band aid in place to give you enough time to actually go through the test and verification process. Right. Interim mitigation solution.

Exactly. And, the off-board side then, if again, if you need to look at macro- level decisions, then that would be typically done in our our vehicle SOC, xNexus, which takes, you know, telemetry from the vehicle. It it could take all the different, signals. But, typically, what we do is we only send information that’s necessary.

So one of the challenges that with OEMs right now is that they’re fighting this battle of, tell sending all this information off-board, which costs a lot of money because they need to basically send everything and then use AI modeling in the off- board system then to try to figure out figure out the noise. What we do is we do that onboard. Right. And, actually, we only send what’s relevant then off-board.

So that cuts down on cost, cuts down on operation time in in for the analyst that’s actually dealing with those. And, when we augment that then with our threat capabilities, we we have a huge heritage in the threat landscape, and we actually build that into our solutions as well. So we then overlay the threat information. So, basically, something that we see happening in the wild.

Some threat actors are doing something nefarious. We then augment that against the vehicle data plus feeds from vulnerability management. So when we look at the supply chain, assets are the vehicle architecture. We then cross correlate the threat against the asset, against this the the information that we see in the vehicle, and it gives us a full view of what’s happening across the board.

And then we can put the right, mechanisms in place then to protect, against those, situations. And we provide that information then to the VSOC analyst, and then they they package that up then to hand off then into the PSIRT team then that would basically, mitigate that and actually put a a long term fix. And that’s that’s basically how we do Just just for the the benefit or, I guess, VSOC is vehicle security operation center, usually operated by the OEM. Yeah.

Someone who’s monitoring the threats from their Yeah. You it can be a vehicle SOC or you can call it product SOC. Mhmm. So depending which side of the organization, if it’s more on the IT side, it’s more typically called VSOC.

If it’s on the product security side, It was like a a product security operations center. Or you can also call it like a cross-detection response system Right. Which basically takes, different feeds from different systems and then, integrate them with the operation practice within the within the OEM. That’s fantastic.

This is becoming a master class in cybersecurity. Wonderful. I’ll just stop there. We also have solutions for EVSE protection.

So for the, vehicle charging, we know that’s another attack path. So whether it’s over the air, whether it’s through the vehicle, charging side, whether it’s through the cloud back end, whether it’s through the API layer, whether it’s through the IVI system, whether it’s on the vehicle itself, the attack surface is is exploded. And then you’re introducing a lot of new technologies as well. Right?

So you’re taking your you do the we talk about SDV and the abstraction that’s happening. We use a consolidated architecture onto the domain controllers of the zone controllers, and then you see abstraction of workload and segregation of workload. Right. So you get the introduction of, you know, hypervisors, container security, and these all bring additional, challenges as well.

And that brings the that’s why I talk about the traditional, challenges around security into the vehicle now. And that’s where you get this perfect storm. Traditional, like, hardware, software embedded, together with the SDV and the technology that’s required to make that happen. And it’s it’s an opportunity that’s ripe for somebody to take advantage of.

14:55 Integration of Cybersecurity Solutions

So you talked about, sometimes your solutions run-in the cloud, sometimes you run-in the vehicle. Speaking to in the vehicle now for a moment, what sorts of resources do you… where do you run-in the vehicle? What sorts of resources do you use? So we would go through a design discussion with whether it’s an OEM or tier one, in regards to what’s the best place to do it.

So it depends really on the architecture. Some of their architecture are all varied. Typically, you would see something at the TCU. You would see something maybe at the ADAS system, maybe in the IVI side.

So we would then, you know, work with the, the vendor, to figure out what is the most optimal way to do that. That typically takes well, and we we have a lot of, partnerships already developed with, some of the major chip manufacturers to pre integrate. So, so I’ll give an example, NXP. We’ve integrated with their GoldBox solution.

And, basically, that can speed up the time to market for for tier ones and OEMs to to deploy and utilize some of the hardware acceleration features. Some sometimes are actually cut down on the integration work. Typically, this is a very quick process for us. We turn around, even in, let’s say it’s a new architecture or a new chip manufacturer that we want to, or SOC, we can turn this around in two to three weeks.

It’s really a great process. And then, obviously, the integration process takes a little bit longer when you work with them, but the validation of that is really, really quick. And, so, yeah, that’s that’s, that’s how we work with OEMs and embedded. And then, I missed some of the question…

The question is resources. Oh, yeah. Okay. We have a very low footprint. This is one of our unique differentiation points against some of the, other players in this space.

We really only use the minimum set of resources to run that workload, and that can then, run at the application there. But it also can integrate with some of the hardware capabilities of the chip. So, again, I use NXP as an example. Let’s say they have a NPU, which they do.

And, if you want to do things like, for example, packet inspection and you wanna do that at wire speed, then there’s ability to utilize maybe some of the memory space within there to actually, do that at fast speed where some of you might offset. So we we have the, ability to utilize some of the hardware capabilities for specific requirements. But as I said, this is all down to each individual use case and actually their security requirements, from their service security team. That’s an important point.

And Sonatus does this as well. We have, for example, a partnership with NXP, and we’re in production with them. And we’re using specific capabilities like, packet acceleration, packet forwarding acceleration, and so using the resources of whatever chip vendor or whatever ECU you’re on is really smart. So we were

talking yesterday, and you you

17:36 Pwn2Own

have this incredible program between yourselves and Trend Micro to help companies identify zero day threats in their products.

Tell us about this program. It’s a really incredible . Yeah. It’s, story. It’s called Pwn2Own, and we’ve we’ve been the first dedicated Pwn2Own for automotive since, last two years.

And we run that successfully now for the last two years in Japan and Tokyo every January. And it’s, it’s really successful, for automotive. But I’ll give us a little bit of history on on Pwn2Own itself. So, basically, it’s about bounty program that incentivize the best ethical hackers in the world.

White hat hackers. Yeah. Yeah. The good guys. Yeah. And, basically, to compete to identify zero -day vulnerabilities.

18:23 Understanding Zero-Day Vulnerabilities

Maybe for our guest, you could explain what a zero-day threat is. Zero-day vulnerability is a vulnerability that there’s there’s the zero represents the time to patch, which is you need to do it right now because these have never been seen before. Yeah. So these are novel threats, novel weaknesses that, vulnerabilities that haven’t been identified before.

And either by the vendor, by the public, at large. And as long as that time, time from zero exists, they’re they’re exploitable. And, it’s in everyone’s interest to reduce that time as much as possible and patch the and and mitigate the risk as much as possible. So that’s the term zero-day.

So we we’re not we’re for the Pwn2Own event so the ZDI group, zero day initiative, they they do a bug bounty program where they purchase exploits in general. But the Pwn2Own event is about identifying zero-day exploits. And we’ve been running this successfully since 2007, I think. So it’s over many, many years in Trend Micro, and then more recently with VicOne for for Pwn2Own Automotive.

And, as I said, it’s really the best of the best. To give an example, last year, we had forty nine zero days identified in three days. So when you think about, comparing that against the general industry, there was thirty eight, zero days identified across the entire automotive sector in the entire year. In just three days with highly motivated, highly skilled, highly incentivized, individuals, in a controlled environment that can actually identify that many vulnerabilities, you can infer from that a couple of things.

Number one, there’s a lot of low hanging fruit out there in regards to and and actually, we’ve seen that from the results, very, traditional type, risks that we see and and exploits that have been used.

20:14 Pwn2Own Competition Approach

The second one is that it’s kind of a wake up call is that when eventually, what will happen is two things will happen at the same time and will will be a a dramatic change for the industry. Number one is that the technical barrier of entry for we’re bad actors to take advantage of will become lower. And we we already kind of see that in some ways.

But the probably the one that’s more compelling is once they figure out a monetization opportunity, then that’s where it’ll really change the game. Alright? So one of the, again, just just to kinda bring the story back a little bit for Pwn2Own. The the purpose of point to one is is, one, we we partner with the vendor.

So a vendor will you know, like like Tesla was the anchor sponsor for the last Sure. Five years for for, Pwn2Own Automotive. They provide a whole vehicle to the hackers to actually try and target. By the way, they get to keep it if if they’re successful.

Yeah. Tell us about that story. That’s really interesting. Yeah. Because, I mean well, first of all, the aftermarket value of a of a hacked car is not not much.

Right? So it probably makes sense to give them the vehicle, but it’s a good incentive for them to to do it. But also we have, you know, EVSE suppliers that will, you know, send their, components, for for attack. But most of the the, solutions are available in public domain.

They they try to hack it. And, what you find is that a lot of these, they’re competing with each other. Right? So some some of them even, are they’re trying up to the last minute, they’re trying to identify weaknesses, and they’re hoping the vendor doesn’t patch it the week before so that when they run the rest so what they do is they turn up at the event.

They get they get a lottery system to figure out who goes first. They run their script to to demonstrate how the attack is working. It’s validated by us, by the vendor. And, if it’s successful, they get prize money.

And, they get points. And they get the winner then is called a master of Pwn2Own So it’s really, really highly contested. We give away anything from eight hundred thousand to over one point five million depending on. This is real legitimate prize money!

Yes. It’s really I mean, these are the best of the best. These are people who identify vulnerabilities that no other people can identify. Really, really high skilled individuals.

And, sometimes they’re groups, sometimes they’re individuals. So we have a lot of very famous groups that that compete. It’s like a circuit, but Pwn2Own is the holy grail of of the circuit. Now what we do is once we identify the vulnerability, the reason is why do we do this.

Right? So the bounty is actually paid out then by the vendor and by us. So we we split that. And, and then we take ownership of the IP.

So we then understand the TTPs that have been used, how the exploit has been, you know, what are the different elements of it that we bring that we could bring that into our products and protect our customers. And then we work with the vendor to do the disclosure process. And the purpose of that is that it is responsible disclosure. And we’ve been doing that successfully in the enterprise domain for many, many years, which is well known practice, adopted by everybody.

Right.

23:10 Automotive Vulnerability Disclosure

And, it’s typically a ninety day notification. The challenge in the automotive sector is there’s a very different safety aspect to the disclosure. So and also there’s a very complicated mechanism to disclosure.

So, the safety aspect, I think we all understand. You know, there’s if, a bad actor can take advantage of a vehicle that has safety and, you know, life implications, the complexity side is, you know, there’s so many different, tiers in the delivery mechanism for OEMs. Ultimately, OEM is responsible, but, you know, there’s a tier one supplier, tier two supplier. There’s a long life cycle.

Some of these vehicles on the road for, you know, up to twenty, twenty five years depending in some cases. And the, are the engineering teams that built this hardware software component still working are they still working together with the source code? Have they got the capacity to release a patch? What does that mean from an operational perspective in in regards to cost?

How quickly can they do that or prioritize with their existing commitments? What is the implication and indemnity? You know? So there’s all of these operational challenges, risks, legal risks, insurance risks, that they need to consider.

So it’s it’s not a it’s not a simple situation to solve, so we need to work very closely with the OEMs and the suppliers to actually identify a mechanism for them to actually mitigate that mitigate that risk and then disclose that publicly.

24:46 Cybersecurity Threats in Other Industries

You were sharing with us some stories from other industries from your Trend Micro… because you’ve been at Trend Micro for a long time until recently moving to VicOne. Some, really, horror stories about how cybersecurity threats can impact other types of businesses. Do you want to share some of those stories?

Yeah. So one of the you know, maybe before I go to the stories, I think one of the things to think about specifically in automotive is deterministic disclosure. So when we talk when when I talk about the challenges around the, coordinator or, disclosure, it’s deterministic in some ways because, you know, whether you know, we know OEMs and and, tier ones have to do pen testing. And, they they have their own bug bounty programs.

They might have their own, ways and means of identifying risks in the, you know, in the architecture and the software and the components themselves. But it’s it’s on their schedule in regards to when they do the disclosure. Right? What will and I talked about the two inflection points.

When does the lower technical barrier of entry and high monetization? So once that happens, and it will happen, I think at some point, it no longer becomes deterministic. Now you need to react and to make decisions very, very quickly in a really complex situation that’s already difficult to do in today’s world. And then to do that with time pressure and public scrutiny on on top of you.

Right? So, that changed the landscape. And back to your question, I’ve had firsthand experience of many people, even in in Ireland, which is a small country, but I’ve I’ve a lot of friends who are CISOs that we know in so many different situations, people and companies get hacked all the time. Mhmm.

Most of it is not publicly disclosed. I can recall three specific conversations where a friend of mine who’s a CISO got made a phone call to me and said, “I’m in trouble.” There was one example where is, the, you know, the person was literally onboarded a couple of weeks and and, all their operations are down globally. Another example, were, medical institutions were affected.

So, and when that happens, that will either make or break you as a CISO. Sure. It’s something that you’ll never forget. You need to make so many high quality decisions under extreme pressure in a very short space of time.

And a lot of times, no matter how much work you do, no matter how many tabletop exercises you run, no many how many dry runs you prepare for, you can’t really prepare for this type of event. And, the stress, some of the personal stress that they’re under to to deal with this. You know? You you’re you have, you know, public obligations if it’s a public organization.

You have, you’re dealing with third parties coming in that are offering to, you know, maybe the board is recommending someone to come in and, try to figure out what happened to get to get answers. You’ve everybody wanting updates regularly. You have your team who are gonna be stressed and burnt out to try and figure this out. It’s it’s a nightmare.

And I’ve had firsthand experience with that. So this is not something you want to do very often. I’m pretty sure every CISO goes through at least once in their in their in their lifetime, but it’s it’s not a pretty place to be. Yeah.

So then that tends to make people reticent, to, you know, oh, gosh. We we shouldn’t put software in vehicles, and we shouldn’t do this. But the reality is we have techniques. There are best practices in enterprise IT to solve these problems.

The technology is getting better. Trend Micro is continuing to stay ahead of that. So, you know, as we think to the automotive space, what’s your recommendation to the industry, really, for how we should be bringing those practices in automotive? Yeah.

So the demands are going to this is gonna happen regardless. I mean, the I mean, its question is around how do we put you know, should we do this from a security point of view? We should because the the benefits economically benefits, the commercial benefits, the, time to market benefits, the operational benefits, they’re they outweigh the risk. The question is how do you manage the risk?

And we’ve seen this successfully managed as we’ve seen software-defined everything come into the enterprise space. There are ways to mitigate those and stay ahead of those. So the more you do in regards to proactive security, the more investment that you make in in regards to understanding the type of scenarios that may happen, building in security by design, building in very strong operational, mechanisms to be able to handle an event, but also to, you know you know, throughout throughout the life cycle of the attack, what is your mitigation throughout that whole life cycle? And making sure that you’re covered in all those areas.

Software defined vehicle is no different. It’s just another way to make sure that you’re you’re protected. So I my advice is is, not not to change any strategy in regards to adoption of it. Just make sure that you protect it correctly.

Right.

29:45 The Role of AI in Vehicle Cybersecurity

But, you know, such an important conversation these days is artificial intelligence. It’s becoming, pervasive in many different parts of the the world, of course, but in vehicles as well. Tell me about the the pros and cons of AI, in vehicles with respect to cybersecurity.

So I’m gonna tie this back to, the Pwn2Own event. Right? And recently, we had, Sina, who’s the master of Pwn2Own this year. He’s an individual, and he’s competing against teams like Synacktiv and lots of other groups that have multiple individuals, you know, really high skilled, high caliber, individuals that are that are trying to identify vulnerabilities.

And I asked him the question that, you know, around AI. And, he claimed to be not an AI expert, but his answer was, I develop AI models that help me to offload the repetitive work or the type of work I just don’t have time to do, but I need to get done to help me to actually figure out all these attack, situations. And so he said he’s a white hat hacker — White hat hacker — using AI to increase his productivity in white hat hacking. Exactly.

And and that’s how he can compete against groups. And so my my inflection from that was, this is a guy who’s doing, you know, ethical hacking. What if what if he’s a bad actor? Then they can also take advantage of AI to help them to even be more successful in their, in their attempts as well.

So that that’s on one side. Right? But then we also see the capability of using AI for protection, you know, in regards to, using various models to identify patterns of behavior, in regards to anomaly model, anomaly models. You can see in regards to filtration, in regards to different events we see from vehicles.

We can see that in regards to correlation, in regards to, different patterns of behavior that we see. You know, we talked about onboard or off-board, but also from different systems. You might want to see different activities across those, not just looking at them as isolation pools, but actually look across the whole piece. So all these different things you need you can use AI to speed it up where a human just cannot do it.

You know? Reading reading logs from the vehicle itself. You know? You’re gonna need different ways to, traditionally move on from just rule sets.

You know? And, so you need to to you need to AI we can see people are gonna use AI to attack, but also you can use AI to defend. And the question is, who’s gonna win the race and, who can quickly adapt the best?

32:13 Conclusion and Future Outlook

That’s such an interesting perspective of the double-edged sword of AI for cybersecurity.

Willy, this has been an incredible conversation. We’ve covered such a wide range. I’ve learned a ton. Thank you for visiting with us.

And, we’re excited to work with you. We look forward to working with you more in the future from Sonatus, and, and thank you for being on the show. Thank you very much. If you like what you’re seeing with, today’s episode, please like and subscribe to see more episodes like this.

And you could find us on, YouTube, on the Sonatus website, Apple Podcasts, and Spotify. We look forward to seeing you again in another episode of The Garage very soon.