VicOne’s GenAI-Based In-Vehicle Intrusion Detection System on Sonatus AI Director

The cloud-first model relies on continuously uploading vast amounts of raw telemetry and event data from every vehicle to a centralized security center (VSOC). This creates three critical problems as fleet sizes grow:
- Escalating Costs: Storage and data transmission fees skyrocket with the sheer volume of data being uploaded.
- False Alarm Overload: VSOC teams are flooded with non-critical alerts where simple vehicle malfunctions are mistaken for cyberattacks, wasting analyst time.
- Slow Response to New Threats: Frequent vehicle software updates create a "moving target," forcing security teams to constantly adjust cloud-based detection methods, which slows down the response to actual threats.

Unlike static rule-based systems, VicOne's solution uses a GenAI-based threat model that runs directly on the vehicle's hardware (the "edge").
- Contextual Analysis: It correlates data across multiple ECUs—including CAN bus activity, Ethernet packets, and system logs—to uncover complex, contextual attack patterns that traditional methods miss.
- Novel Threat Detection: By analyzing this rich, cross-domain data locally, it can identify "novel threats" (zero-day attacks) that haven't been seen before, rather than just matching known signatures.

The combination of VicOne's AI and the Sonatus platform delivers measurable efficiency and cost gains:
- 60% Lower Cloud Costs: By processing data locally and only uploading summarized, relevant alerts, it drastically cuts data transfer and processing fees.
- 80% Faster Triage: Security analysts spend less time sifting through noise because the system pre-filters false positives, delivering high-quality, actionable insights.
- Comprehensive Coverage: It extends threat detection from a single ECU to the entire vehicle, monitoring everything from API calls to CPU usage for suspicious activity.