Upstream's report finds that the rapid adoption of Physical AI, with autonomous vehicles among the first production-ready systems in real-world operation, is expanding attack surfaces and accelerating attacker capabilities, creating large-scale cyber risks with massive impact potential.
SHIBUYA, Japan, May 25, 2026 /PRNewswire/ -- Upstream, the leading AI-powered cybersecurity detection and response platform (XDR) purpose-built for connected vehicles, physical AI, and smart mobility, released today its 2026 Global Automotive and Smart Mobility Cybersecurity Report. Now in its eighth year, the report reveals a material escalation in cybersecurity risks across Automotive and Smart Mobility. This is driven by the rapid expansion of APIs and AI-driven architectures, alongside the increased sophistication of organized threat actors. Together, these forces are widening the gap between adversary capability and the industry's current cybersecurity posture, with ransomware continuing to emerge as one of the fastest-growing and most disruptive attack types in 2025.
Analyzing 494 publicly reported cybersecurity incidents from 2025 within the Automotive and Smart Mobility ecosystem worldwide, the report recognizes two converging trends reshaping automotive cybersecurity.
AI as a Double-Edged Sword
AI architectures have dramatically expanded the attack surface, introducing new entry points and systematic exposures across the entire ecosystem.
"The automotive industry is an early adopter of Physical AI, and as AI capabilities rapidly expand across markets, it now serves as the reference architecture for safety-critical, highly connected systems," said Yoav Levy, Co-Founder and CEO of Upstream. "However, AI is also enabling attackers to move faster, at greater scale, and with more automation while the industry is still relying on security models built for a far more static world. Our 2026 report shows that AI significantly expands the cybersecurity attack surface, as traditional perimeter defenses no longer suffice when AI systems adapt dynamically and directly influence physical outcomes."
Ransomware Drives Cyber Escalation
Financially motivated, well-resourced, and coordinated attack groups are increasingly targeting the sector, causing a major escalation in ransomware attacks that can translate into billions of dollars in operational and economic losses.
The report also found that 2025 saw a sharp rise in large-scale, coordinated attacks by organized threat actors on the Automotive and Smart Mobility ecosystem, with increasingly severe operational disruption, financial damage, and reputational consequences. The report highlights that ransomware attacks increased significantly as part of this broader escalation in cyber activity, with 44% of attacks being ransomware-related, more than double the volume than in 2024.
Furthermore, ransom attacks are now expanding beyond IT and enterprise systems into the actual vehicles, as shown in mid-2025 when attackers accessed remote vehicle command & control systems (via the companion app), locked owners out, took remote control of functions like ignition and door locks, and demanded ransom payment to restore access.
Additional Findings and Insights
- 71% of incidents were attributed to black hat actors, up from 65% in 2024.
- 92% of automotive cyber attacks were conducted remotely, of which 86% required no physical proximity to vehicles and systems.
- 67% of incidents involved telematics and cloud systems as attack vectors; however, APIs continue to serve as the nervous system of the Automotive and Smart Mobility ecosystem and the enabler of a significant portion of incidents.
- 68% of incidents involved data and privacy breaches, while 34% of incidents were focused on business and operational disruption.
- 61% of incidents had the potential to impact thousands to millions of mobility assets; 20% were massive-scale events.
The report also includes a comprehensive analysis of deep and dark web activity related to automotive-specific cyber threats, a review of relevant regulatory developments, and an examination of how AI is being incorporated into cybersecurity resilience.
About Upstream
Upstream delivers a cloud-based, AI-powered data management platform purpose-built for connected vehicles, smart mobility, physical AI, and the IoT ecosystem. By leveraging mobility data, Upstream empowers customers with advanced, AI-driven cybersecurity solutions, including detection and response (XDR), API Security, cyber threat intel, SOC services, resilience services, and more.
Upstream is backed by Alliance Ventures (Renault, Nissan, Mitsubishi), MSI Insurance, Volvo Group, BMW, Hyundai, Nationwide Insurance, Salesforce Ventures, Cisco Investments, CRV, Glilot Capital Partners, and Maniv Mobility.
Learn more at www.upstream.auto
Media Contact
Kate Schoenstadt
kate@headline.media
IL:+972 54 777 6684
View original content:https://www.prnewswire.co.uk/news-releases/ransomware-attacks-on-automotive-and-smart-mobility-more-than-doubled-in-2025-according-to-new-research-by-upstream-security-302781196.html
