Artificial Intelligence Requires Automated Cybersecurity for Smart Products

AI systems will uncover an increasing number of security vulnerabilities. This makes it all the more important to accurately assess their significance and the need for action.

Düsseldorf, June 23, 2026 — Artificial intelligence is fundamentally reshaping cybersecurity. New AI models can identify software flaws and security vulnerabilities faster than ever before. For manufacturers of connected devices, machines and systems, the growing volume of newly discovered vulnerabilities can only be effectively assessed and managed through automated processes. These processes also enable organizsations to demonstrate compliance with an increasing number of regulatory requirements. This is the conclusion of a recent analysis by Düsseldorf-based product cybersecurity specialist ONEKEY.

Based on current trends and expert assessments, the number of discovered security vulnerabilities is set to rise dramatically in the future due to the use of powerful AI systems. However, the real challenge begins after that. Companies must determine which vulnerabilities are relevant, their impact on specific products, and the necessary measures. This is precisely where AI-only solutions reach their limits.

"Finding a vulnerability is not the same as understanding its significance for a product, considering its areas of application and risks, or making decisions that withstand regulatory scrutiny," explained Jan Wendenburg, CEO of ONEKEY. AI is useful for initial testing and accelerating security analyses. Additional tools are required to ensure predictable results, clearly traceable audit evidence, compliance documentation, and robust risk assessments.

Reliable Evidence for Decision-Making and Compliance

This is particularly relevant in light of new regulatory requirements, such as the Cyber Resilience Act (CRA), the Radio Equipment Directive (RED), and the IEC 62443 series of standards. In the future, manufacturers will need to demonstrate which software components are included in their products, identify existing vulnerabilities, explain their potential impact, and detail how risks have been addressed.

While modern AI tools are increasingly capable of identifying potential vulnerabilities, the analysis indicates that companies still need transparent and robust decision-making foundations. This includes a Software Bill of Materials (SBOM), vulnerability assessments (VEX), technical evidence of a product’s actual exposure, and documentation that can withstand audits and certifications.

A Combined Approach Involving Firmware Analysis, Security Management, and AI

ONEKEY relies on an integrated approach that combines automated firmware analysis, vulnerability management, and AI-based support. The ONEKEY platform analyzes firmware directly at the binary level. It automatically generates a software bill of materials and assesses the relevance of vulnerabilities within a product's specific context.

This reduces the workload by more than 60 percent. Additionally, the solution effectively identifies unknown vulnerabilities, such as insecure communication channels, hard-coded credentials, and potential attack vectors through code injections.

At the same time, ONEKEY continues to expand the use of artificial intelligence across its platform. Machine learning technologies are already being used to identify additional software components automatically. AI-powered chat capabilities and an intelligent analysis assistant, which automatically classifies security findings and supports prioritization decisions, will be available this summer. In addition, the ONEKEY platform is being enhanced with agentic AI systems to provide manufacturers and operators of smart products with an effective and highly automated platform. The goal is to help organizations manage growing cybersecurity requirements and increasing volumes of security findings efficiently while minimizing the resources required.

AI, Evidence, and Security Processes

"The use of AI increases the number of results. However, professional cybersecurity decisions must continue to be transparently documented, evaluated, and monitored,” the study concluded. According to ONEKEY, relying solely on AI can actually increase risk rather than improve security without structured product security processes.

Consequently, ONEKEY is investing heavily in expanding AI within its platform. Machine learning is already being used to improve security analyses further. The development roadmap also includes new AI-based features that will support companies in assessing, prioritizing, and addressing security risks. ONEKEY will unveil its first new product features in the coming weeks.