A CISO View from REE Automotive on the Evolving Cyber Landscape and AI

As vehicles become software-defined, cloud-connected, and increasingly infused with AI-driven capabilities, cybersecurity is no longer optional. It is a core design principle and a fundamental enabler of both safety and business continuity.

In this conversation, I sat down with Yaron Edan, CISO of REE Automotive, to discuss the shifting cyber threat landscape, the unique challenges of securing software-defined platforms, and how AI is transforming both attack surfaces and defenses.

When asked how the industry has changed over the past 3-5 years, Yaron points to the shift from hardware-centric to software-defined vehicles. This transition has expanded the threat surface dramatically, across embedded systems, communication layers, over-the-air (OTA) update infrastructures, API and connected apps, as well as other third-party integrations.

“Cybersecurity is now a core SDV engineering discipline. It underpins not only safety and reliability, but also customer trust,” Yaron emphasizes.

Among the attack vectors that remain underestimated, Yaron highlights OTA infrastructure vulnerabilities, weak key management, and compromised supply chains as critical blind spots. Runtime attacks on vehicle functions, he warns, are also rising concerns.

The SDV Cybersecurity Challenge

Protecting software-defined vehicles (SDVs) and transportation platforms presents a distinct set of challenges compared to passenger vehicles. For REE, which targets customers that operate critical transportation, downtime is not an option. That reality demands cybersecurity strategies designed around continuous uptime, secure OTA updates, runtime monitoring, and robust key management.

SDVs also face stricter operational realities:

• Minimal downtime tolerance, requiring seamless updates and patches.
• Alongside UNECE R155/R156 and ISO/SAE 21434, the EU’s Cyber Resilience Act (CRA) will impose stricter requirements for lifecycle security, faster vulnerability patching, and greater accountability for OEMs and suppliers. Non-compliance will not only create legal risk but also undermine customer trust and market access.
• Vehicle resilience – security must scale with thousands of vehicles, each continuously in operation.
  

“In the era of cloud-connected and software-defined vehicles, cybersecurity is not an add-on,” Yaron states. “It’s a core design principle and a fundamental pillar of the Business Continuity Plan.”

AI: The Double-Edged Sword

Few topics loom larger in today’s cyber conversations than artificial intelligence, and Yaron is quick to frame it as both a tremendous opportunity and a growing risk. On the one hand, AI is transforming defense strategies by powering anomaly detection, correlating massive datasets across vehicles and cloud environments, and enabling more proactive approaches to threat hunting. On the other hand, it is just as readily available to attackers, who are now using AI to automate exploits, refine social engineering campaigns, and develop ways to bypass traditional defenses. The reality, Yaron explains, is that AI is a double-edged sword, driving an arms race where both defenders and adversaries are moving faster and smarter than ever before.

Using AI as a Force Multiplier

Despite the hype surrounding AI’s potential, Yaron takes a pragmatic view of its role in vehicle cybersecurity today. Rather than replacing human expertise, he sees AI as an augmentation tool, a powerful ally that can extend the reach and efficiency of security operations centers. By embedding AI into monitoring and detection systems, REE is able to process vehicle and cloud telemetry at an enormous scale, surface anomalies earlier, and accelerate the speed and accuracy of incident response. 

Just as importantly, REE is integrating AI to ease the burden on human analysts by automating the resolution of low-level alerts based upon design instructions from REE’s CISO, while providing analysts, in parallel, with the optionality to review the alert manually. This shift allows security teams to focus their attention where it matters most, on high-value investigations and complex decisions that still require human judgment.

Looking Ahead: The Next 3-5 Years

When asked what challenges will define the mobility industry over the next few years, Yaron paints a sobering picture. 

“The increasing complexity of connected vehicle software will inevitably expand the number of vulnerabilities adversaries can exploit. At the same time, AI-driven attacks will demand new levels of resilience, and securing the global software supply chain will become an urgent priority,” Yaron explains. 

The industry will also face the ongoing challenge of navigating evolving global regulations while maintaining lifecycle product security. Layered onto all of this is the critical need to protect OTA infrastructures, not just at the point of update delivery, but throughout runtime, ensuring that vehicles remain trustworthy over their entire operating life.

For OEMs and suppliers determined to future-proof their cyber defenses, Yaron’s guidance is straightforward but uncompromising. Threat intelligence, he stresses, cannot be treated as a one-off effort. Rather, it must be built into the continuous lifecycle of security operations. Secure-by-design practices, aligned with standards such as ISO/SAE 21434, UNECE R155/R156, and ASPICE, should be embedded into every phase of development. Investment in foundational protections like end-to-end encryption, secure boot, runtime safeguards, and OTA resilience is non-negotiable. AI, meanwhile, should be embraced as a force multiplier for SOC efficiency, not as a silver bullet. And with software supply chains spanning the globe, advanced supplier management platforms will be critical to ensuring end-to-end oversight and integrity.

Ultimately, Yaron underscores that cyber resilience is not a static achievement. It is a living discipline that requires both robust engineering and adaptive defense strategies. 

“No system is ever finished,” he reminds us. “Resilience comes from vigilance, and from designing security into the very DNA of mobility innovation.”

***

Yaron Edan, CISO of REE Automotive

Yaron Edan has been serving as the Chief Information Security Officer (CISO) at REE Automotive for the past four years. At this pioneering startup in the automotive industry, he leverages his deep technical expertise in Software-Defined Vehicles (SDV).

Prior to this role, Yaron worked at Israel’s National Cyber Directorate (INCD), where he was responsible for resilience and guidance to all civilian sectors nationwide. A retired IDF Colonel, Yaron is also a veteran of Unit 8200.