* AI systems will uncover an increasing number of security vulnerabilities. This makes it all the more important to accurately assess their significance and the need for action.

Düsseldorf - Artificial intelligence is fundamentally reshaping cybersecurity. New AI models can identify software flaws and security vulnerabilities faster than ever before. For manufacturers of connected devices, machines and systems, the growing volume of newly discovered vulnerabilities can only be effectively assessed and managed through automated processes. These processes also enable organisations to demonstrate compliance with an increasing number of regulatory requirements. This is the conclusion of a recent analysis by Düsseldorf-based product cybersecurity specialist ONEKEY.

Based on current trends and expert assessments, the number of discovered security vulnerabilities is set to rise dramatically in the future due to the use of powerful AI systems. However, the real challenge begins after that. Companies must determine which vulnerabilities are relevant, their impact on specific products, and the necessary measures. This is precisely where AI-only solutions reach their limits.

"Finding a vulnerability is not the same as understanding its significance for a product, considering its areas of application and risks, or making decisions that withstand regulatory scrutiny," explained Jan Wendenburg, CEO of ONEKEY. AI is useful for initial testing and accelerating security analyses. Additional tools are required to ensure predictable results, clearly traceable audit evidence, compliance documentation, and robust risk assessments.

Reliable Evidence for Decision-Making and Compliance

This is particularly relevant in light of new regulatory requirements, such as the Cyber Resilience Act (CRA), the Radio Equipment Directive (RED), and the IEC 62443 series of standards. In the future, manufacturers will need to demonstrate which software components are included in their products, identify existing vulnerabilities, explain their potential impact, and detail how risks have been addressed.

While modern AI tools are increasingly capable of identifying potential vulnerabilities, the analysis indicates that companies still need transparent and robust decision-making foundations. This includes a Software Bill of Materials (SBOM), vulnerability assessments (VEX), technical evidence of a product's actual exposure, and documentation that can withstand audits and certifications.

A Combined Approach Involving Firmware Analysis, Security Management, and AI

ONEKEY relies on an integrated approach that combines automated firmware analysis, vulnerability management, and AI-based support. The ONEKEY platform analyzes firmware directly at the binary level. It automatically generates a software bill of materials and assesses the relevance of vulnerabilities within a product's specific context.

This reduces the workload by more than 60 percent. Additionally, the solution effectively identifies unknown vulnerabilities, such as insecure communication channels, hard-coded credentials, and potential attack vectors through code injections.

At the same time, ONEKEY continues to expand the use of artificial intelligence across its platform. Machine learning technologies are already being used to identify additional software components automatically. AI-powered chat capabilities and an intelligent analysis assistant, which automatically classifies security findings and supports prioritization decisions, will be available this summer. In addition, the ONEKEY platform is being enhanced with agentic AI systems to provide manufacturers and operators of smart products with an effective and highly automated platform. The goal is to help organizations manage growing cybersecurity requirements and increasing volumes of security findings efficiently while minimizing the resources required.

AI, Evidence, and Security Processes

"The use of AI increases the number of results. However, professional cybersecurity decisions must continue to be transparently documented, evaluated, and monitored," the study concluded. According to ONEKEY, relying solely on AI can actually increase risk rather than improve security without structured product security processes.

Consequently, ONEKEY is investing heavily in expanding AI within its platform. Machine learning is already being used to improve security analyses further. The development roadmap also includes new AI-based features that will support companies in assessing, prioritizing, and addressing security risks. ONEKEY will unveil its first new product features in the coming weeks.

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of the automated ONEKEY Product Cybersecurity & Compliance Platform (OCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes - without source code, device, or network access. Proactively audit software supply chains with integrated Software Bills of Materials (SBOMs) generation. "Digital Cyber Twins" enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The integrated ONEKEY Compliance Wizard already supports compliance with requirements from IEC 62443-4-2, ETSI EN 303 645, UNECE R155, and many other standards and regulations.

As part of the EU-funded CRACoWi (Cyber Resilience Act Compliance Wizard) project, ONEKEY is collaborating with 13 European partners to develop an AI-powered assistant for the automated implementation of the EU Cyber Resilience Act (CRA).

The solution will guide companies through the entire compliance process--from the initial CRA scope assessment to the generation of the required Declaration of Conformity.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritization of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform (OCP) and ONEKEY Cybersecurity Experts.

Further information: ONEKEY GmbH,

Sara Fortmann, email: sara.fortmann@onekey.com,

Toulouser Allee 19A, 40211 Düsseldorf, Germany,

web: https://onekey.com

PR Agency: euromarcom public relations GmbH,

Mühlhohle 2, 65205 Wiesbaden, Germany,

email: team@euromarcom.de, web: www.euromarcom.de