Ransomware group exfiltrated nearly 1 TB of data from a major Asian vehicle manufacturer's customer and dealership environment in early January 2026 via a third-party vendor

Delta Alarm cyberattack disabled mobile-app vehicle controls for hundreds of thousands of Russian vehicle owners for up to two weeks in late January 2026

Delta Alarm took approximately five days to restore partial functionality and nearly two weeks to fully recover from the cloud control plane attack

US Commerce Department rule prohibits Chinese and Russian connected-vehicle software starting Model Year 2027

US connected vehicle hardware restrictions arrive for Model Year 2030 or January 1, 2029 for non-model-year components

US connected vehicle rule covers vehicles under 10,001 pounds

China's amended Cybersecurity Law took effect on 1 January 2026 (passed 28 October 2025) with raised penalties and extraterritorial reach

64 distinct CWEs mapped in Q4 2025, down from 82 in Q3 2025

Over 100 advertised leaks and ransomware breaches targeted the automotive supply chain on the dark web in Q4 2025

UK SI 2025/1110 mandates UN R155 and R156 for type-approval effective 13 November 2025

EU Delegated Regulation 2025/1455 extends UN R155 to L-category vehicles: new types compliant by 11 December 2027, existing types by 11 June 2029

ControlLoc adversarial attack on AV object trackers achieved up to 98.5% success digitally and over 79% in physical tests against the Baidu Apollo stack

US Tier-1 automotive supplier had approximately 1.9 TB of internal files publicly posted on an extortion site at the end of October 2025

Japanese vehicle manufacturer's customer management environment breach exfiltrated roughly 900 GB in December 2025

Japanese vehicle manufacturer third-party cloud compromise exposed around 21,000 customer records in December 2025

German aftermarket parts and distribution business had 1.4 TB of internal data advertised on underground forums in December 2025

47% of large organizations do not have full visibility into employee AI tool usage.

89% of senior IT leaders report that managing the growing identity footprint is challenging.

56% of cybersecurity decision-makers are concerned about employees inadvertently exposing sensitive information to AI systems.

47% of U.S. cybersecurity decision-makers report concern about lack of visibility into employee AI tool usage, compared with 42% globally.