If you are a manufacturer dealing with strict IEC 62443 standards — this project developed an AI-driven tool that automates requirement mapping and vulnerability detection. This allows you to update your hardware firmware without restarting the entire expensive certification process from scratch.
AI-Powered Automated Cybersecurity Certification for Faster Product Updates
Imagine if every time you updated your phone's software, you had to wait months for a government inspector to check it for safety. This project builds a smart digital assistant that checks security rules automatically and instantly. It's like having a 24/7 automated auditor that ensures your tech stays safe even as you change it daily.
What needed solving
Traditional security certification is a slow, one-time event that cannot keep up with agile software updates. This creates a gap where new updates introduce vulnerabilities, risking company reputation and user safety.
What was built
An AI-driven software framework featuring a RAG system for regulation navigation, an automated SBOM vulnerability detector, and a threat modeling tool.
Who needs this
Who can put this to work
If you are a provider dealing with the EU Cyber Resilience Act — this project developed a RAG-based system for navigating regulations and automated SBOM vulnerability analysis. This reduces the manual effort needed to prove your software is compliant during rapid release cycles.
If you are an operator dealing with evolving cyber threats — this project developed a CTI-driven threat modeling tool and risk prioritization engine. This helps you identify which vulnerabilities to fix first based on real-world data from NVD and MITRE.
Quick answers
How much does the software cost to implement?
Based on available project data, the specific pricing or cost of the software is not mentioned, though the objective is to create a cost-effective assessment process.
Can this be used for large-scale industrial deployment?
Yes, the project includes a scalable formal methods framework and is designed for ICT products and services across critical infrastructure.
Who owns the intellectual property and how is it licensed?
Based on available project data, the project aims to develop an open software framework, but specific licensing terms are not detailed.
Does this help with EU law compliance?
Yes, it specifically aligns with the EU Cybersecurity Act, the Cyber Resilience Act (CRA), and the AI Act.
How does it integrate with existing security data?
It integrates with external data sources including MITRE ATT&CK, D3FEND, and the National Vulnerability Database (NVD) via SBOM analysis.
Who built it
The consortium is heavily weighted toward commercial application, with 8 industry partners (73% ratio) and 4 SMEs. This high industry concentration across 7 countries suggests the results are driven by market needs rather than pure academic research, increasing the likelihood of commercial viability.
Contact Fundacion Tecnalia Research & Innovation in Spain
Talk to the team behind this work.
Contact us to explore licensing or partnership opportunities with the CERTIFAI consortium.