COSMOS · Project

Automated Testing and Security Tools That Ship Cyber-Physical Software Faster

digitalTestedTRL 5

Imagine you build software that controls real machines — like a train braking system or a medical device. Every update is terrifying because one bug could cause real-world harm, so testing takes forever. COSMOS built AI-powered tools that automatically generate tests, spot security holes, and prioritize what needs checking first, so teams can ship updates faster without cutting corners on safety. Think of it as giving your quality team a smart assistant that knows which tests matter most and runs them in the right order.

By the numbers

Industrial use cases validated (healthcare, avionics, automotive, utility, railway)

Consortium partners across 8 countries

Industry partners in the consortium

Total project deliverables produced

67%

Industry partner ratio in consortium

The business problem

What needed solving

Companies building software for physical systems — vehicles, trains, medical devices, power grids — face a painful tradeoff: ship updates fast and risk safety failures, or test exhaustively and fall behind competitors. Manual testing of cyber-physical systems is expensive, slow, and still misses security vulnerabilities. The more complex the system, the worse this bottleneck gets.

The solution

What was built

COSMOS built a suite of prototype tools: AI-based test prioritization for a two-speed DevOps pipeline, automated test case generation from user feedback, specification-based security testing, runtime verification for signal-based properties, and quality assessment monitoring tools. All 32 deliverables were completed, with 6 dedicated demo toolsets validated across 5 industrial sectors.

Audience

Who needs this

Automotive OEMs and Tier-1 suppliers with embedded software teamsRailway signaling system manufacturersMedical device companies with connected productsAvionics software integrators facing DO-178C complianceUtility companies managing SCADA and smart grid control software

Business applications

Who can put this to work

Automotive

enterprise

Target: Automotive OEMs and Tier-1 suppliers developing embedded vehicle software

If you are an automotive supplier dealing with painfully slow software release cycles for safety-critical ECU code — this project developed AI-based test prioritization and automated test generation tools validated against automotive use cases. The two-speed DevOps pipeline lets you run fast checks on routine changes while reserving expensive Hardware-in-the-Loop testing for critical updates, cutting your verification bottleneck.

Railway & Transportation

enterprise

Target: Railway signaling and control system manufacturers

If you are a railway technology company struggling to validate software updates across complex signaling systems — COSMOS built runtime verification tools that check signal-based temporal properties on execution traces, both offline and online. Validated against a railway use case with 12 consortium partners, these tools let you continuously monitor system behavior in the field instead of relying solely on pre-deployment testing.

Medical Devices

mid-size

Target: Connected medical device manufacturers

If you are a medical device company facing regulatory pressure to prove software security while accelerating update cycles — COSMOS developed specification-based security testing tools that automate attack simulation against high-level security properties. With validation across 5 industrial sectors including healthcare, these tools help you demonstrate compliance while reducing manual security audit effort.

Frequently asked

Quick answers

What would it cost to adopt these DevOps tools?

COSMOS produced open-source prototype tools with community-building activities to encourage adoption. The coordinator, The Open Group, is an SME focused on standards, suggesting the tools are designed for integration into existing pipelines rather than as expensive standalone products. Specific licensing costs are not published in the project data.

Can these tools handle industrial-scale systems?

The tools were validated against 5 industrial use cases spanning healthcare, avionics, automotive, utility, and railway sectors. The consortium included 8 industry partners (67% industry ratio), meaning the tools were built to handle real production environments, not just lab demos.

Who owns the IP and how is it licensed?

The project was coordinated by The Open Group Limited (UK), known for open standards. The project explicitly targeted Open Source community building and standardization, suggesting tools are likely available under open-source licenses. Contact the coordinator for specific IP terms.

How does the AI-based test prioritization actually reduce costs?

The two-speed DevOps cycle separates changes into fast and slow verification paths. The AI-based prioritization selects which changes need expensive full testing (including Hardware-in-the-Loop) versus which can pass through lighter checks. This directly reduces the number of costly test runs per release cycle.

Is this ready for regulated industries like avionics or medical?

COSMOS specifically targeted heavily regulated sectors and leveraged the standards experience of the coordinator and partners to promote the technologies within those sectors. The tools include specification-based security testing designed for compliance demonstration. Based on available project data, standardization activities were a core project goal.

How long would integration take?

The tools are designed as pipeline integrations — they plug into existing DevOps workflows rather than replacing them. The project ran from January 2021 to March 2024 and produced 32 deliverables including complete tool sets. Based on available project data, integration timelines would depend on your existing CI/CD maturity.

Is there ongoing support after the project ended?

The project closed in March 2024. The Open Group coordinated community-building activities around open-source adoption, and standardization efforts were pursued across regulated sectors. Based on available project data, ongoing support would come through the open-source community and consortium partners.

Consortium

Who built it

COSMOS assembled a strong industry-heavy consortium with 12 partners across 8 countries (CH, CZ, DE, IT, LU, NL, PT, UK). With 8 industry players and 4 universities — a 67% industry ratio — this is clearly a project built for real-world adoption, not academic publishing. The coordinator, The Open Group Limited, is a UK-based SME known for driving open standards (think TOGAF and ArchiMate), which signals the tools are designed for broad industry uptake rather than proprietary lock-in. The 4 SMEs in the consortium add agility and commercialization potential. Validation across 5 different industrial sectors demonstrates cross-industry applicability.

The Open Group LimitedCoordinator · UK
GMVIS SKYSOFT SAparticipant · PT
UNPARALLEL INNOVATION LDAparticipant · PT
UNIVERSITE DU LUXEMBOURGparticipant · LU
Q-MEDIA, S.R.O.participant · CZ
UNIVERSITA DEGLI STUDI DEL SANNIOparticipant · IT
SIEMENS HEALTHCARE GMBHparticipant · DE
ZURCHER HOCHSCHULE FUR ANGEWANDTE WISSENSCHAFTENparticipant · CH
SIEMENS AKTIENGESELLSCHAFTparticipant · DE
TECHNISCHE UNIVERSITEIT DELFTparticipant · NL

How to reach the team

The Open Group Limited (UK) — contact through CORDIS portal or project website

Order a report on this consortium See The Open Group Limited profile →

Next steps

Talk to the team behind this work.

Want to connect with the COSMOS team about their CPS testing tools? SciTransfer can arrange a direct introduction to the right technical lead.

Order a report on this topic More in Digital & ICT