By NHI Mgmt Group Editorial TeamDomain: Cyber SecuritySource: Upstream SecurityPublished September 28, 2025

TL;DR: Connected vehicle security is shifting as automakers, suppliers, and mobility platforms push deeper into AI, real-time data, and software-defined operations, according to Upstream Security. The governance challenge is no longer only technical hardening but control over data, identity, and operational trust as the attack surface expands.


At a glance

What this is: This is a leadership profile that uses a wider mobility interview to argue that AI, connectivity, and cybersecurity are converging in software-defined vehicles.

Why it matters: It matters because mobility programmes now depend on identity, access, and data governance across ecosystems that look more like enterprise platforms than traditional vehicle systems.

👉 Read Upstream Security's interview on AI, mobility, and connected vehicle cybersecurity


Context

Connected vehicle programmes are no longer just engineering projects. They are increasingly data-driven environments where AI, software, and external integrations shape both product behaviour and cyber risk. For security and identity teams, that creates a governance problem around who and what can interact with vehicle data, services, and update paths.

The article also sits inside a broader mobility-security shift where OEMs are being pushed toward real-time operations and ecosystem partnerships. That matters to IAM and NHI practitioners because connected systems tend to accumulate service identities, API access, and delegated trust faster than oversight models mature.


Key questions

Q: How should mobility teams govern non-human identities in connected vehicle platforms?

A: Start by separating machine identities from human accounts, then assign each one an owner, purpose, expiry condition, and revocation path. Mobility environments often accumulate API keys, service accounts, and certificates across OEM, supplier, and cloud layers, so lifecycle control matters more than simple permission review. Without that discipline, access persists long after the original use case has changed.

Q: Why do connected vehicle ecosystems create more identity risk than traditional product environments?

A: Because they depend on continuous machine-to-machine trust. Every telemetry feed, partner integration, update service, and analytics pipeline introduces non-human identities that can be over-scoped, forgotten, or reused. That raises the chance that access survives beyond its intended purpose and becomes a standing risk across the mobility stack.

Q: What do security teams get wrong about AI in mobility programmes?

A: They often treat AI as a feature problem instead of a governance problem. In connected mobility, AI influences data flow, anomaly handling, and operational decisions, so the real question is who can access the model, what data it can use, and what actions it is allowed to trigger. Controls must cover decision boundaries, not just model accuracy.

Q: What should organisations do when mobility security depends on suppliers and shared platforms?

A: Define accountability before integration. Shared mobility ecosystems need explicit ownership for data access, credential handling, logging, and incident response across every external party. If the trust model is informal, security teams lose the ability to prove who had access, when it was used, and whether it was revoked on time.


Technical breakdown

Connected vehicle security depends on identity and trust boundaries

Connected mobility platforms blend embedded systems, cloud services, telemetry pipelines, and partner integrations. Once those environments become software-defined, security depends less on static perimeter controls and more on the trust boundaries around APIs, service accounts, update channels, and analytics workloads. In practice, the difficult question is not whether the vehicle is connected, but which identities can change what, where, and when across the ecosystem.

Practical implication: Map every external and internal connection to an accountable identity, then restrict each one to the narrowest operational scope.

AI introduces new control points in mobility data flows

When AI sits in the middle of mobility operations, it influences which data gets prioritised, how anomalies are detected, and how workflows respond. That creates new governance points around model inputs, training data, inference access, and downstream automation. The risk is not just model failure, but over-trusting AI outputs in environments where safety, reliability, and cyber decisions are tightly coupled.

Practical implication: Treat AI-enabled mobility workflows as governed systems with explicit ownership, access boundaries, and auditability.

Machine-to-machine integrations expand the non-human identity surface

The more a mobility ecosystem relies on APIs, partners, and real-time services, the more it depends on non-human identities such as tokens, service accounts, and certificates. These identities often outnumber human users and are harder to track because they are embedded in platforms rather than assigned through ordinary joiner-mover-leaver processes. That makes lifecycle control, secret handling, and privilege review central to resilience.

Practical implication: Inventory machine identities separately from human accounts and review their lifecycle, not just their permissions.


NHI Mgmt Group analysis

AI-native mobility is creating a governance problem before it is creating a tooling problem. The article’s core signal is that connected vehicles are becoming software and data platforms first, and mechanical systems second. That shift increases the number of identities, integrations, and decision points security teams must govern. For practitioners, the immediate issue is not whether AI is present, but whether the control model can keep up with AI-shaped operational trust.

Connected vehicles create a broader non-human identity surface than most mobility teams are prepared for. API keys, service accounts, certificates, and partner tokens become part of the vehicle security model once operations depend on real-time cloud connectivity. That is an identity governance issue as much as an engineering one, because weak lifecycle discipline for machine identities turns platform convenience into persistent access risk. Practitioners should assess NHI sprawl as part of mobility risk reviews.

Smart mobility programmes now need a control model that spans product, cyber, and data governance. The article reflects a market where OEMs are forced to connect cybersecurity decisions to business outcomes such as quality, warranty, and customer experience. That convergence makes isolated security reviews inadequate. Teams should align security controls to operational trust boundaries, not to organisational silos.

Community language in mobility security should not obscure the operational reality of shared responsibility. The more suppliers, platforms, and data partners sit inside the vehicle ecosystem, the less meaningful single-organisation security assumptions become. This is where identity governance matters most, because shared environments fail when access paths, ownership, and accountability are unclear. Practitioners should treat third-party trust as a first-class control domain.

Mobility security is moving toward continuous verification, not point-in-time assurance. Real-time environments cannot rely on periodic reviews alone when systems are updating, exchanging telemetry, and making automated decisions continuously. That puts pressure on continuous identity validation, constrained delegation, and stronger telemetry around machine actions. Practitioners should expect governance models to shift toward runtime assurance.

What this signals

Connected mobility will force IAM teams to think beyond enterprise boundaries. Vehicle programmes increasingly rely on partner APIs, cloud telemetry, and machine identities that do not fit standard employee-centric governance. The practical shift is toward identity inventories, delegated access controls, and revocation processes that can operate across suppliers and platforms.

AI governance and NHI governance are converging in mobility operations. Once AI is used to prioritise alerts, inform quality decisions, or influence vehicle services, the security model has to address both the model and the identities that feed it. That means mobility teams will need stronger audit trails for service-to-service access and clearer ownership for automated actions.


For practitioners

  • Inventory machine identities across mobility services Create a separate register for API keys, service accounts, certificates, and partner credentials used in vehicle, cloud, and analytics workflows. Tie each identity to an owner, purpose, expiry condition, and revocation process.
  • Define trust boundaries for connected vehicle integrations Document which systems can read telemetry, trigger updates, modify data pipelines, or call external services. Use those boundaries to constrain access reviews, logging, and incident response playbooks.
  • Add NHI lifecycle controls to mobility risk reviews Check whether non-human identities are provisioned, rotated, and decommissioned with the same discipline as human accounts. Prioritise partner tokens and long-lived credentials because they tend to survive programme changes.
  • Align AI governance with vehicle security decisions Require ownership for model inputs, inference access, and automated actions that affect vehicle operations or customer-facing outcomes. Make auditability a requirement for any AI workflow that can influence cyber or safety decisions.

Key takeaways

  • Connected vehicles are becoming identity-rich systems, which makes machine trust a core mobility security issue.
  • AI in mobility changes governance requirements because data flow, decision support, and operational action are increasingly linked.
  • Security teams should treat suppliers, APIs, and service credentials as part of the vehicle attack surface, not as surrounding infrastructure.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST SP 800-53 Rev 5, CIS Controls v8 and NIST Zero Trust (SP 800-207) set the technical controls, while ISO/IEC 27001:2022 define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-4Connected vehicle ecosystems rely on constrained access across partners and services.
NIST SP 800-53 Rev 5AC-6Least privilege is central to managing vehicle APIs, telemetry access, and partner credentials.
CIS Controls v8CIS-5 , Account ManagementMachine identities in mobility need lifecycle tracking, not just configuration oversight.
NIST Zero Trust (SP 800-207)Zero trust aligns with continuous verification across distributed vehicle and cloud components.
ISO/IEC 27001:2022A.5.15Access control governance fits shared mobility environments with many third-party connections.

Use zero trust principles to validate every mobility connection instead of relying on network location.


Key terms

  • Connected Vehicle Security: Connected vehicle security is the set of controls that protect vehicles which exchange data with cloud services, suppliers, mobile apps, and remote management systems. It extends beyond in-vehicle hardening to cover update trust, telemetry integrity, and command authorization across the full operating lifecycle.
  • Non-Human Identity (NHI): A digital identity assigned to a non-human entity such as a software application, service account, API key, bot, machine, or AI agent that enables it to authenticate and interact with systems without direct human involvement. NHIs now outnumber human identities in most enterprises by 25 to 50 times.
  • Software-defined vehicle: A software-defined vehicle is a vehicle whose features, controls, and updates are increasingly managed through software and connected digital systems. It depends on centralized compute, remote updates, and supplier-integrated tooling, which makes access control and containment more important than in traditional vehicle architectures.
  • Trust Boundary: A trust boundary is the point where one system’s authority should stop and another system’s authority should begin. For internal automation, weak trust boundaries let monitoring, remediation, and execution share privileges that should have remained separate.

What's in the full article

Upstream Security's full article covers the leadership interview and mobility-market context this post intentionally leaves at a higher level:

  • The full conversation behind Jennifer Tisdale's perspective on mobility transformation and why it matters to industry leaders.
  • Additional context on Upstream's positioning across XDR, API security, proactive quality detection, and connected vehicle analytics.
  • The broader company narrative around AI-native mobility operations and ecosystem collaboration.
  • The article's own framing of why Detroit automotive roots still matter in software-defined vehicle security.

👉 The full Upstream Security article expands on the mobility transformation themes behind Jennifer Tisdale's appointment.

Deepen your knowledge

NHI Mgmt Group covers identity security, NHI governance, and agentic AI through independent research, practitioner guides, and the NHI Foundation Level course, the industry's only accredited NHI security programme. It helps practitioners build the governance foundations needed to manage machine identities, secrets, and access at scale.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org