SOAFEE Blueprint: VicOne Drives Vehicle Cybersecurity with Edge AI

November 10, 2025

Blog

In the fast-evolving world of software-defined vehicles (SDVs), cybersecurity has become as critical as performance and safety. The latest SOAFEE Blueprint from VicOne, developed as part of the SOAFEE community, introduces a new model for in-vehicle defense that moves intelligence from the cloud to the edge, powered by adaptive AI.

This is one in a series of columns showcasing SOAFEE’s new Blueprints series, developed in partnership with SOAFEE

At the heart of VicOne’s approach is xCarbon Edge AI, which uses Meta’s Llama models (specifically tinyLlama 1.1B) for local threat reasoning, and Arm’s KleidiAI to optimize AI workloads across Arm-based CPUs.  Together these technologies enable intelligent, efficient cybersecurity that operates directly within the vehicle.   The result is a more resilient and scalable approach to defending against cyberattacks in real time, without the cost or latency of cloud-dependent systems.

A Shift from Reactive to Adaptive Defense

Vehicle cybersecurity threats are no longer rare or isolated. As VicOne’s William Dalton explained, attacks are growing in both frequency and sophistication, and traditional cloud-centric defenses can no longer keep up.

The prevailing model that relies on centralized Vehicle Security Operations Centers (VSOCs) to analyze data from millions of vehicles creates massive bandwidth, infrastructure, and cost burdens. xCarbon reimagines that process by bringing intelligence to the edge, allowing each vehicle to act as its own first line of defense.

By correlating data across multiple ECUs and analyzing event patterns locally, xCarbon reconstructs potential attack paths and compares them to known threat intelligence. When a risk is detected, the system triggers in-vehicle alerts and simultaneously notifies remote security teams for verification and escalation.

This distributed approach allows vehicles to respond instantly without waiting for cloud updates while continuously improving their defensive models through data synchronization and AI learning cycles.

Breaking the Update Bottleneck

For global OEMs, one of the toughest cybersecurity challenges is keeping detection models current. Traditionally, updating an in-vehicle AI model means cycling between the cloud and specialized hardware test benches, an iterative process that can take weeks or months.

VicOne’s Yanzhu Zhang described how SOAFEE’s cloud-native architecture changes this entirely. By leveraging SOAFEE, both model fine-tuning and performance validation can now happen in the cloud using virtual platforms.

This shift eliminates hardware dependencies and accelerates the entire workflow. Updates can now be validated virtually and deployed over-the-air with minimal downtime, keeping fleets protected as threats evolve.

VicOne’s integration of virtual device testing and DevOps alignment also makes updates seamless. The same pipeline that trains and validates models in the cloud can deploy them to embedded systems in vehicles, significantly reducing development time and operational cost.

A Collaborative Blueprint for Smarter Security

The VicOne blueprint represents an evolving model for how the SOAFEE ecosystem can be applied to cybersecurity. By combining cloud-native development, edge intelligence, and open collaboration, VicOne and SOAFEE are demonstrating how adaptive AI can continuously defend vehicles at scale.

The partnership also leverages Arm’s AI innovation, including Arm KleidiAI libraries, to maximize performance on Arm CPUs without requiring specialized hardware accelerators. This reduces cost while maintaining robust detection and response capabilities for OEMs and suppliers.

For OEMs, the value is tangible.  The VicOne Blueprint helps boost efficiency, accelerating threat adaptation so vehicles can respond to new attacks faster.  It also streamlines analyst workflows, cutting triage time by up to 80 percent.  In addition, it helps optimize cloud costs by pre-filtering and summarizing security events before syncing with the cloud VSOC, reducing data transfer and processing expenses by up to 60 percent.

The benefits are clear:
•    Faster adaptation to new threats with cloud-based AI fine-tuning
•    Lower operating costs by reducing cloud processing and bandwidth demands
•    Minimal hardware dependency through virtualized testing and validation
•    Continuous protection that evolves as vehicles learn from each other

VicOne describes this approach as “defending forward,” a philosophy that transforms vehicles from passive assets into active participants in their own protection.

The Road Ahead

With this SOAFEE Blueprint, VicOne joins a growing list of contributors redefining how automotive software is built, validated, and secured. As SOAFEE continues to expand beyond compute and orchestration into domains like cybersecurity, the ecosystem is proving that open collaboration is the key to faster innovation and safer mobility.
Learn more about the VicOne Blueprint (https://www.soafee.io/blog/2025/vicone-blueprint/) and explore other collaborative projects shaping the software-defined vehicle, visit the SOAFEE in Action page at soafee.io/soafeeinaction. There you can find the current library of published SOAFEE Blueprints and discover what is next from the community that is defining the software future of automotive.