Cybersecurity Vehicle Forum 2026: Why the future of SDV security will be defined by those in the room
By Francesca Forestieri, Automotive Lead, GlobalPlatform
In May 2026, automotive cybersecurity architects, security engineers, and decision-makers will meet in Plymouth, Michigan (May 19) and Tokyo (May 26) for the GlobalPlatform Cybersecurity Vehicle Forum (CVF). They will address some of the critical security questions facing the software-defined vehicle (SDV) industry.
If you lead cybersecurity for an OEM, a Tier 1 supplier, or a silicon provider, your open questions for 2026 are clear. How do you generate evidence for ISO/SAE 21434 without duplicating evaluation effort across the supply chain? Where do Micro-TEEs fit on MCU-class targets? How do you plan for post-quantum cryptography (PQC) migration across long automotive lifecycles? And how do you anchor a consistent Chain of Trust across increasingly complex vehicle architectures?
These are not long-term questions for the next decade. They are immediate engineering and business challenges that need answers now.
As vehicles become more software-defined, trust has become the central challenge. OEMs must not only secure increasingly complex vehicle architectures, but also demonstrate that security can be maintained across an extended, multi-tier supply chain. The challenge is not simply securing individual components, but creating assurance that is demonstrable, repeatable, and scalable across the full ecosystem.
Why technical participation matters
The Cybersecurity Vehicle Forum is not simply a space where the industry discusses security challenges. It is where technical decisions are shaped, specifications are challenged, and future industry frameworks begin to take form.
The agendas in Plymouth and Tokyo are organized around four critical technical areas, each with open questions where industry participation can shape the outcome:
- Secure Execution — Trusted Execution Environments (TEEs), Secure Elements, and Micro-TEE variants across MCU- and application-class targets are central to workload isolation, secure storage, key management, and OTA update security. Key questions remain around where Micro-TEEs add value beyond automotive HSMs, what standard APIs for Class A and MCU-class devices should include, and how secure components support broader SDV security platform specifications.
- Security Assurance and Certification — Scalable assurance helps OEMs avoid repeating the same evaluation effort across suppliers and programs. SESIP, aligned to ISO/SAE 21434, supports more repeatable, reusable certification, while GlobalPlatform Attack Working Groups provide a direct route for contributing attack and evaluation expertise.
- Future-Proofing Security — Post-quantum cryptography (PQC) migration must be planned around real automotive lifecycles, not theoretical timelines. At the same time, AI-driven penetration testing is emerging as a new evaluation vector, making practical, executable migration guidance essential.
- Trust Management — Chain of Trust anchoring, attestation, component traceability, Security Requirement Documents for Connected Components, and ECU lifecycle security form the foundation for scalable trust. Without a consistent trust model across the supply chain, secure execution and certification become much harder to sustain.
The future will be defined by those in the room
Technical direction set now shapes the industry references for years to come. Once a profile, specification, or certification framework is published, it does not get revisited without good reason.
Scalable trust requires alignment across silicon providers, Tier 1 suppliers, OEMs, platform providers, and certification bodies. The Cybersecurity Vehicle Forum is where that alignment gets tested against the reality of the automotive industry. The organizations that participate today are the ones best positioned to see their requirements reflected in what gets published and standardized.
GlobalPlatform invites industry stakeholders from across the industry to join the upcoming Cybersecurity Vehicle Forum events, taking place in Plymouth, Michigan, USA (May 19) and in Tokyo, Japan (May 26).
Help us shape the future of secure, software-defined vehicles.
