Product cyber security · one platform
From a signal in the wild to the exact component.
Threat intelligence, supplier risk, vulnerabilities and SBOM on one connected graph. Correlens correlates them, so a leak, an exploit or a breached supplier resolves to the exact component in the exact program, and a person can act.
Automotive-grade rigor, applied everywhere software moves.
Supply chain risk
When your supplier is breached, you find out first.
Your suppliers become part of your risk surface the moment they ship you code. Correlens watches them across threat-intel sources, scores the noise, and correlates a breach to the exact components and programs it puts at risk.
Actor “888” advertises ~35 GB allegedly stolen from Accenture on a dark-web forum
Confidence: medium · actor has a scope-inflation historyThreat intelligence
Curated for what you ship, summarized by AI, confirmed by a human.
Signals from the open web, the dark web and the deep net, scored for your context. The AI reads, translates and summarizes each one; an analyst confirms it. Nothing escalates on the machine's word alone.
Actor advertises stolen data from a connected engineering supplier
A dark-web actor is advertising data claimed to be stolen from a connected engineering supplier. The same actor has a documented history of inflating scope, so the claim is treated as unconfirmed and correlated to the exact components and programs that supplier ships to you.
Voltage-glitching bypass of read protection on RH850 automotive MCUs
Public research demonstrates a crowbar voltage-glitching attack that defeats read protection and the debug password on Renesas RH850 microcontrollers, allowing locked flash to be read with commodity hardware and no desoldering. RH850 is common in gateways and steering ECUs, so this touches firmware confidentiality under R155.
Public repo exposes CI config referencing an internal supplier build domain
A public code repository exposes a CI configuration that references an internal supplier build domain and artifact paths. No secrets are confirmed leaked, but the reference maps build infrastructure and hints at the OTA toolchain, so it is queued for an analyst to validate against the affected program.
Ask the graph
One question. A grounded, cited answer.
Everything the platform knows is one connected graph. Ask it in plain language and get a real answer, with the numbers and the sources behind it.
CVE-2026-4187 (gstreamer 1.14.4, confirmed exploited) reaches 3 programs, 2 suppliers and 5 nodes. It is reachable on 4 of 5 nodes; one is suppressed by a supplier VEX statement.
Vulnerability management
Actionable risk, not a wall of CVEs.
Every finding is enriched from correlated threat intelligence and re-scored for the product in the field. You act on what is exploited and reachable, not on a raw severity number.
| Vulnerability | Component | CVSS | EPSS | Exploitation | Reachability | State |
|---|---|---|---|---|---|---|
| CVE-2026-4187 | gstreamer 1.14.4 | 9.8 | 0.89 | confirmed exploited (KEV) | reachable | under review |
| CVE-2026-3350 | botan 2.19.5 | 8.4 | 0.42 | exploit available | reachable | to validate |
| CVE-2026-0915 | bluez 5.66 | 7.5 | 0.18 | PoC published | adjacent | to validate |
| CVE-2026-2044 | libexpat 2.2.6 | 6.2 | 0.05 | no known exploit | not reachable | suppressed (VEX) |
Re-scored for the product in front of you.
A 9.8 with no network path to it is not a 9.8 in your program. Set a node's real external interfaces and safety level once, and every finding re-scores to match, in CVSS 3.0, 3.1 or 4.0.
Watchlists
Hunt the risk that is specific to your parts.
Curate the observables that matter for what you ship, and the platform watches them proactively. The tuning and unlock scene, for one, trades ECU-unlock techniques openly, long before they become an incident.
Auto-seeded from your SBOM and portable by standard. Import and export as STIX 2.1, so a watchlist moves between your teams and tools.
SBOM
The inventory that feeds everything else.
Your software bill of materials is one input, and the platform makes it work for the rest: it feeds vulnerability management and threat correlation, so a component is never just a line in a file. Watch it move from import to audit-ready.
312 components · threshold 30
| Component | Version | Origin | EOL | Vulns |
|---|---|---|---|---|
| gstreamer | 1.14.4 | OSS | 2027-01 | 29 |
| botan | 2.19.5 | OSS | – | 6 |
| bluez | 5.66 | OSS | 2027-03 | 9 |
| ivi-mediastack | 2.8.1 | proprietary | – | 4 |
Transportability
Bring your data in. Take more out.
Open by standard at both ends. What you import is never trapped, and what the platform learns comes back in a format your other tools already speak, whatever you build.
What you bring in
What you take out
e.g. a drone flight-controller SBOM in, an enriched bill with reachable CVEs out.
e.g. an ITS roadside-unit incident exported straight to your SOC and PSIRT.
Compliance, evidenced
Run the work, and the audit evidence writes itself.
A Cyber Security Management System (ISO/SAE 21434) is how you govern product cyber security across the lifecycle. The modules above are its operational workflows, and the trail they leave is the evidence a regulator asks for.
Software, plus people. Our product-security experts work alongside your team, from your first SBOM to audit-ready compliance.
AI with humans in control
A loop, not an autopilot.
The AI does the reading, scoring and correlation at machine scale. The analyst makes every call that matters. Neither works alone.
Every decision is recorded. The audit trail a regulator asks for is a byproduct of the work, not a separate chore. Teams are multi-tenant and role-based, so you can invite an external supplier with scoped access and still keep the whole picture.
Ready when you are
One source of truth for product cyber security.
Cars, commercial vehicles, ITS, drones and e-mobility. Book a demo and we will map it to your programs, with our experts alongside your team.
Product surfaces on this page show sample data. The supplier-breach example reflects publicly reported claims, shown to illustrate correlation.