Activities should include at least one of the following:

• Continuous detection of patterns and identification of anomalies that can potentially indicate emerging threats, recognising new attack vectors and enabling advanced detection in an evolving threat landscape, including in ICT or in Operational Technology infrastructures using open technologies.
• Creation of CTI based on novel threat detection capabilities.
• Enhancing speed of incident response through real-time monitoring of networks to identify security incidents and generating alerts or triggering automated responses.
• Mitigating malware threats by analysing code behaviour, network traffic, and file characteristics, reducing the window of opportunity for attackers to exploit malware.
• Identification of vulnerabilities and support for management considering multiple sources of information.
• Cybersecure tools and solutions that provide risk-reduction in the crossover between AI, IoT and smart grids or other manufacturing chains.
• Support for recovery from incidents through self-healing capacities.
• Reducing the chances of attacks and pre-emptively identifying weaknesses through automated vulnerability scanning and penetration testing.
• Protecting business sensitive data through the analysis of access patterns and detection of abnormal behaviour.
• Enabling organisations to leverage and share CTI and other actionable information for analysis and insights without compromising data security and privacy, through anonymisation.
• Tools and solutions that provide product security or cybersecurity by design/default in line with CRA requirements.
• Tool and service providers are welcome to apply for this topic, also when in a consortium with Cyber Hubs. Links with stakeholders in the area of High-Performance Computing should be made where appropriate, as well as activities to foster networking with such stakeholders. In well justified cases, access requests to the EuroHPC high performance computing infrastructure could be granted.
• The systems, tools and services developed under this topic will be made available for licensing to National and/or Cross-Border Cyber Hubs platforms, CSIRTs, competent authorities, and other relevant authorities under favourable market conditions.
• These actions aim at providing AI-powered cybersecurity capabilities for National and/or Cross-Border Cyber Hubs and for national authorities encompassing Cyber Hubs, CSIRTs, which occupy a central role in ensuring the cybersecurity of national authorities, providers of critical infrastructures and essential services. These entities are tasked with monitoring, understanding and proactively managing cybersecurity threats. In light of their crucial operative role in ensuring cybersecurity in the Union, the nature of the technologies involved as well as the sensitivity of the information handled, Cyber Hubs must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control.
• Tools to protect and secure AI solutions in line with the EU legislative framework and considering integration of requirements for robustness, performance, trust and balanced AI autonomy.
• Contribute to the cybersecurity certification of AI-driven cybersecurity solutions and systems. The primary objective of cybersecurity certification for AI systems within the EU is twofold: to mitigate cybersecurity risks inherent in AI technologies and to demonstrate compliance with the EU’s comprehensive legislative framework, including the AI Act. By establishing a standardised, transparent, and rigorous certification process, the EU seeks to foster trust in AI technologies among users, developers, and regulators alike.