CEDAR-42001: From ISO/IEC 42001 Conformity to Architecture-Aware, Audit-Visible Assurance Posture for AI Cyber-Physical Systems

Asaf Shabtai; Priyanka Prakash Surve; Yuval Elovici

arxiv: 2606.21276 · v1 · pith:I2LOKZN4new · submitted 2026-06-19 · 💻 cs.CY

CEDAR-42001: From ISO/IEC 42001 Conformity to Architecture-Aware, Audit-Visible Assurance Posture for AI Cyber-Physical Systems

Priyanka Prakash Surve , Asaf Shabtai , Yuval Elovici This is my paper

Pith reviewed 2026-06-26 13:02 UTC · model grok-4.3

classification 💻 cs.CY

keywords ISO/IEC 42001AI management systemcyber-physical systemsassurance posturematurity profileaudit evidencearchitecture attributionaction recommendation

0 comments

The pith

CEDAR-42001 converts ISO/IEC 42001 conformity into architecture-specific maturity assessments and action recommendations for AI cyber-physical systems.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces CEDAR-42001 as a method to enhance ISO/IEC 42001 audits for AI-enabled cyber-physical systems by adding details on which architectural layers are involved and how mature the practices are. Even when audits show high conformity rates of 89.9 percent, the enriched analysis finds that only 34.3 percent reach the high-assurance category needed for the risk context. This matters because it provides traceable links from audit evidence to specific improvements in sensing, control, governance, and oversight. The method was demonstrated on a synthetic autonomous fleet and the 2023 Cruise robotaxi incident to show its ability to highlight gaps.

Core claim

CEDAR-42001 preserves the original conformity determination in stage A and then in stage B attributes each audit row to a governance stratum or one of seven AI-CPS layers, assigns a five-dimensional maturity profile that identifies binding constraints, sets a risk-proportionate target maturity, and derives an action recommendation from a rulebook. These enriched rows aggregate into decision products at strategic, operational, and tactical levels. In evaluation, 89.9 percent conformity contrasted with only 34.3 percent high-assurance attainment, with the range 22.4 to 46.2 percent under alternatives, and the Cruise case mapped concerns to layer-specific actions.

What carries the argument

The two-stage CEDAR-42001 process that enriches each audit row with layer attribution, five-dimensional maturity profile, binding-constraint identification, risk-proportionate target, and rulebook action.

If this is right

Conformity assessments alone do not reveal the distribution of assurance across architectural layers or maturity shortfalls.
The method produces actionable recommendations traceable to specific audit evidence.
Application to incidents like the Cruise robotaxi can identify layer-specific gaps in perception, decision-making, and oversight.
Aggregation of enriched rows supports decisions at multiple organizational levels.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The approach could help regulators or operators prioritize technical testing on layers flagged as low maturity.
It implies that standard conformity may need supplementation with architecture-aware analysis for high-risk systems.
Extending the method to other standards beyond ISO 42001 could broaden its use in safety-critical domains.

Load-bearing premise

The seven AI-CPS layers and five-dimensional maturity profile, along with the binding-constraint rules and risk targets, accurately reflect the assurance needs of real systems and can be applied consistently.

What would settle it

Independent expert review of multiple AI-CPS systems where the CEDAR-42001 layer attributions and maturity ratings are checked against observed system failures or performance metrics.

Figures

Figures reproduced from arXiv: 2606.21276 by Asaf Shabtai, Priyanka Prakash Surve, Yuval Elovici.

**Figure 1.** Figure 1: Two-stage CEDAR-42001 row-level workflow. Stage A determines conformity; Stage B adds the four posture fields. Integrated rows feed strategic, operational, and tactical decision products. action templates. It is released as a versioned executable artifact together with the Meridian fixture and Cruise coding used in Section 5 (Appendix A). The controls in Annex A and the guidance in Annex B inform the matur… view at source ↗

**Figure 2.** Figure 2: Mean maturity scores by governance layer and AI-CPS architectural layer in the Meridian fixture. Monitoring and Cross-layer Integration are the lowest-scoring dimensions overall, while layer-specific profiles reveal distinct binding constraints that are not visible from conformity counts alone. The case, therefore, covers every processing stage, but not every conformity-rule branch. The rows covered the go… view at source ↗

**Figure 3.** Figure 3: Stage A conformity and Stage B assurance outcomes in the Meridian fixture. Of 159 assessed rows, 143 were conforming; 49 of those conforming rows reached the baseline high-assurance category. Out of the 159 rows, 143 are conforming (89.9%), but only 49 of those 143 rows (34.3%) reach the baseline High-assurance category ( [PITH_FULL_IMAGE:figures/full_fig_p013_3.png] view at source ↗

read the original abstract

AI-enabled cyber-physical systems (AI-CPS) turn data-driven decisions into physical actions, creating assurance challenges across sensing, computation, control, human oversight, and governance. ISO/IEC 42001:2023 specifies requirements for an artificial intelligence management system (AIMS), but conformity assessment alone does not show which architectural layers are affected, whether practices are mature enough for the risk context, or what actions should follow. We present CEDAR-42001 (Control-Evidence Decision and Action Reasoning), a two-stage method that converts ISO/IEC 42001 audit evidence into an architecture-aware assurance posture traceable to the audit record. Stage A preserves the conformity determination. Stage B adds four outputs to each audit row: (i) attribution to a governance stratum or one of seven AI-CPS layers; (ii) a five-dimensional maturity profile with binding-constraint identification; (iii) a risk-proportionate target maturity; and (iv) a rulebook-derived action recommendation. The enriched rows are aggregated into strategic, operational, and tactical decision products. We evaluate CEDAR-42001 using a synthetic autonomous-fleet AIMS and by comparing conformity-only results with the enriched outputs. Although 89.9 percent of audit rows were conforming, only 34.3 percent of conforming rows reached the baseline High-assurance category; across alternative operationalizations, this proportion ranged from 22.4 percent to 46.2 percent. A retrospective application to the 2023 Cruise robotaxi incident shows how the method captures documented concerns across governance, perception, decision-making, and human oversight and maps them to layer-specific actions. CEDAR-42001 does not estimate exploitability or replace technical CPS-security testing; it identifies where audit evidence warrants deeper technical assurance, organizational improvement, or remediation.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

CEDAR-42001 adds a concrete two-stage enrichment process to ISO 42001 audits for AI-CPS with layer attribution and action rules, but the 34% high-assurance gap rests on author-chosen layers and scales that lack independent checks.

read the letter

The paper defines CEDAR-42001 as a two-stage method that keeps the original ISO 42001 conformity call and then tags each row with one of seven AI-CPS layers, a five-dimensional maturity profile, a risk-proportionate target, and a derived action. That specific set of four outputs per row plus the aggregation into strategic, operational, and tactical views is new relative to the standard itself.

It does a clean job of showing the difference between conformity and assurance posture on the synthetic autonomous-fleet example, where 89.9% of rows pass but only 34.3% reach the high-assurance bar, with the range shifting under alternative rules. The retrospective walk-through of the 2023 Cruise incident also maps documented problems to specific layers and actions without claiming to replace technical testing.

The main limitation is that both the quantitative result and the Cruise mapping depend entirely on the authors' seven-layer taxonomy, five-dimensional scales, binding-constraint rules, and target definitions. No inter-rater data, correlation to observed incidents, or sensitivity analysis beyond the reported range is described, so the gap between conformity and assurance could be an artifact of those choices rather than a stable property of real systems. The evaluation itself uses only synthetic data plus one historical case.

This is aimed at governance and assurance teams already working with ISO 42001 in autonomous vehicles, robotics, or other cyber-physical domains who need a repeatable way to turn audit rows into prioritized actions. It is a process improvement rather than a new technical result.

Send it to peer review. The procedure is explicit enough that referees can test the mappings and see whether the outputs hold up under different operationalizations.

Referee Report

2 major / 0 minor

Summary. The manuscript introduces CEDAR-42001, a two-stage method that converts ISO/IEC 42001 audit evidence for AI cyber-physical systems into an architecture-aware assurance posture. Stage A preserves the original conformity determination; Stage B augments each row with attribution to one of seven AI-CPS layers or governance, a five-dimensional maturity profile with binding-constraint identification, a risk-proportionate target, and a rulebook-derived action. Enriched rows are aggregated into strategic, operational, and tactical products. Evaluation on a synthetic autonomous-fleet AIMS reports 89.9% conformity but only 34.3% high-assurance (sensitivity range 22.4–46.2% under alternatives); a retrospective mapping is performed on the 2023 Cruise robotaxi incident.

Significance. If the seven-layer taxonomy, five-dimensional maturity scales, and binding-constraint rules accurately reflect assurance requirements, the method could supply auditors and operators with traceable, layer-specific guidance that extends beyond binary conformity to identify where deeper technical or organizational work is warranted. The procedural traceability to the audit record and the explicit sensitivity analysis on operationalizations are constructive features for a method paper in this domain.

major comments (2)

[Section 4 (Evaluation)] Section 4 (Evaluation): the central quantitative claim that only 34.3% of conforming rows reach the baseline High-assurance category (with alternative-operationalization range 22.4–46.2%) is produced entirely by applying the seven AI-CPS layers and five-dimensional maturity profile defined in Section 3 to the synthetic dataset; the manuscript provides no inter-rater reliability data, correlation with observed safety outcomes, or validation against independent real-world audit corpora, so the reported gap cannot yet be separated from an artifact of the chosen operationalization.
[Section 3 (CEDAR-42001 Method)] Section 3 (CEDAR-42001 Method): the binding-constraint identification rules, risk-proportionate target definitions, and action-derivation rulebook are introduced as procedural extensions of ISO/IEC 42001 and the seven-layer taxonomy without derivation from empirical incident data or expert-consensus validation studies; this makes the method's ability to produce assurance postures that accurately reflect real AI-CPS risk contexts an untested modeling assumption that bears directly on the utility of the enriched outputs.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments on the scope of our claims. We address each major point below, agree where the manuscript requires clarification, and will make the indicated revisions.

read point-by-point responses

Referee: [Section 4 (Evaluation)] Section 4 (Evaluation): the central quantitative claim that only 34.3% of conforming rows reach the baseline High-assurance category (with alternative-operationalization range 22.4–46.2%) is produced entirely by applying the seven AI-CPS layers and five-dimensional maturity profile defined in Section 3 to the synthetic dataset; the manuscript provides no inter-rater reliability data, correlation with observed safety outcomes, or validation against independent real-world audit corpora, so the reported gap cannot yet be separated from an artifact of the chosen operationalization.

Authors: We agree that the 34.3% figure and its sensitivity range are produced solely by applying the Section 3 operationalizations to the synthetic AIMS dataset, and that the manuscript reports neither inter-rater reliability, correlation with safety outcomes, nor validation on external real-world audit corpora. The sensitivity analysis is included precisely to illustrate dependence on modeling choices. In revision we will reframe Section 4 results as an illustration of method mechanics and sensitivity rather than an empirical claim about real-world gaps, add a dedicated Limitations subsection, and qualify all quantitative language accordingly. revision: yes
Referee: [Section 3 (CEDAR-42001 Method)] Section 3 (CEDAR-42001 Method): the binding-constraint identification rules, risk-proportionate target definitions, and action-derivation rulebook are introduced as procedural extensions of ISO/IEC 42001 and the seven-layer taxonomy without derivation from empirical incident data or expert-consensus validation studies; this makes the method's ability to produce assurance postures that accurately reflect real AI-CPS risk contexts an untested modeling assumption that bears directly on the utility of the enriched outputs.

Authors: The binding-constraint rules, targets, and rulebook are constructed as logical extensions of ISO/IEC 42001 requirements together with the seven-layer taxonomy; no separate empirical derivation from incident data or expert-consensus validation is reported. The Cruise retrospective supplies only a single qualitative mapping. We will revise Section 3 to label these elements explicitly as proposed operationalizations, add a statement on the modeling assumption, and incorporate the point into the new Limitations section. Future empirical validation studies are noted as required. revision: yes

Circularity Check

0 steps flagged

No significant circularity; method is a self-contained procedural definition.

full rationale

The paper defines CEDAR-42001 as a two-stage procedural mapping from ISO/IEC 42001 audit evidence to layer attributions, five-dimensional maturity profiles, risk-proportionate targets, and action recommendations. All outputs are produced by applying author-specified rules (seven AI-CPS layers, binding-constraint identification, etc.) to a synthetic dataset; the reported figures (89.9 % conforming, 34.3 % high-assurance) are direct consequences of those rules rather than independent predictions or fitted quantities. No equations, statistical models, or first-principles derivations appear. No self-citation load-bearing steps, uniqueness theorems, or ansatzes imported from prior work are present in the provided text. The framework is therefore self-contained as an explicit operationalization rather than a reduction of outputs to inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The method depends on domain assumptions about appropriate layers and maturity dimensions rather than new entities or fitted parameters.

axioms (1)

domain assumption Seven AI-CPS layers and five-dimensional maturity profile provide a valid and complete basis for attributing and rating audit evidence.
Invoked to produce the four outputs per audit row and the aggregated decision products.

pith-pipeline@v0.9.1-grok · 5884 in / 1329 out tokens · 44597 ms · 2026-06-26T13:02:15.797380+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

21 extracted references · 2 canonical work pages

[1]

Bloomfield, R., Rushby, J.: Assurance of AI systems from a dependability per- spective. Tech. Rep. SRI-CSL-2024-02R3, SRI International, Computer Science Laboratory (2025), also available as arXiv:2407.13948 CEDAR-42001: Conformity to Posture for AI-CPS 17

arXiv 2024
[2]

Rulemaking R.12-12-011 (Dec 2023)

California Public Utilities Commission: Ruling ordering cruise llc to show cause why it should not be sanctioned for failing to provide complete information and for making misleading public comments. Rulemaking R.12-12-011 (Dec 2023)

2023
[3]

IEC, standard series (2018)

International Electrotechnical Commission: IEC 62443 — security for industrial automation and control systems. IEC, standard series (2018)

2018
[4]

ISO/IEC: ISO/IEC 27001:2022 — information security, cybersecurity and privacy protection — information security management systems — requirements (2022)

2022
[5]

ISO/IEC: ISO/IEC 42001:2023 information technology – artificial intelligence – management system (2023)

2023
[6]

In: Computer Safety, Reliability, and Security (SAFECOMP

Koopman, P.: Anatomy of a robotaxi crash: Lessons from the cruise pedestrian dragging mishap. In: Computer Safety, Reliability, and Security (SAFECOMP
[7]

(2024), preprint, arXiv:2402.06046

arXiv 2024
[8]

In: Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency

Lam, K., Lange, B., Blili-Hamelin, B., Davidovic, J., Brown, S., Hasan, A.: A framework for assurance audits of algorithmic systems. In: Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency. pp. 1078–1092. FAccT ’24, Association for Computing Machinery (2024).https://doi.org/10. 1145/3630106.3658957

arXiv 2024
[9]

In: 33rd USENIX Security Symposium (USENIX Security 24)

Lou, Y., Zhu, Y., Song, Q., Tan, R., Qiao, C., Lee, W.B., Wang, J.: A first {Physical-World}trajectory prediction attack via{LiDAR-induced}deceptions in autonomous driving. In: 33rd USENIX Security Symposium (USENIX Security 24). pp. 6291–6308 (2024)

2024
[10]

AI and Ethics (2023).https://doi.org/10.1007/ s43681-023-00289-2

Mökander, J., Schuett, J., Kirk, H.R., Floridi, L.: Auditing large language mod- els: A three-layered approach. AI and Ethics (2023).https://doi.org/10.1007/ s43681-023-00289-2

2023
[11]

National Highway Traffic Safety Administration: Part 573 safety recall report 23e- 086: Cruise collision detection subsystem. Tech. Rep. 23E-086, U.S. Department of Transportation (Nov 2023)

2023
[12]

National Highway Traffic Safety Administration: Consent order: In re cruise, llc, standing general order 2021-01 reporting. Tech. rep., U.S. Department of Trans- portation (2024)

2021
[13]

National Institute of Standards and Technology: Artificial intelligence risk man- agement framework (AI RMF 1.0). Tech. Rep. NIST AI 100-1, NIST (2023)

2023
[14]

National Institute of Standards and Technology: Guide to operational technology (OT) security. Tech. Rep. NIST Special Publication 800-82 Revision 3, National Institute of Standards and Technology (2023).https://doi.org/10.6028/NIST. SP.800-82r3

work page doi:10.6028/nist 2023
[15]

IEEE Software10(4), 18–27 (1993).https://doi.org/10.1109/52

Paulk, M.C., Curtis, B., Chrissis, M.B., Weber, C.V.: Capability maturity model, version 1.1. IEEE Software10(4), 18–27 (1993).https://doi.org/10.1109/52. 219617

work page doi:10.1109/52 1993
[16]

Quinn Emanuel Urquhart & Sullivan, LLP: Report to the boards of directors of cruise llc, gm cruise holdings llc, and general motors holdings llc regarding the october 2, 2023 accident in san francisco. Tech. rep., Quinn Emanuel Urquhart & Sullivan, LLP (Jan 2024)

2023
[17]

In: Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency

Raji, I.D., Smart, A., White, R.N., Mitchell, M., Gebru, T., Hutchinson, B., Smith- Loud, J., Theron, D., Barnes, P.: Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing. In: Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency. pp. 33–44. FAT* ’20, Association for Computing Mac...

arXiv 2020
[18]

In: 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)

Srinivasan, T., Patapati, S., Musku, H., Gode, I., Arora, A., Bhattacharya, S., Nazriev, A., Hirave, S., Kanjiani, Z., Ghose, S.: Dura-cps: A multi-role orches- trator for dependability assurance in llm-enabled cyber-physical systems. In: 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). pp. 63–70. I...

2025
[19]

arXiv preprint arXiv:2508.17481 (2025), accepted for presentation at the 2026 IEEE European Symposium on Security and Privacy (EuroS&P)

Surve, P.P., Shabtai, A., Elovici, Y.: Sok: Cybersecurity assessment of humanoid ecosystem. arXiv preprint arXiv:2508.17481 (2025), accepted for presentation at the 2026 IEEE European Symposium on Security and Privacy (EuroS&P)

arXiv 2025
[20]

Department of Transportation, Office of Inspector General: California au- tonomous vehicle company charged for making false statements

U.S. Department of Transportation, Office of Inspector General: California au- tonomous vehicle company charged for making false statements. DOT OIG Inves- tigations (Nov 2024)

2024
[21]

In: Proceedings of the IEEE/CVF international conference on computer vision

Wang,N.,Luo,Y.,Sato,T.,Xu,K.,Chen,Q.A.:Doesphysicaladversarialexample really matter to autonomous driving? towards system-level effect of adversarial object evasion attack. In: Proceedings of the IEEE/CVF international conference on computer vision. pp. 4412–4423 (2023) A Artifact and Data Availability The CEDAR-42001 instrument, rulebook, execution engin...

2023

[1] [1]

Bloomfield, R., Rushby, J.: Assurance of AI systems from a dependability per- spective. Tech. Rep. SRI-CSL-2024-02R3, SRI International, Computer Science Laboratory (2025), also available as arXiv:2407.13948 CEDAR-42001: Conformity to Posture for AI-CPS 17

arXiv 2024

[2] [2]

Rulemaking R.12-12-011 (Dec 2023)

California Public Utilities Commission: Ruling ordering cruise llc to show cause why it should not be sanctioned for failing to provide complete information and for making misleading public comments. Rulemaking R.12-12-011 (Dec 2023)

2023

[3] [3]

IEC, standard series (2018)

International Electrotechnical Commission: IEC 62443 — security for industrial automation and control systems. IEC, standard series (2018)

2018

[4] [4]

ISO/IEC: ISO/IEC 27001:2022 — information security, cybersecurity and privacy protection — information security management systems — requirements (2022)

2022

[5] [5]

ISO/IEC: ISO/IEC 42001:2023 information technology – artificial intelligence – management system (2023)

2023

[6] [6]

In: Computer Safety, Reliability, and Security (SAFECOMP

Koopman, P.: Anatomy of a robotaxi crash: Lessons from the cruise pedestrian dragging mishap. In: Computer Safety, Reliability, and Security (SAFECOMP

[7] [7]

(2024), preprint, arXiv:2402.06046

arXiv 2024

[8] [8]

In: Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency

Lam, K., Lange, B., Blili-Hamelin, B., Davidovic, J., Brown, S., Hasan, A.: A framework for assurance audits of algorithmic systems. In: Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency. pp. 1078–1092. FAccT ’24, Association for Computing Machinery (2024).https://doi.org/10. 1145/3630106.3658957

arXiv 2024

[9] [9]

In: 33rd USENIX Security Symposium (USENIX Security 24)

Lou, Y., Zhu, Y., Song, Q., Tan, R., Qiao, C., Lee, W.B., Wang, J.: A first {Physical-World}trajectory prediction attack via{LiDAR-induced}deceptions in autonomous driving. In: 33rd USENIX Security Symposium (USENIX Security 24). pp. 6291–6308 (2024)

2024

[10] [10]

AI and Ethics (2023).https://doi.org/10.1007/ s43681-023-00289-2

Mökander, J., Schuett, J., Kirk, H.R., Floridi, L.: Auditing large language mod- els: A three-layered approach. AI and Ethics (2023).https://doi.org/10.1007/ s43681-023-00289-2

2023

[11] [11]

National Highway Traffic Safety Administration: Part 573 safety recall report 23e- 086: Cruise collision detection subsystem. Tech. Rep. 23E-086, U.S. Department of Transportation (Nov 2023)

2023

[12] [12]

National Highway Traffic Safety Administration: Consent order: In re cruise, llc, standing general order 2021-01 reporting. Tech. rep., U.S. Department of Trans- portation (2024)

2021

[13] [13]

National Institute of Standards and Technology: Artificial intelligence risk man- agement framework (AI RMF 1.0). Tech. Rep. NIST AI 100-1, NIST (2023)

2023

[14] [14]

National Institute of Standards and Technology: Guide to operational technology (OT) security. Tech. Rep. NIST Special Publication 800-82 Revision 3, National Institute of Standards and Technology (2023).https://doi.org/10.6028/NIST. SP.800-82r3

work page doi:10.6028/nist 2023

[15] [15]

IEEE Software10(4), 18–27 (1993).https://doi.org/10.1109/52

Paulk, M.C., Curtis, B., Chrissis, M.B., Weber, C.V.: Capability maturity model, version 1.1. IEEE Software10(4), 18–27 (1993).https://doi.org/10.1109/52. 219617

work page doi:10.1109/52 1993

[16] [16]

Quinn Emanuel Urquhart & Sullivan, LLP: Report to the boards of directors of cruise llc, gm cruise holdings llc, and general motors holdings llc regarding the october 2, 2023 accident in san francisco. Tech. rep., Quinn Emanuel Urquhart & Sullivan, LLP (Jan 2024)

2023

[17] [17]

In: Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency

Raji, I.D., Smart, A., White, R.N., Mitchell, M., Gebru, T., Hutchinson, B., Smith- Loud, J., Theron, D., Barnes, P.: Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing. In: Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency. pp. 33–44. FAT* ’20, Association for Computing Mac...

arXiv 2020

[18] [18]

In: 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)

Srinivasan, T., Patapati, S., Musku, H., Gode, I., Arora, A., Bhattacharya, S., Nazriev, A., Hirave, S., Kanjiani, Z., Ghose, S.: Dura-cps: A multi-role orches- trator for dependability assurance in llm-enabled cyber-physical systems. In: 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). pp. 63–70. I...

2025

[19] [19]

arXiv preprint arXiv:2508.17481 (2025), accepted for presentation at the 2026 IEEE European Symposium on Security and Privacy (EuroS&P)

Surve, P.P., Shabtai, A., Elovici, Y.: Sok: Cybersecurity assessment of humanoid ecosystem. arXiv preprint arXiv:2508.17481 (2025), accepted for presentation at the 2026 IEEE European Symposium on Security and Privacy (EuroS&P)

arXiv 2025

[20] [20]

Department of Transportation, Office of Inspector General: California au- tonomous vehicle company charged for making false statements

U.S. Department of Transportation, Office of Inspector General: California au- tonomous vehicle company charged for making false statements. DOT OIG Inves- tigations (Nov 2024)

2024

[21] [21]

In: Proceedings of the IEEE/CVF international conference on computer vision

Wang,N.,Luo,Y.,Sato,T.,Xu,K.,Chen,Q.A.:Doesphysicaladversarialexample really matter to autonomous driving? towards system-level effect of adversarial object evasion attack. In: Proceedings of the IEEE/CVF international conference on computer vision. pp. 4412–4423 (2023) A Artifact and Data Availability The CEDAR-42001 instrument, rulebook, execution engin...

2023