C2A Security adds Claude to EVSec for product security automation

By AI, Created 9:50 AM UTC, May 26, 2026, /AGP/ – C2A Security on May 27, 2026, launched a dedicated Claude Inside version of EVSec to improve threat modeling, SBOM analysis, compliance workflows, and vulnerability prioritization for regulated industries. The move is aimed at helping manufacturers turn complex product and supply-chain data into faster security decisions as AI-driven attacks and regulatory pressure intensify.

Why it matters: - C2A Security is targeting a core problem for manufacturers: turning large volumes of product, software supply chain, and compliance data into defensible security decisions. - The update is aimed at regulated sectors such as automotive, medical devices, industrial systems, and IoT, where security teams must meet standards while keeping product releases moving. - AI-assisted analysis could reduce manual work and help teams separate theoretical risk from exploitable product risk.

What happened: - C2A Security announced a dedicated “Claude Inside” version of EVSec on May 27, 2026. - The release uses Claude by Anthropic inside EVSec, the company’s product security orchestration and context platform. - The platform is designed for software-defined and cyber-physical products. - The new version expands AI-driven capabilities across threat modeling, vulnerability analysis, SBOM intelligence, regulatory compliance workflows, and product security automation.

The details: - EVSec’s AI layer is being used to ingest technical and regulatory information, reason over product-specific context, and support faster security decisions. - The platform supports threat modeling and attack path analysis from product specifications, architecture files, engineering documentation, and security inputs. - EVSec analyzes software component data, vulnerability information, supplier evidence, and code-level reachability context to help prioritize issues. - The system maps engineering and security evidence to frameworks including UN R155, ISO/SAE 21434, FDA cybersecurity requirements, IEC 62443, and the EU Cyber Resilience Act. - EVSec also automates workflow, reporting, dashboard output, and decision support for engineering, security, compliance, product, and executive teams. - C2A says Claude works alongside its cyber model, contextual risk engine, and orchestration workflows rather than as a standalone generic AI tool. - The platform can also integrate other LLM services based on each customer’s data governance requirements. - EVSec is used by manufacturers in automotive, medical device, and industrial markets across the product lifecycle, from design and development to vulnerability management, compliance, and post-market operations. - C2A said its customers are not just looking for more findings; they need help identifying what matters, what is exploitable in product context, and what to fix first. - Roy Fridman, C2A Security’s CEO, said AI will increase the speed and scale of vulnerability discovery, analysis, and potential exploitation. - Fridman said combining Claude’s reasoning with EVSec’s product security expertise gives manufacturers a practical way to use AI for security outcomes.

Between the lines: - The launch reflects a broader shift toward contextual AI tools that are tuned to regulated product environments rather than general-purpose security assistants. - C2A is positioning product security as an evidence-driven workflow problem, not just a vulnerability discovery problem. - The references to newer AI cyber systems and adversarial tooling suggest the company sees AI both as a defense multiplier and as a reason product security teams need faster prioritization.

What’s next: - C2A plans to keep EVSec compatible with customer-approved LLM services under existing governance rules. - The company will likely use the Claude Inside release to deepen adoption among manufacturers managing compliance and security across the full product lifecycle.

The bottom line: - C2A Security is betting that embedded AI reasoning, tied to product context and compliance data, will become a core requirement for modern product security teams.