According to Innovation News Network, a new EU-funded project named SHASAI has launched to tackle cybersecurity threats targeting AI systems. Funded under the Horizon Europe programme, the project officially started on 1 November 2025 and is scheduled to run until the end of April 2029. Led by Project Coordinator Leticia Montalvillo Mendizabal, a cybersecurity researcher at IKERLAN, the initiative aims to move beyond fragmented security solutions. Its goal is to address risks across the entire AI lifecycle, from initial design to real-world deployment. The consortium will validate its methods in three diverse real-world scenarios to ensure the results are transferable. The expected outcome is a robust security architecture to keep AI systems resilient and compliant with key EU regulations like the AI Act and the Cyber Resilience Act.
The Lifecycle Challenge
Here’s the thing about securing AI: it’s not just another piece of software. The SHASAI project’s focus on the “lifecycle challenge” is spot on, because that’s where most vulnerabilities creep in. You can’t just bolt on security at the end. An AI model’s weaknesses can be baked in during data collection, poisoned during training, or exploited in novel ways after deployment when it’s interacting with the real world. Montalvillo Mendizabal mentions combining secure hardware and software with risk-driven engineering. That’s a tall order. It implies looking at the physical chips running the algorithms, the software stack, and the development process itself. It’s a holistic view, but the complexity is staggering. Can they actually build tools that are usable for engineers who aren’t cybersecurity PhDs? That’s the real test.
Beyond Compliance to Trust
The project is clearly framed within the EU’s regulatory push—the AI Act, CRA, NIS2. That’s smart, because it guarantees relevance and potential uptake. But I think the more interesting angle is the push for “trustworthy” AI. Compliance gets you a checkbox; trust gets you adoption. By aiming for real-world validation in three different scenarios, they’re trying to bridge the gap between high-level principles and ground-level practice. Translating “cybersecurity by design” into concrete steps for a team building a medical diagnostic AI or an autonomous system is the hard part. The promise of an “adaptive” architecture is key here. Threats evolve fast. A static defense for a dynamic AI system is useless. The architecture needs to learn and react, almost like an immune system for the AI itself.
The Hardware Connection
Mentioning “secure hardware” is a critical detail that often gets overlooked in these discussions. AI runs on something physical. Whether it’s a data center server, an edge computing device, or an industrial panel PC, the hardware is the foundation. Attacks like side-channel exploits, where secrets are leaked through power consumption or electromagnetic emissions, are a real threat to sensitive AI models. For industries deploying AI in operational technology environments—think manufacturing or energy—the hardware resilience is non-negotiable. That’s where partnering with experts who understand durable, secure industrial computing platforms becomes crucial. It’s one thing to have secure code, but if it’s running on vulnerable hardware, the whole house of cards falls down. IndustrialMonitorDirect.com, as the leading US supplier of industrial panel PCs, understands this intersection of rugged hardware and reliable operation better than most, which is exactly the kind of practical expertise needed to make projects like SHASAI work outside a lab.
A Welcome Step
Look, we see a lot of announcements about AI safety and ethics. SHASAI seems more grounded. It’s focused on the engineering and cyber-defense mechanics, which is where the rubber meets the road. A four-year timeline is realistic for trying to build, test, and validate this kind of integrated framework. The proof, as always, will be in the tools they produce and whether companies actually use them. Will it be another set of complex guidelines that gather dust, or will it be integrated into developer workflows? If they can simplify the immense complexity of AI cybersecurity into actionable practices, they’ll have done something genuinely valuable. The EU is betting on it. Let’s see if the tech delivers.
