Uraeus unifies CSMS, in-vehicle IDPS and XDR in one automotive security platform. It bridges development and operations, helping OEMs and suppliers meet ISO 21434 and UNECE R155 while enabling real-time detection and response across vehicles and fleets.
With an AI-powered knowledge graph at its core, Uraeus turns fragmented security data into continuous, contextual protection over the entire vehicle lifecycle.
Uraeus connects engineering, cybersecurity and operations teams around a common security data model. ThreatZ manages CSMS, TARA and SBOM for suppliers and OEM CSMS teams, while SentraX brings in-vehicle IDPS and XDR into the same ecosystem. This closes the gap between development decisions and what actually happens on the road.
Built for ISO/SAE 21434, UNECE R155 and related regulations, Uraeus automates evidence collection, traceability and reporting. CSMS activities, risk assessments, SBOMs and incidents are all linked, so you can generate audit-ready reports instead of assembling documents by hand.
At the core of Uraeus is an AI-powered knowledge graph that links assets, threats, vulnerabilities, risks, controls, logs and incidents. This context allows Uraeus to prioritize what matters, suggest mitigations, and continuously improve detection models based on new data from vehicles and fleets.
As vehicles become distributed software systems, security and compliance become harder to manage:
ECUs, gateways, HPCs, cloud backends and mobile apps all introduce new entry points for attackers
Development, cybersecurity and operations teams often work in silos, using different tools and data models.
ISO/SAE 21434 and UNECE R155 require continuous CSMS evidence, not just one-time documents.
Spreadsheets, email and static reports slow down innovation and leave gaps in security assurance.
Uraeus unifies development-time CSMS and run-time detection & response on one AI-powered platform. ThreatZ structures your TARA, SBOM, risks, and compliance, while SentraX ingests telemetry, alerts, and incidents from vehicles and backends. The Uraeus knowledge graph connects everything, enabling you to see the impact, prioritize actions, and continuously prove compliance.
of requirements, risks, SBOMs, incidents, and evidence.
via FleetDetect, FleetConnect, and the SentraX XDR Core.
with ISO 21434 & UNECE R155 through automated reporting.
that accelerate TARA, supplier governance, and incident response.
to integrate seamlessly into PLM, ALM, DevOps, and VSOC environments.
Together, Uraeus transforms cybersecurity from a compliance checkbox into a living, adaptive system that accelerates safe innovation.
ThreatZ is an automotive cybersecurity management system (CSMS) that unifies TARA, SBOM, vulnerabilities, supply chain data and compliance reporting in one place. It helps Tier-1 suppliers, ECU manufacturers and OEM cyber teams manage multi-OEM requirements, reuse cybersecurity work across programs and deliver ISO 21434 / UNECE R155 evidence with full traceability.
SentraX is an AI-powered in-vehicle detection and response platform. With FleetDetect IDPS, in-vehicle analytics, FleetConnect telemetry and an XDR core, it turns raw vehicle logs and events into actionable insights for VSOC and cyber teams. SentraX enables fast detection of attacks and anomalies across vehicles, ECUs and fleets.
Continuous host and network analytics from FleetDetect and FleetConnect provide real-time visibility into anomalies across vehicles, ECUs and fleets.
The Uraeus knowledge graph and AI engines combine rule-based detection, machine learning and federated models to recognize new attack patterns, adapt to software updates and reduce false positives over time.
Predefined playbooks trigger VIN- or ECU-specific actions such as deeper data collection, isolation / fallback modes, customer notifications and over-the-air fixes—so threats are mitigated quickly with minimal human intervention.
SentraX uses AI-powered scoring to classify context, prioritize threats and propose targeted responses. Detection models reach up to 98% accuracy for DoS, spoofing and replay attacks (with validation evidence available for evaluation).
Beyond the platform, VxLabs provides engineering and cybersecurity services to help you design, integrate and operate secure vehicle architectures.
We reduce total cost of ownership through reusable security assets, automation and efficient workflows.
Strengthen customer confidence by demonstrating a robust, data-backed approach to automotive cybersecurity.
Minimize the risk of costly breaches, recalls and downtime through proactive detection and response.
Meet and maintain ISO 21434, UNECE R155 and related regulations with continuous CSMS evidence.
We prepare the content on this website with great care and to the best of our knowledge. Nevertheless, we do not assume any liability for the timeliness, completeness, or accuracy of the information provided.
As a service provider, we are responsible for our own content on these pages under applicable German law. However, we are not obligated to monitor transmitted or stored third-party information or to investigate circumstances indicating unlawful activity. Obligations to remove or block the use of information under general laws remain unaffected. Any liability in this respect is only possible from the time we become aware of a specific legal violation. Upon notification of such violations, we will remove the content immediately.
This website contains links to third-party websites (“external links”). We have no control over their content; therefore, we assume no liability for such external content. The respective provider or operator of the linked pages is always responsible for their content. At the time of linking, no legal infringements were recognizable to us. If we become aware of any legal violations, we will remove such links without delay.
All content and works on this website are subject to German copyright law. Any reproduction, editing, distribution, or any kind of use beyond what is permitted by copyright requires the prior written consent of the respective author or rights holder. Downloads and copies are permitted only for private, non-commercial use unless otherwise stated.
Visiting our website may result in the storage of access information on our server (e.g., date, time, and page viewed). This data is not personal and does not identify you. If personal data (such as name, address, or email) is collected, this is done—where possible—only with your prior consent. Personal data will not be disclosed to third parties without your explicit consent.
Please note that data transmission over the Internet (e.g., email communication) can have security gaps. Complete protection of data from access by third parties is not possible. We are not liable for damages resulting from such security vulnerabilities.
The use of contact details published on this website for sending unsolicited advertising or information materials is expressly prohibited. We reserve the right to take legal action in the event of unsolicited promotional information (e.g., spam emails).
VxLabs GmbH
Franz-Mayer-Str.1
93053 Regensburg
联系方式 [email protected]
雷根斯堡地区法院商事登记 HRB 19099
USt-IdNr:DE350861467
总经理 Mostafa Elkoumy
At VxLabs (“we”, “us”, “our”), we are committed to protecting the privacy of our employees, suppliers, and customers. This Policy explains how we collect, use, store, share, and protect your personal data in line with the General Data Protection Regulation (GDPR) and applicable data protection laws.
VxLabs is the data controller for the personal data described in this Policy.
Contact: [email protected]
“Personal data” means any information relating to an identified or identifiable person—either directly (e.g., name) or indirectly (e.g., an ID number, online identifier, or one or more factors specific to identity).
Depending on your relationship with us, we may collect and process:
Identity Data (name, title, employee ID).
Contact Data (email, phone, postal address).
Financial Data (payment, invoicing details for suppliers/B2B customers).
Transaction Data (orders, services provided, payments).
Professional Data (for employees: employment history, qualifications, performance).
Technical Data (device information, IP address, logs, browsing events related to our services).
Marketing & Communication Data (preferences, subscriptions).
Directly from you (recruitment and HR processes, supplier onboarding, customer engagements, forms, emails).
Automatically (through systems you access—e.g., logs, cookies, telemetry).
From third parties (e.g., background screening providers for employment, credit reference agencies for suppliers, public sources as permitted by law).
Employee Management (recruitment, payroll, benefits, performance, HR administration).
Supplier & Customer Management (account setup, contracts, orders, payments, relationship management).
Communication (service updates, notices, support).
Compliance (legal/regulatory obligations, record-keeping).
Business Operations (security, quality, analytics, service improvement).
Marketing (with your consent where required).
Employee Management (recruitment, payroll, benefits, performance, HR administration).
Supplier & Customer Management (account setup, contracts, orders, payments, relationship management).
Communication (service updates, notices, support).
Compliance (legal/regulatory obligations, record-keeping).
Business Operations (security, quality, analytics, service improvement).
Marketing (with your consent where required).
We may share personal data with:
Service providers / processors that support our operations (IT, HR/payroll, hosting, analytics, payment).
Professional advisers (legal, accounting) and authorities/regulators where required by law.
Transaction parties (e.g., in a merger, acquisition, or asset sale, subject to safeguards).
Others with your consent or as otherwise permitted by law.
If personal data is transferred outside the EEA/UK, we implement appropriate safeguards (e.g., adequacy decisions, Standard Contractual Clauses plus supplementary measures where necessary).
We keep personal data only as long as necessary for the purposes above and to meet legal, accounting, or reporting requirements. Retention periods vary by data category and legal context. When data is no longer required, we securely delete or anonymise it.
We apply technical and organisational measures to protect personal data (access controls, encryption where appropriate, least-privilege policies, vendor due diligence). No method of transmission or storage is completely secure; we work to mitigate risks and respond promptly to incidents.
Our website uses cookies and similar technologies to improve functionality and user experience. Some cookies are essential; others (e.g., analytics/marketing) are optional and require consent.
You can control cookies via our cookie banner and your browser settings. Blocking some cookies may affect site functionality.
Website analytics: We use [insert analytics service, e.g., Matomo/Google Analytics 4] to understand traffic and improve services. Data is aggregated or pseudonymised where possible. See our Cookie Notice for details (types, purposes, retention).
You may have the following rights, subject to conditions and local law:
Access to your personal data and a copy of it.
Rectification of inaccurate or incomplete data.
Erasure (“right to be forgotten”) where applicable.
Restriction of processing in certain cases.
Objection to processing based on legitimate interests and to direct marketing.
Data portability (where processing is based on consent or contract and carried out by automated means).
To exercise your rights, contact [email protected]. We may need to verify your identity.
You also have the right to lodge a complaint with a supervisory authority—typically in your EU/EEA Member State of residence, place of work, or where an alleged infringement occurred.
Our websites may contain links to third-party sites. Those sites operate under their own privacy policies; we are not responsible for their practices. We encourage you to review their privacy notices.
Our services are not directed to children, and we do not knowingly process children’s personal data without appropriate legal basis and parental permissions where required.
We may update this Policy from time to time. The “Last updated” date above reflects the latest version. Material changes will be highlighted where appropriate.
Questions, requests, or concerns:
Email: [email protected]