AUTOMOTIVE

AI from the vehicle to the dealer to the supplier portal.

In-car voice assistants that don't drift. Dealer service advisors with VIN-specific recall and history. Supplier portals that search across thousands of CAD references. Warranty pattern analysis that catches subsystem issues months earlier. UN R155 and ISO 21434 met from build through deployment.

Book a demo

Automotive is in the middle of a software-defined transformation. Vehicle architectures are moving to centralised compute, OTA updates are the norm, and the in-car experience is increasingly conversational. AI is everywhere: vehicle voice assistants, dealer service advisors, supplier collaboration, design assistance, manufacturing copilots, warranty analytics. The complexity now is in governance.

The regulatory perimeter has thickened. UN R155 (vehicle cybersecurity) and ISO/SAE 21434 (cybersecurity engineering) became mandatory for new EU vehicle types in 2024 and apply to all newly registered EU vehicles from 2026. Connected-vehicle data flows under GDPR and an emerging patchwork of national rules. The EU AI Act intersects ADAS and certain in-vehicle decision systems. ISO 26262 functional safety is in scope when AI touches safety-critical systems.

Kosmoy is the operating layer for OEMs and Tier-1s that need AI to ship through this perimeter without rebuilding the governance stack for every program. Single-tenant Kubernetes, fits OEM IT and the Tier-1 network. Connected-vehicle data and supplier IP never leave the perimeter.

What this industry runs into.

In-car LLM safety and tone

Voice assistants can't make jokes about brakes, can't disparage other brands, can't drift off-topic into political commentary. The guardrails have to fit a vehicle context that consumer guardrails don't address.

UN R155 cybersecurity boundary

Every connected feature in the vehicle is in scope of the Cybersecurity Management System. AI components are registered, threat-modelled, monitored — not bolted on after homologation.

Supplier ecosystem complexity

Tier-1 suppliers, Tier-2, software vendors — the supplier portal has to give every party a productive AI surface without leaking the OEM's CAD references or pricing terms across boundaries.

Warranty and recall economics

Pattern detection in warranty data catches subsystem issues months earlier than traditional monitoring. The agent has to surface, not decide; the engineering team owns the recall determination.

Regulatory landscape.

The regulations that shape AI in automotive — and where each one bites on AI deployment.

UN R155Cyber Security and Cyber Security Management System· UNECE (EU mandatory)

Mandatory for new EU vehicle types since July 2022; all new EU registrations from July 2024. AI components in connected vehicles are in scope of the CSMS.

ISO/SAE 21434Road vehicles — Cybersecurity engineering· Global

Engineering standard underlying R155 compliance. AI components require threat analysis, risk assessment, validation in line with the standard.

ISO 26262Road vehicles — Functional safety· Global

When AI touches safety-critical systems (ADAS, brake-by-wire, drive systems), ASIL classification applies. AI agents in safety chains must meet the corresponding rigour.

GDPR + connected vehicle dataGDPR + EDPB connected vehicle guidelines· EU

Connected-vehicle data is personal data. AI processing requires consent in many cases; profiling under Art. 22 covers driver-behaviour models.

EU AI ActRegulation (EU) 2024/1689· EU

ADAS components incorporating AI may fall under high-risk classification. In-car voice assistants fall under transparency rules (Art. 50).

UN R156Software Update Management System· UNECE (EU mandatory)

OTA updates including AI model updates require structured management. Predetermined update plans cover AI/ML model evolution.

Use cases that are actually shipping.

In-vehicle voice assistant

Driver: 'find me a charging stop with a coffee place within 30 km on my route'. The agent calls the navigation API, the charging network and the nearby POI store, returns the best options ranked, and confirms before route change. Strict guardrails: never make jokes about driving conditions, never disparage charging networks, never offer political or controversial commentary. On-topic, accurate, brand-appropriate.

OEMs running governed in-car assistants see customer satisfaction on infotainment rise sharply. The platform team can update the agent persona without firmware OTA — the prompt and retrieval scope are independently versioned through the Agent Registry.

Powered byAgent Builder Guardrails Agent Registry

Dealer service advisor

Service advisor opens the work-order screen for a customer's vehicle. The agent reads the VIN, the build configuration, recent recall and TSB applicability, the service history, parts pricing, current promotions, and drafts a service plan with the customer's expected wait time. Advisor reviews and presents.

Service-advisor productivity rises 20–35%. Recall and TSB capture rate (proactively addressing applicable issues) rises 40%+. Customer satisfaction in service rises because the advisor presents a coherent, complete plan.

Powered byRAG-in-a-Box MCP Gateway Action Capsule

Supplier portal — drawing search and ECN

Tier-1 engineer searches the OEM's drawing library: 'show me all CAD references for the rear suspension upper mount on the C-segment platform'. The agent retrieves the matching drawings, with the relevant ECNs (engineering change notices), supplier specifications and prior issue notes. Engineer reviews; the agent never modifies a drawing or an ECN.

Engineering search time drops by 60–80% on common reference workflows. Cross-supplier coordination accelerates because the agent surfaces consistent reference material. IP boundaries are enforced — supplier A doesn't see supplier B's terms.

Powered byRAG-in-a-Box Agent Registry Guardrails

Warranty pattern analysis

Warranty operations agent reads the latest 90 days of claims, segments by vehicle line, model year, subsystem and failure mode, and surfaces the top 10 emerging patterns with statistical confidence. Engineering reviews; the agent never declares a recall — the engineers and product office decide.

Subsystem issues are surfaced 2–4 months earlier on average. Recall scope and cost are reduced because the issue is caught before the affected build extends. Field action quality (correct fix on first attempt) improves.

Powered byAgent Builder Insights Dashboard AI Gateway

Owner's manual chatbot in the mobile app

Driver in the OEM mobile app: 'how do I activate adaptive cruise control on this trim?'. The agent reads the manual for the specific VIN's build, returns a step-by-step answer with a video link if available. Never invents a feature the build doesn't have.

Customer service call volume on owner's-manual questions drops 40–60%. Mobile app engagement rises because the chatbot answers the questions customers actually have.

Powered byRAG-in-a-Box LLM Gateway

Agent governance

Where automotive agents need extra discipline.

Automotive agents are operationally split: in-vehicle agents have to meet R155 cybersecurity requirements and ride OTA update cycles; off-vehicle agents (dealer, supplier, OEM internal) ride conventional enterprise governance. Kosmoy treats both as Agent Registry entries with the appropriate compliance overlay. In-vehicle prompt updates are version-controlled and tracked through R156 software update management.

The Action Capsule shows up most often for connected-vehicle agents — those reading vehicle telemetry, writing driver-profile data or interacting with payment systems for in-car commerce. Pre-flight authorisation enforces that the agent can read what it needs and write only what it's authorised to write. Audit trail survives the next R155 inspection.

Chatbot use cases

Chatbots, by surface and risk class.

Automotive chatbots cover the broadest persona spectrum of any industry: drivers, passengers, owners, prospects, dealers, service advisors, parts staff, suppliers, internal engineers. Each persona has its own governance posture and its own data scope.

In-car voice assistant

Conversational on-topic for navigation, infotainment, vehicle settings. Strict guardrails on tone and scope. Updates flow through R156-compliant software update management.

Mobile app owner chatbot

Owner's manual Q&A, service scheduling, recall status, charging history (EVs). Citation-grounded; never invents a vehicle feature.

Dealer service-advisor copilot

VIN-aware service planning, recall/TSB lookup, parts pricing, customer history. Action Capsule for any agent that books an appointment or orders parts.

Supplier portal Q&A

Drawing/ECN search, specification clarification, RFQ assistance. Strict isolation between suppliers — supplier A's queries cannot retrieve supplier B's terms.

How Kosmoy fits.

Automotive OEMs and Tier-1s benefit from Kosmoy's separation of concerns. In-vehicle agents are versioned and registered in the AI Inventory with their R155/R156 compliance status. Dealer-facing agents operate at scale across thousands of dealerships with consistent governance. Supplier-facing agents enforce IP boundaries between parties. The same platform supports the full footprint without the OEM rebuilding governance for each.

Cost economics matter — vehicle fleets generate enormous volumes of voice and chat interactions. The LLM Router routes simple in-car queries to a fine-tuned SLM running on OEM infrastructure; complex cases reach frontier models. Cost Tracking attributes every call to the persona, model line and region.

Module questions, answered straight.

How does Kosmoy fit our R155 CSMS?

AI components in vehicles are registered in the AI Inventory with their threat model, risk assessment and update history. Updates flow through controlled channels in line with R156. Audit pull for type-approval inspections is structured, not artisanal.

Can the in-car assistant work offline?

Common queries (vehicle settings, owner's manual, navigation cache) work offline. Live data queries (charging status, traffic, POI) require connectivity. The agent gracefully degrades and tells the driver what it can't do.

How do we keep supplier IP from leaking through the supplier portal?

Each supplier's queries are bound to their permissioned scope. Cross-supplier retrieval fails at the gateway. The Agent Registry tracks every supplier-facing agent's allowed retrieval set; audit captures any attempted boundary crossing.

Does Kosmoy support our preferred model providers?

Yes. The Gateway abstracts providers — OEMs commonly use Azure OpenAI for in-car, Bedrock for backend, fine-tuned open-weight models for high-volume customer-facing tiers. The Router decides per-prompt; the OEM keeps multi-vendor leverage.

Govern AI from the vehicle to the supplier portal.

See how the AI Gateway, Agent Registry and Action Capsule fit OEM and Tier-1 stacks across in-car, dealer and supplier surfaces.

Book a demo Email sales@kosmoy.com