Consortium
13 Beneficiaries Across EU
Strengthening Europe’s cybersecurity through AI-driven defence, collaborative intelligence, and real-world validation.
CYBERGUARD is a three-year European project (Grant Agreement No. 101190251) that develops advanced, deployable tools to help Security Operations Centres (SOCs) detect, prevent, and respond to sophisticated cyber threats across critical sectors such as energy, transport, maritime, government, finance, and health. The project integrates state-of-the-art capabilities in malware analysis, penetration testing, CTI (cyber threat intelligence), and mitigation of attacks targeting AI systems—especially large language models—while ensuring seamless interoperability with existing SOC infrastructures and third-party tools. Its goal is to empower SOC analysts with practical technologies and shared knowledge that measurably improve operational resilience.
To fortify European SOCs against evolving cyber threats by delivering interoperable, high-TRL tools that enhance detection, accelerate incident response and remediation, and enable trustworthy information sharing—without compromising privacy or fundamental rights.
A Europe where AI-powered cybersecurity and collaborative operations allow SOCs, CSIRTs, and critical-infrastructure operators to anticipate and withstand complex attacks. CYBERGUARD aims to turn cutting-edge research into deployable capabilities that strengthen day-to-day operations and cross-border cooperation.
CYBERGUARD combines AI-driven analytics, offensive/defensive security research, and pilot deployments into a unified, SOC-ready toolkit:
Scenarios, landscape assessments, and an architecture engineered for robustness and scale.
Advanced malware analysis, automated CTI sanitisation/normalisation, penetration-testing playbooks, and research on adversarial attacks and data poisoning.
Defences for LLM-specific threats and adversarial inputs, plus an AI-assisted Remediation Guidance capability and a user-friendly CYBERGUARD dashboard for analysts.
End-to-end integration with SOC toolchains and multi-site pilots that prove effectiveness in realistic operational environments.
Advanced detection, classification, and forecasting—covering both traditional threats and attacks against AI systems used in SOC workflows.
Automated CTI generation and normalisation, ontology-based modelling, and safe exchange mechanisms to speed up analyst decisions across organisations.
Pen-testing strategies, privilege-escalation studies, adversarial-attack simulation, and data-poisoning countermeasures—feeding directly into defensive playbooks.
Defence algorithms for LLM/adversarial threats and AI-assisted remediation guidance that turns findings into concrete, operator-ready actions via the CYBERGUARD dashboard.
Architecture and connectors engineered for smooth integration with SIEM/SOAR/EDR and existing SOC processes and tools.
Multi-site pilots across EU sectors, alongside training, workshops, hackathons, and events to build skills and accelerate uptake.
CYBERGUARD is structured around six strategic objectives, each contributing to a unified vision: empowering SOCs, enhancing cross-border cooperation, and achieving regulatory resilience across Europe.
Develop advanced AI and anomaly detection modules that enable SOC analysts to detect, categorize, and prioritize complex cyber threats as they emerge. These modules will integrate context, historical data, and behavioral insights to reduce false positives and elevate truly critical alerts.
Build intelligent assistants and automated remediation agents that guide or act on behalf of human operators. These components will support containment, rollback, mitigation, and root cause analysis—streamlining incident handling and reducing response time.
Deploy and validate the CYBERGUARD platform across diverse, cross-sector pilots—including energy, transport, maritime, health, and cross-border SOC/CSIRT cooperation. These pilots will test real interoperability, performance under stress, and integration with legacy systems.
Design secure communication channels, dashboards, and collaborative protocols to connect SOCs, CSIRTs, and NIS2 entities. This fosters coordinated incident management, threat feeding, and shared decision support across borders and jurisdictions.
Implement a comprehensive program of training workshops, tabletop and red/blue exercises, hackathons, and targeted dissemination campaigns. The goal is to elevate the resilience and readiness of European cybersecurity stakeholders.
Embed support for key European regulations—including NIS2, the Cyber Resilience Act (CRA), and relevant audit obligations—through transparent reporting workflows, compliance dashboards, and traceable traceability in tool operations.
Define SOC interconnection protocols and ML framework specifications
Build ML prediction models and automated response systems
Deploy solutions across partner SOCs for real-world validation
Assess impact and prepare for wider European deployment
CYBERGUARD validates its solutions through seven real-world pilots across critical sectors. These use cases ensure the project's innovations are tested in demanding environments, delivering measurable improvements in cybersecurity capacity, resilience, and compliance.
Romania's largest natural gas and electricity producer integrates CyberGuard to protect industrial control systems (ICS) and critical energy assets. The pilot focuses on AI-driven intrusion detection, predictive analytics, and zero-trust security, strengthening the resilience of national energy infrastructure.
The Emergency Hospital of Bucharest pilots CyberGuard to secure sensitive patient data and ensure continuity of healthcare services. The pilot applies advanced malware detection, AI-assisted incident response, compliance monitoring, and tailored cyber awareness training.
This pilot addresses the vulnerabilities of Point-of-Sale (POS) systems against malware, ransomware, and phishing. CyberGuard deploys anomaly detection, automated remediation, and secure transaction monitoring to safeguard consumer payments and retail operations.
Columbia Shipmanagement tests CyberGuard in global maritime IT/OT environments, securing vessel fleets and supply chains. The pilot emphasizes predictive threat detection, regulatory compliance, and resilience against advanced persistent threats (APTs) in shipping operations.
CyberGuard protects digital advertising and online service providers against fraud, malicious traffic, and data breaches. This pilot validates secure APIs, advanced CTI integration, and compliance reporting, ensuring trust in Europe's digital economy.
Clone Systems integrates CyberGuard into its Security Operations Centers (SOCs) to enhance capabilities in malware analysis, penetration testing, and defenses against advanced threats, including those targeting AI and LLMs. Activities include CTI integration, vulnerability management, AI-assisted risk assessment, and attack/defense simulations. Results are validated against SOC monitoring metrics and disseminated to customers and partners, reinforcing Clone's role as a managed security provider.
Electricity Distribution System Operators (DSOs) collaborate through I-ELINK in a virtual pilot to simulate AI-powered SOC operations. The use case emphasizes cross-DSO collaboration, shared cyber threat intelligence, and joint penetration testing in simulated environments. Activities include scenario-based training, validation of mitigation strategies, and dissemination across European DSOs, strengthening the cybersecurity posture of Europe's critical energy infrastructure.
CYBERGUARD produces a comprehensive set of deliverables throughout the project lifecycle, ranging from technical toolkits to strategic documentation.
| # | Deliverable Title | Access Level | Link |
|---|---|---|---|
| D1.1 | Project Management Handbook | PU – Public | Coming Soon |
| D1.2 | Project Quality, Risk Assessment, Research, Control & Innovation Management | PU – Public | Coming Soon |
| D1.3 | Ethics and Legal Guidelines (Report) | PU – Public | Coming Soon |
| D2.1 | Detailed use cases description and scenarios | PU – Public | Coming Soon |
| D2.2 | AI Threat Landscape Analysis | PU – Public | Coming Soon |
| D2.3 | CYBERGUARD Architecture | SEN – Sensitive | N/A |
| D3.1 | Advanced Malware Analysis Toolkit | PU – Public | Coming Soon |
| D3.2 | Development of Automated CTI Sanitizer | PU – Public | Coming Soon |
| D3.3 | Penetration Testing and Response Strategies | SEN – Sensitive | N/A |
| D3.4 | Adversarial Attacks, Data Poisoning and Mitigation | PU – Public | Coming Soon |
| D3.5 | Cyber Threat Intelligence (CTI) Ontology | SEN – Sensitive | N/A |
| D4.1 | LLM Attack Mitigation Toolkit | PU – Public | Coming Soon |
| D4.2 | Defense Mechanisms for Mitigation of Advanced Threats | PU – Public | Coming Soon |
| D4.3 | CYBERGUARD Dashboard (Demonstrator) | PU – Public | Coming Soon |
| D5.1 | Pilot Installation, Evaluation and Demonstration | SEN – Sensitive | N/A |
| D5.2 | Enhance SOC's Cyber Resilience | PU – Public | Coming Soon |
| D5.3 | Actions & Remediation Guidance for SOC Analysts | PU – Public | Coming Soon |
| D6.2 | Exploitation Activity, Knowledge Sharing and Sustainability Plan | PU – Public | Coming Soon |
Stay updated with the latest news, events, and blog posts from the CYBERGUARD project.
The consortium gathered in Brussels for the official project launch, outlining objectives and collaboration plans for the next three years.
Read MoreJoin our experts for a live webinar exploring the role of artificial intelligence in modern Security Operations Centers.
Read MoreCYBERGUARD invites students and professionals to participate in our upcoming cybersecurity hackathon. Registration now open!
Read MoreHave questions about CYBERGUARD? We'd love to hear from you. Send us a message and we'll respond as soon as possible.