Generative AI for Cybersecurity applications

The main goal of this opportunity is to support research and innovation in cybersecurity through the use of Generative AI technologies. It aims to strengthen the EU’s leadership, autonomy, and resilience in the cybersecurity sector, with a focus on protecting critical infrastructures and improving responses to cyber and hybrid threats. The initiative encourages the development of advanced Generative AI tools for threat detection, adaptive security, and enhanced authentication, while ensuring compliance with EU regulations. Special emphasis is placed on promoting security and privacy by design, and supporting small and medium-sized enterprises (SMEs) within the cybersecurity ecosystem. Only legal entities from EU Member States and Associated Countries are eligible to participate.

• Development of Generative AI models for advanced threat detection, anomaly analysis, and adaptive cybersecurity response.
• Creation of self-healing cybersecurity systems powered by Generative AI for real-time mitigation and resilience.
• Design of Generative AI tools to enhance authentication and access control against credential-based threats.
• Development of compliance automation tools using Generative AI aligned with EU cybersecurity legislation (e.g. NIS2, Cyber Resilience Act, AI Act).
• Implementation of Generative AI systems to support continuous monitoring and legal-ethical alignment in dynamic ICT environments.

Examples:

• Developing an open-source Generative AI tool that helps SMEs detect and respond to novel cybersecurity threats.
• Creating an AI-powered authentication system that adapts to user behavior while respecting privacy by design principles.
• Building a compliance checker powered by Generative AI to help companies align with EU cybersecurity regulations.

• Personnel costs
• Subcontracting
• Travel and subsistence
• Equipment (depreciation or rental)
• Consumables and materials
• Dissemination and communication
• Access to research infrastructure
• IPR and certification
• Audit costs
• Indirect costs (25% flat rate)
• Internally invoiced services

• Budget for this Call: 40,000,000€
• Number of Grants attributed: 3
• Maximum value per project: 14,000,000€
• Minimum value per project: 12,000,000€

• Legal entities must be established in eligible countries, as defined in the call conditions (typically EU Member States and associated countries).
• Entities controlled directly or indirectly by non-eligible countries or entities from such countries are not allowed to participate, even if formally established in an eligible country.
• Applicants must submit an Ownership Control Declaration, demonstrating compliance with the control and ownership restrictions.
• Only proposals addressing at least one expected outcome (either AI-driven threat detection/response or compliance tools) are admissible.
• All proposals must adhere to Trustworthy and Responsible AI principles and comply with data privacy regulations.
• EU added value must be clearly demonstrated, including use of EU-developed technologies, open-source adoption where feasible, and leveraging EU data infrastructure (e.g., Data Spaces, EOSC).
• Participation of SMEs is encouraged and will be considered positively.
• Projects must define clear KPIs and document tools for replicability and uptake.
• Attention must be given to IPR strategy and post-project usability of results.