CyberWhiz Showcases Practical CRA Compliance and Edge AI Security at DFactory Barcelona

CyberWhiz Showcases Practical CRA Compliance and Edge AI Security at DFactory Barcelona

Together with EAIRIS Technologies, Barbara and IoT Projects, CyberWhiz participated in a practical CRA-first seminar at DFactory Barcelona focused on operable Edge AI systems in industrial environments.

Together with our partners EAIRIS Technologies, Barbara and IoT Projects; CyberWhiz participated in the seminar “CRA-first: Stop Integrating, Start Structuring – Operable Edge AI Systems in Industrial Environments” at DFactory Barcelona.

The event brought together industry experts, technology providers and industrial innovators to discuss how organizations can prepare connected products and Edge AI systems for the upcoming requirements of the European Cyber Resilience Act (CRA).

One of the key messages throughout the seminar was clear: the Cyber Resilience Act is not creating new technical challenges. Instead, it requires organizations to properly manage, document and demonstrate how they address cybersecurity challenges that have always existed.

CyberWhiz CRA-first seminar at DFactory Barcelona

For years, companies have focused on deploying connected devices, collecting data and operationalizing AI models. However, operating Edge AI systems in real-world industrial environments requires much more than functionality alone. Vulnerability management, software lifecycle governance, secure updates, remote operations, traceability and compliance evidence are now becoming essential components of every connected product.

A Practical Approach to CRA Compliance

During the event, CyberWhiz demonstrated how organizations can move from compliance theory to practical implementation.

Our Blue Team Manager delivered a live demonstration covering several of the most critical CRA requirements, including:

  • Risk Assessment
  • Software Bill of Materials (SBOM) Management
  • Vulnerability Disclosure Policy (VDP) Management
  • Security Logging and Monitoring

CyberWhiz SBOM management demonstration

At CyberWhiz, our CRA compliance methodology starts with a technical assessment workshop where we evaluate the product architecture, security controls, software components and network design. Based on this assessment, we identify which regulatory requirements are already satisfied and which areas require improvement.

Rather than simply reporting compliance gaps, we work closely with customers to define the most appropriate remediation strategy for their specific environment. Where required, our team also provides implementation support to ensure that the necessary controls are successfully deployed.

Once remediation activities are completed, our Red Team performs comprehensive penetration testing and validation exercises to verify the effectiveness of the implemented controls. Finally, we assist customers in producing the extensive technical documentation required for CRA compliance, including detailed evidence demonstrating how the product satisfies regulatory requirements throughout its lifecycle.

Preparing for September 2026 Requirements

Several CRA obligations will become active in September 2026, with SBOM Management and Vulnerability Disclosure Policy (VDP) requirements among the most significant.

CyberWhiz provides continuous SBOM management across edge devices, mobile applications and cloud environments. Our platform enables organizations to maintain visibility over software components and identify vulnerable libraries throughout the product lifecycle.

However, effective SBOM management goes beyond simply detecting known CVEs. Our security analysts perform vulnerability triage and contextual analysis, helping customers focus on the vulnerabilities that genuinely present risk within their specific environment. This reduces noise and allows engineering teams to prioritize remediation efforts more efficiently.

For VDP compliance, manufacturers must establish a public communication channel through which security researchers can report vulnerabilities. CyberWhiz helps customers implement and manage this process by operating the vulnerability reporting channel on their behalf.

In practice, these channels often receive large volumes of spam, phishing attempts and irrelevant submissions. Our team reviews incoming reports, filters malicious or non-relevant messages, validates legitimate security findings and supports customers throughout the incident response and remediation process whenever a genuine vulnerability is identified.

Demonstrating the Future of Embedded Security Monitoring

Although CRA security logging and monitoring requirements will not become mandatory until December 2027, CyberWhiz is already helping customers prepare.

During the seminar, we showcased our CyberWhiz Embedded Agent, designed specifically for connected and resource-constrained devices.

As soon as a protected device connects to the internet, it becomes visible through the CyberWhiz Defence Center. Security teams can monitor deployed devices through a global operational dashboard, providing real-time visibility into the security status of distributed fleets.

CyberWhiz Defence Center edge AI security dashboard

Devices operating normally appear as healthy assets within the platform. If malicious activity or attack attempts are detected, our Host Intrusion Detection System (HIDS)-based embedded agent immediately identifies the anomaly and generates an alert. Security teams are notified in real time, enabling rapid investigation and response before incidents escalate into operational disruptions.