AI meets open data: Novel approaches in critical infrastructure protection
On 29 July 2025, the Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) announced the Automated Threat and Response Assessment (ATARA) research funding programme. The aim is to investigate how artificial intelligence (AI) can develop novel attack vectors against critical infrastructures and countermeasures based on publicly available information.
With ATARA, the Cyberagentur pursues a new research approach: in the future, AI will not only analyse data, but also independently design creative attack vectors against critical infrastructures – based exclusively on publicly available information. The methodological focus on OSINT has been deliberately chosen, as it is precisely this data that can also be used by potential attackers.
The programme goes beyond conventional analysis. It tests whether AI is capable of developing previously unknown attack methods that lie outside the scope of human experts. At the same time, it investigates whether such systems can also propose suitable countermeasures. It therefore both detects new threats and develops appropriate defence mechanisms.
“With ATARA, we combine two central fields of cybersecurity research: AI and OSINT,” says Siri Reinhold, research officer for secure systems at Cyberagentur and head of the programme. “In this way, we want to make the open data problem in critical infrastructures tangible and, at the same time, investigate whether AI is capable of developing completely new attack vectors – beyond the patterns that human experts have considered so far.”
A unique feature of the project is its dual-use of AI: it takes on the role of the attacker as well as the defender. In the beginning, a new attack is generated and then the appropriate defense mechanism developed. These results are then analysed by human experts in order to elucidate if these AI developed attack and defense methods merit further investigation.
Universities, colleges, research institutions, companies and start-ups with expertise in cyber security, machine learning and critical infrastructure protection are eligible to apply. The tender documents are available on the Cyberagentur website.
The call for proposals was published on the e-procurement platform (https://www.evergabe-online.de/tenderdetails.html?0&id=790546). The deadline for participation is 29 August 2025, 11:00 a.m. Participation is possible both individually and in a consortium.