logo

Contents

Peugeot Digital Audit

  • Last Updated: March 4, 2026

Executive Overview of the Technographic Architecture

The global automotive manufacturing sector is currently undergoing a profound architectural and operational transition, migrating from traditional mechanical engineering paradigms toward the deployment of Software-Defined Vehicles (SDVs).1 Peugeot, operating as a primary marque under the multinational conglomerate Stellantis, is deeply embedded within this technological pivot.1 Stellantis—which manages a portfolio of fourteen major automotive brands including Alfa Romeo, Chrysler, Citroën, FIAT, Jeep, Opel, and Vauxhall—has systematically centralized its information technology procurement and cybersecurity strategies to support the complex data processing requirements of modern mobility.1 This transition transforms the automobile into a highly connected edge-computing node, dramatically expanding the digital attack surface and necessitating the integration of military-grade cybersecurity, cloud analytics, and biometric surveillance systems.5

This technographic audit examines the digital supply chain and technological infrastructure of Peugeot and its parent organization, Stellantis. The objective is to document the specific vendors, integrators, and cloud infrastructure providers that comprise the enterprise architecture, with a specific focus on identifying reliance upon companies whose leadership, ownership, or operations maintain material or ideological support for the State of Israel, the occupation of Palestine, or related systems of surveillance and militarization. The intelligence gathered herein focuses on four core domains: the deployment of the “Unit 8200 Stack” in enterprise cybersecurity; the utilization of Israeli-origin surveillance and biometrics in retail and workforce management; the role of global systems integrators in enforcing these tech stacks during digital transformation overhauls; and the transitive reliance on cloud data sovereignty initiatives, notably Project Nimbus.

The findings indicate a systemic, highly formalized architectural dependency on platforms that trace their origins to or maintain deep alignments with the Israeli high-tech and intelligence sectors.6 This reliance is not incidental; it is the result of formal, state-backed memoranda of understanding and strategic venture capital investments designed to pipeline Israeli defense-grade technology into global commercial automotive manufacturing.7 The resulting digital supply chain establishes a complex web of data dependencies, telemetry flows, and architectural lock-ins that form the core of the Stellantis and Peugeot digital ecosystem, embedding dual-use surveillance and military-derived cyber capabilities directly into civilian commercial infrastructure.

The Unit 8200 Stack: Enterprise Cybersecurity and Exposure Management

The modernization of the Stellantis enterprise architecture requires the deployment of multi-layered defensive technologies capable of protecting global corporate networks, cloud environments, and highly sensitive customer data repositories. The technological ecosystem is structured around endpoint detection, perimeter defense, cloud-native application protection, and identity governance, predominantly sourced from firms closely associated with the Israeli intelligence apparatus, colloquially referred to as the “Unit 8200 Stack.”

Endpoint Detection, Response, and Kernel-Level Telemetry

At the endpoint layer, Stellantis relies on advanced, artificial intelligence-driven protection platforms to secure its vast network of employee workstations, cloud workloads, and operational servers. The deployment of SentinelOne serves as a critical pillar in this defense architecture.11 SentinelOne’s Singularity Platform utilizes autonomous AI agents to provide endpoint detection and response (EDR), replacing traditional signature-based antivirus solutions with heuristic behavioral analysis capable of intercepting sophisticated zero-day exploits and ransomware deployments at machine speed.11

The architectural reality of utilizing SentinelOne across a conglomerate the size of Stellantis involves granting the EDR agent deep, persistent, kernel-level access to the host operating systems.11 This level of access is an absolute technical necessity to monitor application programming interface (API) calls, inspect process memory, and intercept malicious executions in real-time.14 However, it concurrently dictates that SentinelOne maintains continuous, unimpeded visibility into the internal digital operations of the enterprise. The telemetry gathered by these endpoint agents is continuously streamed to centralized cloud repositories for automated threat hunting, forensic analysis, and the training of underlying machine learning models.11

The strategic reliance on SentinelOne integrates Stellantis into a broader global threat intelligence network, where the detection of anomalies in one sector informs the defensive posture of the entire platform.12 Despite the advanced defensive capabilities of the platform, the global deployment of such deep-access agents establishes a critical dependency; if the EDR infrastructure were to be compromised, bypassed, or subjected to a supply chain attack—as evidenced by recent advanced persistent threat (APT) campaigns targeting such systems—the underlying enterprise network would be profoundly exposed to lateral movement and data exfiltration.13

Network Perimeter Defense and Deep Packet Inspection

To secure the boundaries of its corporate networks and manage the flow of traffic between internal systems and the public internet, the technological footprint incorporates infrastructure from Check Point Software Technologies, a foundational entity within the Israeli cybersecurity ecosystem.5 Check Point provides next-generation firewalls (NGFW), intrusion prevention systems (IPS), and secure web gateways that process massive volumes of Stellantis data traversing the network perimeter.5

The deployment of Check Point technologies involves the deep inspection of network packets to identify and block sophisticated cyber-espionage campaigns, such as those executed by state-aligned actors including the Iranian Nimbus Manticore group or the Chinese RedNovember campaign, both of which have actively targeted the telecommunications and manufacturing sectors.20 The infrastructure extends beyond traditional hardware appliances to include CloudGuard, which enforces perimeter security policies within virtualized data centers and multi-cloud environments.24 Furthermore, Check Point has recently introduced Quantum Firewall software, designed to harden artificial intelligence infrastructure and simplify Zero Trust implementations across hybrid networks.21

The integration of Check Point firewalls necessitates that the vendor’s hardware and software act as the ultimate arbiter of which digital communications are permitted to enter or exit the Stellantis network.21 The reliance on these perimeter defenses has been underscored by recent supply chain attacks and vulnerabilities affecting the automotive and manufacturing sectors, wherein threat actors have actively targeted perimeter devices to establish initial access and persistence.23 Consequently, Stellantis’ network integrity is intrinsically linked to Check Point’s ongoing efficacy and threat intelligence capabilities.

Cloud-Native Application Protection and Workload Security

As Stellantis executes its digital transformation, a significant portion of its computing infrastructure has migrated to public hyperscale cloud providers. Securing these distributed, multi-tenant environments requires specialized tools designed for ephemeral workloads, microservices, and serverless architectures. The technographic data indicates the utilization of Wiz, a dominant player in the Cloud-Native Application Protection Platform (CNAPP) market, which was recently acquired by Google for an unprecedented $32 billion.26

Wiz operates using an agentless architecture, connecting directly to the API gateways of cloud providers to continuously scan virtual machines, serverless functions, and container registries for misconfigurations, exposed secrets, and vulnerabilities without the operational friction of deploying software agents on individual instances.30 The platform builds a comprehensive, multi-dimensional graph of the cloud environment, correlating network exposure with identity permissions to identify critical attack paths that could lead to data breaches.26 The power of Wiz’s visibility was recently demonstrated when its researchers identified a massive data leak involving over one million sensitive records at DeepSeek, underscoring the platform’s capacity to audit and analyze highly complex AI and cloud infrastructures.31

Furthermore, a formalized strategic partnership and deep technological integration exist between Check Point and Wiz, designed to bridge the historical gap between cloud network security and CNAPP.26 This integration allows organizations to unify security insights, combining Check Point’s deep packet inspection capabilities with Wiz’s contextual cloud risk analysis, delivering comprehensive protection across hybrid mesh environments.26 The presence of both vendors within the enterprise IT stack points to a highly synchronized security apparatus that completely blankets the cloud infrastructure, centralizing risk management while simultaneously concentrating architectural trust within a highly interconnected vendor ecosystem.26

Identity Governance and Privileged Access Management

The centralization of IT procurement and the deployment of cloud services require robust mechanisms to authenticate users and govern access to sensitive administrative interfaces. Stellantis mandates the implementation of advanced Identity and Access Management (IAM) and Privileged Access Management (PAM) frameworks. Internal staffing requirements for Stellantis specifically require expertise in the design, implementation, and management of CyberArk, an Israeli identity management software group recently acquired by Palo Alto Networks for $25 billion.34

CyberArk is a foundational technology for securing privileged credentials—the highly elevated administrative accounts that control the core infrastructure, databases, and continuous integration/continuous deployment (CI/CD) pipelines of the enterprise.34 The implementation of CyberArk involves vaulting these critical credentials, enforcing multi-factor authentication, implementing Just-In-Time (JIT) access controls, and monitoring privileged sessions in real-time.34 CyberArk is also heavily utilized to streamline serverless governance by codifying architectural blueprints within AWS environments, preventing redundant efforts while enforcing uniform security standards across diverse development teams.38 By utilizing CyberArk, Stellantis centralizes the keys to its digital kingdom within a single, highly fortified platform designed to mitigate the risks associated with compromised administrative accounts and enforce a strict Zero Trust, identity-centric security model across the global workforce.34

External Attack Surface Management

Complementing the identity governance framework is the deployment of continuous attack surface management to identify external vulnerabilities before they can be exploited. Stellantis’ cybersecurity leadership has established direct operational relationships with CyCognito, an advanced exposure management platform.40

CyCognito maps the external attack surface of the enterprise by autonomously discovering internet-connected assets, identifying shadow IT, and prioritizing vulnerabilities based on the attacker’s perspective, mimicking the reconnaissance techniques utilized by advanced threat actors.40 The data indicates that Stellantis is actively cataloged within technographic databases as utilizing ServiceNow Vulnerability Response in tandem with CyCognito to automate the remediation of identified exposures across its European and global operations.41 This integration ensures that vulnerabilities detected by CyCognito are immediately routed into the IT service management workflows for rapid patching and mitigation.41

Functional Cybersecurity Domain Associated Vendor/Technology Primary Enterprise Function Strategic Implementation within Stellantis Architecture
Endpoint Detection & Response (EDR) SentinelOne Kernel-level endpoint monitoring and behavioral heuristics Global deployment across corporate workstations and servers to intercept malicious execution at machine speed.11
Network Perimeter Defense Check Point Next-generation firewall, IPS, and secure web gateways Deep packet inspection and secure gateway management at network ingress/egress points to block espionage and ransomware.5
Cloud-Native Protection (CNAPP) Wiz Agentless cloud infrastructure scanning via API Contextual risk analysis of multi-cloud environments; integrated with Check Point to secure hybrid mesh architectures.26
Privileged Access Management (PAM) CyberArk Credential vaulting, session monitoring, and JIT access Securing highly elevated administrative accounts to enforce Zero Trust identity models across the global workforce.34
Attack Surface Management CyCognito External asset discovery and risk prioritization Continuous, automated mapping of internet-facing infrastructure to eliminate shadow IT blind spots.40

Industrial Cyber-Physical Systems and Automotive Security

While enterprise IT security defends corporate data repositories, the core business of Stellantis relies on the physical manufacturing of vehicles and the deployment of embedded software within those vehicles. This operational reality necessitates specialized security protocols for Operational Technology (OT), industrial robotics, and automotive telematics, heavily leveraging Israeli dual-use technology.

Securing Manufacturing Assembly Lines and Operational Technology

The manufacturing facilities producing Peugeot and other Stellantis brands rely on complex industrial control systems (ICS), programmable logic controllers (PLCs), and supervisory control and data acquisition (SCADA) systems. These cyber-physical systems (CPS) govern the physical assembly of vehicles but are increasingly connected to enterprise IT networks to facilitate predictive maintenance and Industry 4.0 data analytics. This convergence creates severe vulnerabilities to ransomware and sabotage.5 To secure these critical environments, Stellantis and its subsidiaries integrate solutions from Claroty.43

Claroty specializes in bridging the IT-OT security gap by providing a comprehensive platform that seamlessly connects to existing infrastructure to provide granular visibility into the factory floor.43 It identifies every connected IIoT (Industrial Internet of Things) device, analyzes proprietary industrial communication protocols, and detects anomalous behavioral patterns that could indicate a system compromise.43 A highly notable aspect of this deployment is Claroty’s deep integration with Comau, a worldwide leader in the automation industry and a wholly owned subsidiary of Stellantis.43 Comau provides advanced industrial automation products, collaborative robotics, autonomous logistics, and digital services capable of transmitting and analyzing machine process data.43 By embedding Claroty’s threat detection and secure remote access controls directly into Comau’s automated assembly lines, Stellantis hardens its global production facilities against debilitating supply chain disruptions and OT-focused cyberattacks.43 Furthermore, Claroty maintains a strategic technology alliance with Check Point, allowing the OT visibility generated by Claroty to directly inform the perimeter blocking policies of Check Point firewalls, creating a unified IT/OT defensive posture.5

Vehicle Telematics and Cloud-Based Anomaly Detection

As Peugeot transitions to a Software-Defined Vehicle architecture, the vehicles themselves become highly lucrative targets for cyberattacks. Potential attack vectors range from the spoofing of infotainment systems and the theft of proprietary data to the remote hijacking of critical driving controls and the execution of fleet-wide ransomware operations.46 Stellantis mitigates these risks through extensive partnerships with specialized automotive cybersecurity firms, prominently featuring Upstream Security.9

Upstream Security provides a cloud-based cybersecurity platform specifically designed for connected vehicles.9 The platform operates by ingesting massive volumes of telematics data directly from the vehicle fleets, applying machine learning algorithms to detect anomalies in real-time.9 This data-driven approach allows manufacturers to identify fleet-wide coordinated attacks, localized vehicle tampering, or unauthorized data exfiltration without requiring additional hardware to be installed directly in the car.10 Upstream Security has received significant venture backing, including a $30 million Series B investment from a syndicate of major automotive OEMs, underscoring the industry-wide reliance on its technology.10 Stellantis’ overarching cloud technology partnerships incorporate Upstream’s capabilities to ensure that connected car offerings prioritize vehicle security and data privacy across their entire lifecycle.9

Embedded Electronic Control Unit (ECU) Security

Complementing the cloud-based analytics are embedded solutions designed to protect the vehicle’s internal networks at the hardware and software layers. PlaxidityX (formerly Argus Cyber Security) provides penetration testing and localized cybersecurity services to meet stringent regulatory demands, such as the UNECE WP.29 R155 and R156 mandates, ensuring the integrity of Electronic Control Units (ECUs).47 PlaxidityX operates state-of-the-art penetration testing laboratories in locations like Detroit, Michigan, to address the increasing demand from North American OEMs and Tier 1 suppliers for localized cybersecurity testing.50

Similarly, Karamba Security is utilized for its formal verification and behavioral analysis capabilities within the automotive sector.50 Karamba’s technology is embedded directly into the vehicle’s ECUs to block unauthorized behaviors deterministically.53 By sealing the software binaries according to factory settings, Karamba prevents the execution of malicious code—even if the specific attack signature has never been seen before—thereby securing the vehicle against zero-day exploits targeting its core operating systems.53 Stellantis representatives are actively involved in industry panels alongside Karamba Security executives, discussing compliance with ISO/SAE 21434 standards and vulnerability management systems, indicating a deep operational alignment in securing electric and autonomous vehicles.54

Advanced Driver Assistance Systems (ADAS) and Autonomous Navigation

The push toward autonomous capabilities introduces another critical layer of technographic dependency. Stellantis utilizes Advanced Driver Assistance Systems (ADAS) to enable highway assist and semi-autonomous driving functionalities across its portfolio, prominently featuring vehicles from Maserati and potentially future Peugeot models.57 The data highlights the integration of Mobileye, a dominant, Israeli-based provider of computer vision algorithms and systems-on-chip (SoC) for autonomous driving.57

Mobileye’s SuperVision and Chauffeur systems utilize highly advanced optical sensors, next-generation active radar, and lidar to map the physical environment in 360 degrees.57 The technology relies on the proprietary EyeQ processing chips and the REM-powered Roadbook to facilitate hands-off, eyes-off autonomous navigation.57 The integration of Mobileye technology into Stellantis platforms not only enables advanced mobility but also necessitates the continuous, high-bandwidth streaming of environmental mapping data back to centralized processing hubs to constantly refine the autonomous driving algorithms.57 This establishes a continuous flow of high-resolution telemetry from global roadways directly into Mobileye’s data infrastructure.

Automotive Cybersecurity Domain Associated Vendor/Technology Technological Mechanism Integration within Stellantis / Peugeot
Operational Technology (OT) Security Claroty Deep packet inspection of proprietary industrial protocols Integrated into Comau automation systems to protect assembly lines from ransomware.43
Cloud-Based Vehicle Telematics Upstream Security Machine learning analysis of fleet telemetry data Identifies fleet-wide coordinated attacks and anomalies without in-car hardware.9
Embedded ECU Penetration Testing PlaxidityX (Argus) Localized penetration testing and regulatory compliance Ensures compliance with UNECE WP.29 mandates and hardens internal vehicle networks.47
Deterministic ECU Protection Karamba Security Formal verification and behavioral binary sealing Blocks unauthorized execution of code on ECUs, preventing zero-day autonomous vehicle hijacks.53
Autonomous Driving (ADAS) Mobileye Computer vision, EyeQ SoCs, and REM Roadbook Provides hardware and software for hands-off/eyes-off navigation, streaming telemetry globally.57

Surveillance, Biometrics, and Workforce Analytics

The digitization of the automotive sector extends far beyond the vehicle and the factory floor, deeply permeating the retail experience, dealership operations, and internal workforce management. This domain leverages advanced biometric analysis, computer vision, and behavioral tracking technologies originating from the Israeli tech sector, blurring the lines between commercial retail management and state-level surveillance capabilities.

Retail Surveillance, Computer Vision, and Loss Prevention

The data indicates a substantial shift toward the implementation of artificial intelligence-powered computer vision in retail environments. Dealerships and associated retail spaces are increasingly adopting automated surveillance systems designed to monitor physical spaces with extreme precision, optimizing operations while simultaneously establishing comprehensive monitoring networks.59

Technologies provided by firms such as Trigo and BriefCam deploy sophisticated video content analytics to transform standard CCTV feeds into highly structured, actionable data lakes.59 BriefCam enables retail operators to track store traffic, monitor customer navigation, and optimize store layouts by applying facial recognition and re-identification algorithms across multiple camera feeds simultaneously.61 Trigo leverages AI-powered sensors to create a “Store Digital Twin”—a real-time visual model that tracks the precise interactions between shoppers and products.59 While initially designed for frictionless checkout and the detection of “sweethearting” (instances where employees deliberately fail to scan items), these computer vision systems inherently function as mass surveillance networks, logging movement, behavior, and physical associations within the retail space.59

Facial Recognition and Dual-Use Biometrics

Furthermore, the implementation of facial recognition technology within the automotive retail space is expanding, moving from basic security to deeply integrated operational features.65 Advanced dealership surveillance systems integrate high-resolution imaging, multi-dimensional perception, and behavioral analytics to verify identities.60 Conceptualized future applications include frictionless vehicle delivery—whereby a car’s computer system matches the biometric profile of the owner’s face upon delivery, eliminating the need for physical keys.66 However, these systems require the extensive collection, processing, and retention of highly sensitive biometric data, subject to evolving privacy legislation.65

Technologies deployed by firms such as Oosto (formerly AnyVision) highlight the deeply controversial, dual-use nature of these biometric systems.67 Operating globally, these platforms utilize automated watchlist alerting systems capable of identifying persons of interest and tracking their contact history in real-time with exceptional accuracy.67 The military and intelligence origins of this technology are well-documented; AnyVision has been implicated in providing advanced tactical surveillance software used to monitor the movements of Palestinians through military checkpoints.67 Following public exposure of the extent of their surveillance systems—including a pilot program in a Texas school district where the system boasted of detecting a single student 1,100 times in one week—the company rebranded to Oosto and was subsequently acquired by Metropolis.67 The integration of such technologies into the retail and dealership ecosystem normalizes the persistent biometric tracking of consumers under the auspices of security, loss prevention, and customer convenience, deploying military-grade tracking algorithms into civilian spaces.61

Workforce Engagement Management and Sentiment Analysis

Internally, the management of the Stellantis workforce, particularly within its global contact centers and customer support operations, is heavily mediated by sophisticated Workforce Engagement Management (WEM) platforms.70 Stellantis actively recruits analysts to manage these platforms, explicitly requiring proficiency with software provided by NICE Systems and Verint.70

NICE and Verint are prominent Israeli-founded industry leaders in the processing of human interactions within corporate environments.71 These platforms do not merely handle basic call routing or shift forecasting; they employ generative AI and natural language processing to conduct deep speech analytics, quality management, and sentiment tracking.71 By recording, transcribing, and analyzing virtually every interaction between employees and customers, these systems allow corporate operations to measure productivity, enforce script compliance, and gauge the emotional state of the caller in real-time.71 The widespread deployment of Verint and NICE software centralizes an immense volume of conversational data, utilizing machine learning models to continuously refine workforce optimization strategies. Concurrently, this establishes a comprehensive, panoptic surveillance apparatus over the daily activities, tone of voice, and efficiency of the contact center workforce, heavily quantifying human labor through AI-driven metrics.70

Digital Transformation and Systems Integration

The successful deployment, orchestration, and maintenance of the myriad cybersecurity, cloud, and biometric systems discussed above require the expertise of global systems integrators. Stellantis relies heavily on specialized consultancy firms to manage the architecture of its IT overhaul and digital transformation projects, effectively outsourcing the selection and implementation of its core technological stack.78

The Role of Publicis Sapient in Enforcing Technology Stacks

The data highlights the prominent role of Publicis Sapient in driving digital business transformation for Stellantis.78 As a global integrator and the digital business transformation hub of Publicis Groupe, Publicis Sapient is responsible for designing consumer experiences, managing enterprise data, and modernizing legacy IT infrastructure across the automotive conglomerate.78 Leveraging an army of over 25,000 engineers, the firm dictates the foundational architecture of the enterprise.80

The role of an integrator is highly influential; they do not merely install software, but fundamentally define the tech stacks, select the vendors, and ensure the interoperability of highly complex systems.78 When an integrator oversees a major IT overhaul, they inherently enforce the adoption of specific technological frameworks based on strategic partnerships and proven deployment models. By managing the implementation pipelines, organizations like Publicis Sapient accelerate the penetration of specialized dual-use technologies, advanced cloud platforms, and Israeli-origin cybersecurity controls into the core operations of Peugeot and Stellantis.79

Supply Chain Vulnerabilities and the Salesforce Breach Incident

The risks associated with complex digital transformations and the reliance on highly interconnected third-party service providers were recently realized during a significant data breach affecting Stellantis.3 In May 2025, attackers successfully breached a third-party service provider’s platform that supported Stellantis’ North American customer service operations.4

The breach involved unauthorized access to a third-party Salesforce platform, resulting in the theft of over 18 million records containing customer contact information for brands including Peugeot, Chrysler, Jeep, and Fiat.4 Orchestrated by the ShinyHunters extortion group, the attack exploited vulnerabilities in supply chain integrations and OAuth token abuse to execute bulk data extraction via Salesforce APIs.20 This incident perfectly illustrates the vulnerabilities inherent in modern, centralized IT operations managed by third parties. Paradoxically, such breaches serve to further entrench the reliance on the “Unit 8200 Stack”; in response to supply chain attacks, enterprises typically double down on the implementation of advanced Identity and Access Management (CyberArk), Cloud-Native Application Protection (Wiz), and Endpoint Detection (SentinelOne) to regain control over their external attack surfaces and prevent future unauthorized API exfiltrations.20

Cloud Infrastructure, Data Sovereignty, and Geopolitical Alignments

Underpinning the entire technological apparatus of Peugeot and Stellantis is the absolute reliance on hyperscale cloud infrastructure. The processing of terabytes of vehicle telemetry, the hosting of enterprise customer relationship management (CRM) systems, the execution of autonomous driving AI algorithms, and the storage of global supply chain data require massive, distributed data centers. This fundamental requirement intimately connects Stellantis to the global cloud oligopoly, primarily Amazon Web Services (AWS) and Google Cloud Platform (GCP).9

Transitive Reliance and Project Nimbus

Stellantis has established formal, high-level partnerships with Amazon to leverage cloud technology and AI for developing connected vehicle services, while Google’s cloud computing capabilities are deeply integrated across the automotive sector for data analytics and infrastructure modernization.9 The utilization of these specific public cloud providers introduces critical observations regarding data sovereignty, the ethics of AI deployment, and geopolitical alignments, specifically in relation to Project Nimbus.

Project Nimbus is a heavily documented, highly controversial $1.2 billion cloud computing contract between the Israeli government and American technology companies Google and Amazon.84 The contract dictates the provision of advanced cloud computing services, artificial intelligence, and machine learning tools to Israeli government ministries, the defense establishment, and associated military units, including the Israel Defense Forces (IDF).84 A defining characteristic of the Nimbus agreement is the establishment of local cloud data centers within Israel’s borders, designed to keep sensitive information under strict national security guidelines and ensure the total digital sovereignty of the state.84

Crucially, the contractual terms of Project Nimbus impose highly unorthodox controls on the service providers, designed to insulate the Israeli government from international legal pressure.85 Leaked documents and reports indicate that Google and Amazon are contractually forbidden from restricting how the Israeli government or military uses their products, and they are prevented from denying service to any state entities, even if the usage violates the companies’ standard terms of service.84 Furthermore, the agreements allegedly oblige the tech giants to secretly notify the state if foreign courts demand access to the data stored on these regional cloud platforms, effectively sidestepping international legal obligations.85 The advanced AI tools provided under this framework facilitate capabilities such as facial detection, automated image categorization, object tracking, and sentiment analysis—tools directly applicable to border surveillance, population control, and the enabling of AI-assisted targeting systems in military operations.84

While Stellantis itself is a commercial automotive manufacturer, its foundational reliance on AWS and GCP architecture means its data, capital, and digital operations traverse the same technological ecosystems managed by these providers.9 The massive capital flowing from multinational corporate contracts like Stellantis’ indirectly subsidizes the development, expansion, and maintenance of these massive, dual-use cloud infrastructures globally.86 The financial interdependency ensures that the hyperscalers possess the resources to fulfill defense contracts like Nimbus, linking civilian automotive capital to state-level surveillance and militarization cloud initiatives.

The Stellantis Israel Innovation Hub and Formalized R&D Agreements

Beyond transitive cloud reliance, Stellantis maintains a direct, localized operational presence within Israel, purposefully structured to integrate Israeli defense and cybersecurity technology directly into global automotive manufacturing.6 In April 2021, Stellantis Group signed a formal Memorandum of Understanding (MoU) with the Israel Innovation Authority, the governmental agency responsible for the nation’s innovation policy.7

Under this agreement, FCA Italy (a wholly owned subsidiary of Stellantis) established a framework to develop sustainable mobility solutions, cybersecurity, and Industry 4.0 applications in direct collaboration with Israeli start-ups.7 The mechanics of the MoU dictate a highly integrated co-funding model: the Israel Innovation Authority finances the R&D and technological innovation of the local startups, while Stellantis provides the resources to support the scaling-up, marketing, and global implementation of the technology into its vehicles.7

The strategic rationale for this innovation hub is explicitly tied to the origins of the local technology ecosystem. The maturity of the Israeli innovation hub is rooted in heavy governmental investments in defense technologies, particularly to defend critical electronic infrastructure and analyze data collected by intelligence corps such as Unit 8200.6 This military-industrial pipeline has fostered world-leading expertise in cybersecurity and artificial intelligence—technologies that are perfectly aligned with the autonomous, connected, electrified, and shared (ACES) revolution required by modern automakers.6

Stellantis’ leadership has explicitly acknowledged the necessity of discovering and integrating these specific technological developments, reporting the continuous scouting of over 30 regional startups and the execution of numerous proof-of-concept operations focused on driving assistance and cybersecurity.8 The Italian Ambassador to Israel publicly noted that this agreement allows large companies to find “fertile soil” for R&D, positioning the manufacturing system as a natural point of attraction for Israeli companies to industrialize their products and enter the global market.7 This formalized R&D presence solidifies a pipeline wherein state-funded technological innovations, often derived from military applications, are directly assimilated into the global supply chains and product architectures of Peugeot and the broader Stellantis portfolio.7

Synthesis of Digital Supply Chain Dependencies

The exhaustive analysis of the digital footprint and supply chain architectures of Peugeot and the broader Stellantis enterprise reveals a profound, multi-layered integration with highly specialized technology vendors. The corporate transition to Software-Defined Vehicles, centralized IT procurement, and digital business operations relies upon a complex interweaving of cybersecurity, cloud analytics, and biometric surveillance capabilities.

The technographic data demonstrates a systemic architectural dependency on platforms that trace their origins to or maintain deep alignments with the Israeli high-tech and intelligence sectors.6 At the network perimeter and within the multi-cloud environments, digital traffic is arbitrated by Check Point and Wiz.5 On the corporate endpoints, kernel-level visibility and threat interception are maintained by SentinelOne.11 Administrative credentials and Zero Trust identity models are governed by CyberArk, while external attack surfaces are continuously mapped and exposed by CyCognito.34 The physical manufacturing assembly lines and industrial robotics are monitored and secured by Claroty.43

Moving to the vehicles themselves, telematics are secured and analyzed by Upstream Security, PlaxidityX (Argus), and Karamba Security, while autonomous navigation is powered by Mobileye’s ADAS sensors and EyeQ processors.9 Furthermore, the corporate retail and workforce environment is heavily overseen by surveillance and optimization technologies from Verint, NICE Systems, BriefCam, and Trigo, with the potential integration of military-grade facial recognition from firms like AnyVision/Oosto.59

This comprehensive vendor ecosystem is orchestrated and enforced by global systems integrators such as Publicis Sapient, which dictates the architecture of Stellantis’ massive IT overhauls.78 Fundamentally, this entire technological stack is hosted on hyperscale public clouds, specifically Amazon Web Services and Google Cloud Platform, which simultaneously operate bespoke, sovereign architectures for the Israeli military under the controversial Project Nimbus contract.9 The continuous pipeline of this dual-use technology is not accidental but formalized through state-backed partnerships, notably the R&D Memorandum of Understanding with the Israel Innovation Authority.7

The resulting operational reality is that the digital infrastructure governing Stellantis’ global manufacturing, vehicle telematics, internal workforce communications, and physical retail spaces is inextricably bound to this specific nexus of technology providers. This establishes a permanent and comprehensive structural reliance on platforms intimately connected to state-level intelligence, military infrastructure, and global surveillance paradigms.

  1. Stellantis Joins GlobalPlatform to Advance Global Automotive Cybersecurity Standards, accessed February 20, 2026, https://globalplatform.org/latest-news/stellantis-joins-globalplatform-to-advance-global-automotive-cybersecurity-standards/
  2. Stellantis Joins GlobalPlatform to Advance Global Automotive Cybersecurity Standards, accessed February 20, 2026, https://cybertechnologyinsights.com/cybertech-insights/stellantis-joins-globalplatform-to-advance-global-automotive-cybersecurity-standards/
  3. Car Giant Stellantis Confims Third-Party Breach – Infosecurity Magazine, accessed February 20, 2026, https://www.infosecurity-magazine.com/news/stellantis-confims-third-party/
  4. Risky Bulletin: US raids SIM farm in New York, accessed February 20, 2026, https://news.risky.biz/risky-bulletin-us-raids-sim-farm-in-new-york/
  5. Claroty & Check Point IoT (Industrial), accessed February 20, 2026, https://claroty.com/resources/integration-briefs/claroty-and-check-point-integration-brief
  6. Israel: Hot spot for future mobility technologies – McKinsey, accessed February 20, 2026, https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/israel-hot-spot-for-future-mobility-technologies
  7. Signature of the Memorandum of Understanding between Stellantis and the Israel Innovation Authority with the aim of establishing cooperation in technological innovation – Ambasciata d’Italia Tel Aviv, accessed February 20, 2026, https://ambtelaviv.esteri.it/en/news/dall_ambasciata/2021/04/firma-dell-accordo-tra-stellantis-2/
  8. Stellantis and Israel Innovation Authority announce the signing of a Memorandum of Understanding | Corporate Communications, accessed February 20, 2026, https://www.media.stellantis.com/em-en/corporate-communications/press/stellantis-and-israel-innovation-authority-announce-the-signing-of-a-memorandum-of-understanding
  9. Automotive Cyber Security Market Industry Analysis, accessed February 20, 2026, https://www.stellarmr.com/report/automotive-cyber-security-market/2387
  10. UPSTREAM SECURITY CLOSES $30 MILLION SERIES B INVESTMENT FROM RENAULT, VOLVO GROUP, HYUNDAI, NATIONWIDE – IoT Automotive News, accessed February 20, 2026, https://iot-automotive.news/upstream-security-closes-30-million-series-b-investment-from-renault-volvo-group-hyundai-nationwide/
  11. Partners – CISO Melbourne, accessed February 20, 2026, https://ciso-mel.coriniumintelligence.com/partners
  12. AI Attacks Surge 156% as Quantum Threats Force Encryption Overhaul | Financial Post, accessed February 20, 2026, https://financialpost.com/globe-newswire/ai-attacks-surge-156-as-quantum-threats-force-encryption-overhaul
  13. Hyundai Data Breach: 2.7 Million Vehicle Owners Potentially Exposed in Latest Automotive Cybersecurity Incident, accessed February 20, 2026, https://breached.company/hyundai-data-breach-2-7-million-vehicle-owners-potentially-exposed-in-latest-automotive-cybersecurity-incident/
  14. CyberSecIndonesia 2025, accessed February 20, 2026, https://cybersecasia.org/csid2025
  15. Security Alerts Index – Western Networks Inc., accessed February 20, 2026, http://www.westernnetworks.com/index4.php
  16. Ransomware Minute: Latest Attacks And News – Cybercrime Magazine, accessed February 20, 2026, https://cybersecurityventures.com/ransomware-minute/
  17. 70% of Companies Will Use AI by 2030 — 2 Stocks You’ll Want to Buy Hand Over Fist, accessed February 20, 2026, https://www.nasdaq.com/articles/70-of-companies-will-use-ai-by-2030-2-stocks-youll-want-to-buy-hand-over-fist
  18. Claroty and Check Point Software Technologies Partner to Secure Industrial Control Networks, accessed February 20, 2026, https://claroty.com/press-releases/claroty-and-check-point-software-technologies-partner-to-secure-industrial-control-networks
  19. AIIMS Suffers Another Cyberattack, Following November 2022 Cyberattack – Varutra Consulting, accessed February 20, 2026, https://www.varutra.com/ctp/threatpost/postDetails/AIIMS-Suffers-Another-Cyberattack,-Following-November-2022-Cyberattack/
  20. Cyber Intel Brief: Cisco ASA zero-days, supply chain breaches, ransomware attacks, accessed February 20, 2026, https://www.authentic8.com/blog/cyber-intel-brief-cisco-asa-zero-days-supply-chain-breaches-ransomware-attacks?utm_source=PANTHEON_STRIPPED
  21. CHKP – The Quantum Shield: Hardening AI & Critical Infrastructure, accessed February 20, 2026, https://it.advfn.com/mercati/NASDAQ/CHKP/notizie/97535358/the-quantum-shield-hardening-ai-critical-infras
  22. The Quantum Shield: Hardening AI & Critical Infrastructure – Financial Post, accessed February 20, 2026, https://financialpost.com/globe-newswire/the-quantum-shield-hardening-ai-critical-infrastructure
  23. Cyber security: Two months in retrospect (Australia) – August and September 2025, accessed February 20, 2026, https://www.hsfkramer.com/notes/cybersecurity/2025-posts/cyber-security-a-month-in-retrospect-august-september-2025
  24. CHKP – Check Point Redefines AI Security for Enterprises with AI, accessed February 20, 2026, https://it.advfn.com/mercati/NASDAQ/CHKP/notizie/97095221/check-point-redefines-ai-security-for-enterprises
  25. H2 2023 – a brief overview of main incidents in industrial cybersecurity, accessed February 20, 2026, https://ics-cert.kaspersky.com/publications/reports/2024/04/11/h2-2023-a-brief-overview-of-main-incidents-in-industrial-cybersecurity/
  26. Check Point Software Technologies and Wiz Enter Strategic Partnership to Deliver End-to-End Cloud Security, accessed February 20, 2026, https://www.checkpoint.com/press-releases/check-point-software-technologies-and-wiz-enter-strategic-partnership-to-deliver-end-to-end-cloud-security/
  27. Cloud Security Stocks Face Consolidation Risks, accessed February 20, 2026, https://explore.nemo.money/en/the-cloud-security-arms-race
  28. Google is the 2025 Open Innovation World Champion, accessed February 20, 2026, https://mindthebridge.com/corporate-startup-collaborations-google-is-the-2025-world-champion/
  29. Internet/e-Commerce Let’s Chat AI – Post(ings) at the intersection of Internet and AI, accessed February 20, 2026, https://research1.ml.com/C?q=jyCaUZopQbdO0vj0uE-Ymw
  30. Venture Clients or… the only thing that matters for startups | by Gregor Gimmy | Medium, accessed February 20, 2026, https://medium.com/@gregor_gimmy/venture-clients-or-the-only-thing-that-matters-for-startups-abf6c7e19beb
  31. #Hacktivity Report September 26, 2025 – Ironweave News and Updates, accessed February 20, 2026, https://blog.ironweave.io/hacktivity-report-september-26-2025/
  32. Remote Job – Wiz – Senior Advanced Delivery Architect (East) : r, accessed February 20, 2026, https://www.reddit.com/r/jobhuntify/comments/1o4nfxz/remote_job_wiz_senior_advanced_delivery_architect/
  33. Remote Job – Wiz – Associate Advanced Delivery Architect (West) : r, accessed February 20, 2026, https://www.reddit.com/r/jobhuntify/comments/1oacrt2/remote_job_wiz_associate_advanced_delivery/
  34. Identity Access Management Team Lead Jobs, Employment | Indeed, accessed February 20, 2026, https://www.indeed.com/q-identity-access-management-team-lead-jobs.html
  35. Top M&A Deals of Q3 2025 – Miller Shah LLP, accessed February 20, 2026, https://millershah.com/blog/top-ma-deals-of-q3-2025/
  36. 2024 Top Global M&A Deals – Imaa-institute.org, accessed February 20, 2026, https://imaa-institute.org/blog/2024-top-global-m-and-a-deals/
  37. Scattered Lapsus$ Hunters Launch Data Leak Site Targeting Salesforce: Massive OAuth Supply Chain Breach Exposes 1 Billion Records – Rescana, accessed February 20, 2026, https://www.rescana.com/post/scattered-lapsus-hunters-launch-data-leak-site-targeting-salesforce-massive-oauth-supply-chain-bre
  38. AWS Serverless – Noise, accessed February 20, 2026, https://noise.getoto.net/tag/aws-serverless/
  39. AWS Serverless | AWS Architecture Blog, accessed February 20, 2026, https://aws.amazon.com/blogs/architecture/tag/aws-serverless/
  40. Events | Join & Connect Today – CXO Xchange, accessed February 20, 2026, https://www.cxoxchange.com/events
  41. List of companies that use ServiceNow Vulnerability Response in EEA (17) | TheirStack.com, accessed February 20, 2026, https://theirstack.com/en/technology/servicenow-vulnerability-response/eea
  42. Global Tensions Driving Security Risks to Supply Chains and, accessed February 20, 2026, https://www.supplychain247.com/article/claroty-2025-cps-security-report/2
  43. Global Technology Partnerships for Industry 4.0 – Engineering …, accessed February 20, 2026, https://www.indx.com/en/partnerships
  44. SHARING NEW WAYS OF THINKING & ACTIONABLE STRATEGIES THAT YOU CAN IMPLEMENT IMMEDIATELY – IQPC, accessed February 20, 2026, https://eco-cdn.iqpc.com/eco/files/event_content/automotive-cybersecurity-detroit-2025-full-15-300125DLwworJCyEmcbANglqUIEZgxKiDF3CujEHV5hkNo.pdf
  45. Technology Alliance Partners | Claroty, accessed February 20, 2026, https://claroty.com/partners/technology-alliances
  46. Supporting the Mobility Society of the Future: Trends in Automotive Cybersecurity, accessed February 20, 2026, https://turnpoint-consulting.com/en/mobility-technology/supporting-the-mobility-society-of-the-future-trends-in-automotive-cybersecurity
  47. Global Automotive Cybersecurity Market Size Report, Forecast to 2023-2030, accessed February 20, 2026, https://store.frost.com/automotive-cybersecurity-market-global-2023-2030.html
  48. US20160350985A1 – Vehicle diagnostic monitor tool – Google Patents, accessed February 20, 2026, https://patents.google.com/patent/US20160350985A1/en
  49. Connected Fleet Services Global News – PTOLEMUS, accessed February 20, 2026, https://www.ptolemus.com/connected-fleet-services-news-log/
  50. Automotive Cybersecurity Market Size, Share & Industry Analysis – 2034, accessed February 20, 2026, https://www.fortunebusinessinsights.com/automotive-cybersecurity-market-107970
  51. Ford, GM and Stellantis OEM leaders share stage at CADA Summit – Canadian Auto Dealer, accessed February 20, 2026, https://canadianautodealer.ca/2025/02/ford-gm-and-stellantis-oem-leaders-share-stage-at-cada-summit/
  52. Software Technology – GEM, accessed February 20, 2026, https://gemdetroitregion.com/the-road-to-2030/software-technology/
  53. AI in Automotive Cybersecurity Market Size, Growth Trends 2035, accessed February 20, 2026, https://www.gminsights.com/industry-analysis/ai-in-automotive-cybersecurity-market
  54. Standards and Regulations Archives – Page 8 of 15 – Mobex, accessed February 20, 2026, https://mobex.io/topic/standards-and-regulations/page/8/
  55. Welcome to Auto-ISAC!, accessed February 20, 2026, https://lizwilliamscox.squarespace.com/s/2023_04_05_Auto-ISAC_05April2023CC_FINAL.pdf
  56. Welcome to Auto-ISAC!, accessed February 20, 2026, https://lizwilliamscox.squarespace.com/s/2023_05_03_Auto-ISAC_03May2023_Community_Call_FINAL_V2.pdf
  57. Polestar 4 To Get Mobileye’s Chauffeur Eyes-Off, Hands-Off ADAS – InsideEVs, accessed February 20, 2026, https://insideevs.com/news/683533/polestar-4-get-mobileye-chauffeur-eyes-off-hands-off-adas/
  58. (formerly Fiat Chrysler Automobiles NV) Annual Report and Form 20-F for the year ended December 31, 2020 – Stellantis.com, accessed February 20, 2026, https://www.stellantis.com/content/dam/stellantis-corporate/investors/financial-reports/Stellantis_2020_12_31_Annual_Report.pdf
  59. How POS Analytics and Computer Vision Are Revolutionizing Retail Loss Prevention – Trigo, accessed February 20, 2026, https://www.trigoretail.com/pos-analytics-and-computer-vision-revolutionizing-retail-loss-prevention/
  60. Hungarian Car dealership boosts efficiency with Hikvision smart security solution, accessed February 20, 2026, https://www.hikvision.com/tr/newsroom/success-stories/retail/hungarian-car-dealership-boosts-efficiency-with-hikvision-smart-security-solution/
  61. Uncovering In-Store Traffic Analytics with Intelligent Video Surveillance – BriefCam, accessed February 20, 2026, https://www.briefcam.com/resources/blog/uncovering-in-store-traffic-analytics-with-intelligent-video-surveillance/
  62. Nodeflux Facial Recognition Overview | PDF | Closed Circuit Television | Areas Of Computer Science – Scribd, accessed February 20, 2026, https://www.scribd.com/document/421258062/Guideline
  63. 5-7 NOV. 2024 – Expoprotection, accessed February 20, 2026, https://www.expoprotection.com/content/dam/sitebuilder/ref/expoprotection/pdf/GUIDE%20EXPOPROTECTION%202024.pdf.coredownload.303862695.pdf
  64. Archive – erpecnews live, accessed February 20, 2026, https://www.erpecnewslive.com/archive
  65. PEUGEOT Privacy Policy, accessed February 20, 2026, https://www.peugeot.com.au/tools/privacy-policy.html
  66. Facial Recognition, the Future of Theft Protection? – Le Guide de l’auto, accessed February 20, 2026, https://www.guideautoweb.com/en/articles/26574/facial-recognition-the-future-of-theft-protection/
  67. AnyVision – Surveillance Watch, accessed February 20, 2026, https://www.surveillancewatch.io/entities/anyvision
  68. This Manual for a Popular Facial Recognition Tool Shows Just How Much the Software Tracks People – The Markup, accessed February 20, 2026, https://themarkup.org/privacy/2021/07/06/this-manual-for-a-popular-facial-recognition-tool-shows-just-how-much-the-software-tracks-people
  69. Nvidia taps AnyVision to create AI-powered surveillance technology – Mashable, accessed February 20, 2026, https://mashable.com/article/nvidia-developing-facial-recognition-cameras
  70. $56k-$126k Workforce Management Analyst Jobs (NOW HIRING) – ZipRecruiter, accessed February 20, 2026, https://www.ziprecruiter.com/Jobs/Workforce-Management-Analyst
  71. Best Workforce Engagement Management Solutions for 2026 – PeerSpot, accessed February 20, 2026, https://www.peerspot.com/categories/workforce-engagement-management
  72. Sales Operations Analyst jobs in Morristown, Nj – Indeed, accessed February 20, 2026, https://www.indeed.com/q-sales-operations-analyst-l-morristown,-nj-jobs.html
  73. $52k-$178k Wfm Scheduling Analyst Jobs in Phoenix, AZ, accessed February 20, 2026, https://www.ziprecruiter.com/Jobs/Wfm-Scheduling-Analyst/-in-Phoenix,AZ
  74. Amazon, Stellantis Team Up for Customer-Centric Vehicles – CXM Today, accessed February 20, 2026, https://cxmtoday.com/news/amazon-stellantis-team-up-for-customer-centric-vehicles/
  75. Penn Series Funds, Inc., accessed February 20, 2026, https://www.pennmutual.com/static-assets/v1/item/cb74beb1-89dc-cff1-92dc-9e3fcdf0be36/attachments/2023%20Penn%20Series%20Semi-Annual%20Report.pdf
  76. February 28, 2021 – SEC.gov, accessed February 20, 2026, https://www.sec.gov/Archives/edgar/data/819118/000137949121001503/filing788.htm
  77. Rethinking-the-Future-of-Global-Capability-Center-NCR-2025.pdf – Dnb.co.in, accessed February 20, 2026, https://www.dnb.co.in/files/reports/Rethinking-the-Future-of-Global-Capability-Center-NCR-2025.pdf
  78. Publicis Groupe – Universal Registration Document 2021, accessed February 20, 2026, https://publicis-groupe.publispeak.com/2021-universal-registration-document/article/28/
  79. Unlocking the Full Potential of Connected Vehicles – COVESA, accessed February 20, 2026, https://covesa.global/about-covesa-2/
  80. 2024 ANNUAL FINANCIAL REPORT – CSR SMART DATA, accessed February 20, 2026, https://publicisgroupe-csr-smart-data.com/assets/upload/en/universal_registration_document_2024.pdf
  81. Automotive & Transportation Consulting – Publicis Sapient, accessed February 20, 2026, https://www.publicissapient.com/industries/transportation-mobility
  82. Full Year 2022 Results – Publicis Groupe, accessed February 20, 2026, https://www.publicisgroupe.com/sites/default/files/press-releases/2023-02/CP_Resultats_FY2022%20GB.pdf
  83. Stellantis Salesforce Data Breach: 18M Records Exposed in 2025 – FireCompass, accessed February 20, 2026, https://firecompass.com/stellantis-salesforce-data-breach/
  84. Project Nimbus – Wikipedia, accessed February 20, 2026, https://en.wikipedia.org/wiki/Project_Nimbus
  85. Inside Israel’s deal with Google and Amazon – +972 Magazine, accessed February 20, 2026, https://www.972mag.com/project-nimbus-contract-google-amazon-israel/
  86. Google Cloud selected to provide cloud services to digitally transform the State of Israel, accessed February 20, 2026, https://cloud.google.com/blog/topics/inside-google-cloud/google-cloud-selected-to-provide-cloud-services-to-the-state-of-israel
  87. tm223357-5_def14a – block – 26.5626073s – SEC.gov, accessed February 20, 2026, https://www.sec.gov/Archives/edgar/data/1018724/000110465922045572/tm223357-5_def14a.htm
  88. We are Google and Amazon workers. We condemn Project Nimbus – The Guardian, accessed February 20, 2026, https://www.theguardian.com/commentisfree/2021/oct/12/google-amazon-workers-condemn-project-nimbus-israeli-military-contract
  89. How US tech giants supplied Israel with AI models, raising questions about tech’s role in warfare – The Korea Times, accessed February 20, 2026, https://www.koreatimes.co.kr/world/20250218/how-us-tech-giants-supplied-israel-with-ai-models-raising-questions-about-techs-role-in-warfare
  90. 2025 Proxy Resolutions and Voting Guide – Interfaith Center on Corporate Responsibility (ICCR), accessed February 20, 2026, https://www.iccr.org/wp-content/uploads/2025/03/2025_ICCR_Proxy_Resolutions_and_Voting_Guide_Final_03.17.25.pdf
  91. About Nimbus Cloud Me In – Gov.il, accessed February 20, 2026, https://www.gov.il/en/pages/aboutnimbus

 

Related News & Articles