Autonomous monitoring software could catch coordinated attacks that current single station tools miss, according to a University of Malaga team whose design is still a research proposal.
An EV charger is a small computer on the edge of the electrical grid. It authenticates drivers, processes payments, and balances the load on local circuits. That convergence of functions, plus the fact that a charging network can include thousands of geographically scattered devices, is what makes the network both useful and exposed.
The standard most of those devices use to talk to a central management system is the Open Charge Point Protocol, or OCPP. It is the lingua franca of public and private charging networks, and it sits in the middle of nearly every interaction between a vehicle, a charging station, and the operator that runs it. Because OCPP has to be open enough to connect equipment from many vendors, it is also a place where the security of any single station depends on the discipline of every other one. Researchers at the University of Malaga's Network and Information Security lab, known as NICS, argue in a new proposal that the protocol's openness, and the way today's monitoring tools tend to look at one station or one network stream at a time, leaves regional attacks hard to see until they have already spread.
Cristina Alcaraz, an infrastructure-security researcher at NICS and one of the team's leads, frames the problem as a gap between what a single charger can report and what an attacker can do across a region. In a WIRED feature on the proposal, she describes the threat model in plain terms: a malicious user can drain electricity that someone else pays for, fraudsters can spoof legitimate charging sessions, and a coordinated set of compromises can be used to push abnormal demand onto local distribution circuits at the same moment. Each of those is a problem at the level of an individual station. Together, they become a problem for the grid the stations are plugged into.
The NICS team's proposed fix is a fleet of AI agents, software that runs continuously and watches many chargers at once rather than just one. This is not the chatbot or generative-AI usage most readers will recognize. Each agent is built to flag a specific kind of anomaly, such as a sudden pattern of failed authentications across stations in one neighborhood, or a coordinated set of charging sessions that would be normal for any one site but abnormal in aggregate. The system is designed to look at regional behavior precisely because the attacks the team is worried about are regional: a single station's logs will record a bad session, but only a system that watches many stations at once will see that a hundred bad sessions are landing on the same substation at the same hour.
Today's defenses, the researchers say, are mostly built the other way around. Monitoring tools tend to watch network traffic on a single link, or to log events at one charging station, with little ability to correlate across an entire service area. That is workable when the threat is a bad firmware update on one device. It is much less workable when the threat is a coordinated effort to manipulate demand, steal energy at scale, or simply probe a network for the softest target in a region. The asymmetry is similar to the one the early internet faced: per-host firewalls were useful, but the attacks that mattered most were the ones that crossed many hosts at once, and defending them required something that could see the whole network.
The Malaga proposal is still a research design, not a deployed defense. The team has not announced a production rollout, a vendor partner, or a date at which the agents would begin watching a live network. Alcaraz and her colleagues are presenting it as a constructive answer to a problem they believe has been understudied: the cybersecurity of EV charging has lagged the speed at which the chargers themselves have been deployed, and the few existing solutions tend to be local rather than regional. The honest version of the story is that there is a real gap, a credible research team has sketched how to close it, and the next step is to see whether the approach holds up when it is tested against attacks that have not yet happened.
What to watch: any move by the NICS lab, or by a charging-network operator, to test the agent design on a real regional fleet, and any reported incident in which a charging network is used to push abnormal demand onto a local grid. The defensive infrastructure for the charging boom is still being drawn, and the team behind one of the more concrete proposals is betting that the drawing happens before a serious attack forces it.