Agnile provides engineering services and software for safety- and security-critical vehicle systems, covering cybersecurity, functional safety, embedded software, avionics, and verification & validation.

Who does Agnile work with?

Agnile works with OEMs, Tier-1 suppliers, engineering teams, and technology companies developing complex automotive and safety-critical systems.

KAVACH is Agnile's AI-assisted ISO/SAE 21434 workspace for automotive cybersecurity engineering, supporting architecture-based analysis, TARA, attack paths, controls, and traceable cybersecurity evidence.

Does Agnile provide engineering services or only software?

Agnile provides both. Our engineering teams support customer programmes directly, while KAVACH extends our cybersecurity engineering approach through software.

Which standards does Agnile work with?

Agnile works across ISO/SAE 21434, UNECE R155/R156, ISO 26262, AUTOSAR, ASPICE, MISRA C, DO-178C, ARP4754A, ARP4761, and related engineering practices.

From vehicle architecture to cybersecurity evidence.

KAVACH helps teams design vehicle architecture, build a cybersecurity digital twin, analyze the threat landscape, move from architecture to structured TARA in hours, simulate attack paths, make risk treatment decisions, track ISO/SAE 21434 and UNECE R155 evidence, and extend cybersecurity engineering into post-production vulnerability monitoring.

Request KAVACH Demo

Estimate TARA Effort

Lifecycle

Evidence Workflows

Curated

Automotive Cybersecurity Corpus

Mapped

Architecture → Attack Paths → Controls

§5–§15

ISO/SAE 21434 Coverage

KAVACH · CYBERSECURITY ENGINEERING WORKSPACE

Conceptual Platform Visualization

01Architecturevehicle model
02Digital Twincybersecurity context
03Threat Landscapeknowledge & STRIDE
04TARAassets → risk
05Attack Pathsfeasibility
06Risk Treatmentdecisions
07Evidencework products
08Monitoringpost-production

Architecture → Digital Twin → TARA → Attack Paths → Evidence → Monitoring

Architecture to first TARA draft
Cybersecurity digital twin
Attack path simulation
Risk treatment and controls
ISO/SAE 21434 and UNECE R155 evidence
Post-production vulnerability monitoring

WHAT IS KAVACH?

KAVACH is an automotive cybersecurity engineering workspace designed to support ISO/SAE 21434 lifecycle workflows across Clauses 5–15 and the 42 Work Products the standard defines. The current release focuses on architecture-aware TARA, attack path simulation, risk treatment, the Cybersecurity Case (Clause 6), UNECE R155 / R156 evidence, AIS 189 / AIS 190 readiness, and post-production vulnerability monitoring (Clause 8).

KAVACH offers three operating modes — manual engineering, deterministic automation, and optional private AI — and is built for OEMs and Tier-1 suppliers. Engineers remain responsible for review, correction, approval, and final evidence at every stage.

THE PROBLEM

Cybersecurity engineering breaks when architecture, risk, and evidence are disconnected.

Modern vehicles are software-defined, connected, updateable, and exposed across the lifecycle. But cybersecurity work is still split across architecture diagrams, spreadsheets, CVE lists, attack trees, compliance matrices, and reports.

TARA cycles measured in weeks

Threat enumeration, asset mapping, and risk scoring are still done by hand for most programmes. The work is rigorous; the workflow doesn’t scale across platforms.

Lifecycle evidence, manual traceability

ISO/SAE 21434 work-product evidence spans governance, concept, development, validation, production, operations, and TARA. When evidence lives across Word, Excel, and disconnected tools, traceability gaps often surface late during customer, assessor, or regulatory review.

Generic threat modeling tools were not built for vehicles

IT-grade tools don’t model ECU architectures, CAN/CAN-FD buses, automotive STRIDE, or ISO/SAE 21434 Clause 15 specifics. The gap shows up in threat scenarios you have to write yourself.

DIGITAL TWIN

Start with the vehicle architecture. Keep every cybersecurity decision connected.

ECUs, interfaces, trust boundaries, data flows, diagnostics, update paths, and software components form the cybersecurity digital twin. Threats and controls reason against the system — not isolated rows.

Vehicle Architecture
Cybersecurity Digital Twin
Threat Landscape
TARA
Attack Paths
Risk Treatment
Evidence
Monitoring

Vehicle Architecture Context

Capture ECUs, networks, interfaces, data flows, trust boundaries, diagnostics, update paths, and software components.

Cybersecurity Digital Twin

Use architecture context to reason about assets, damage scenarios, threat scenarios, attack paths, controls, vulnerabilities, and evidence.

Living Engineering Evidence

Keep TARA, risk treatment, controls, cybersecurity case evidence, compliance mapping, and vulnerability updates connected through the lifecycle.

WORKFLOW PREVIEW

See how architecture, TARA, attack paths, and evidence stay connected.

Walk through the KAVACH workflow from item definition to evidence prepared for review.

Illustrative interface mockup. No customer data shown.

KAVACH—Project Example programme / Body Control ECU

Optional AI

Project Dashboard

§5Organizational CS Management

§6Project CS Management

§7Distributed CS Activities

§8Continual CS Activities

§9Concept Phase

§10Product Development

§11Cybersecurity Validation

§12–14Post-Development

Traceability Hub

Usage Dashboard

Workspace

Example deployment

Project Dashboard

Example programme Platform / Body Control ECU (Example ECU)

Assets

—

Work-product progress

Threats Identified

—

Open review items

Risks

—

Treatment in review

Compliance

—

Coverage status

Work Product ProgressISO/SAE 21434 Clauses 5–15

§5 Organizational CS Management

Mapped

§6 Project CS Management

In review

§9 Concept Phase + TARA

In progress

§10 Product Development

Open items

§11 Cybersecurity Validation

Evidence pending

Recent Activity

Quick Actions

Connected — Optional AI enabled where permittedISO/SAE 21434:2021 compliance modeAutosaved

Workflow Preview

Architecture to Cybersecurity Evidence

AI-Assisted · Deterministic · Engineer-Reviewed

ArchitectureTARAAttack PathsEvidence

Illustrative Interface Mockup · No Customer Data Shown

0:00

3:53

THE WORKSPACE

One workspace for the complete cybersecurity engineering thread.

Architecture, TARA, attack paths, risk treatment, vulnerability monitoring, controls, and evidence — built on one connected data model.

Programme view

Project Dashboard

Track cybersecurity progress, open work products, review status, and evidence readiness across a programme.

Architecture aware

Architecture Context

Capture ECUs, interfaces, data flows, trust boundaries, and system context used for cybersecurity reasoning.

ISO/SAE 21434 Clause 15

TARA Workbench

Build connected chains from assets to damage scenarios, threats, risk treatment, security goals, and controls.

Attack path reasoning

Attack Tree Editor

Model attack logic with structured paths, feasibility reasoning, reusable patterns, and reviewable path evidence.

Evidence continuity

Traceability Hub

Keep assets, threats, risks, controls, claims, and evidence linked across the cybersecurity engineering lifecycle.

CVE to TARA

Vulnerability Monitoring

Connect SBOM and vulnerability signals to affected components, assets, threats, and risk treatment decisions.

Clause 6 evidence

Cybersecurity Case

Assemble claims, arguments, work products, and evidence into a reviewable cybersecurity case structure.

Type approval support

R155 Compliance Matrix

Map engineering evidence to regulatory expectations and track gaps before programme review.

Review-ready output

Report Generator

Produce structured draft reports from the same data model used across TARA, traceability, and evidence.

TARA WORKBENCH

Move from architecture to structured TARA without losing traceability.

Evidence is built as engineering decisions are made — not assembled at the end. Every decision traces from architecture context through risk treatment to evidence.

Asset
Damage Scenario
Threat Scenario
Attack Tree
Attack Path
Risk Assessment
Risk Treatment
Security Goal
Control
Evidence

ARCHITECTURE → TARA CHAIN

01 · model
Architecture Context
02 · identified
Asset
03 · impact
Damage Scenario
04 · STRIDE
Threat Scenario
05 · feasibility
Attack Path
06 · decided
Risk Treatment
07 · derived
Security Goal
08 · mapped
Control
09 · linked
Evidence

Traceability preserved

Conceptual visualization. No customer data shown.

What the workbench gives you

Chain view across assets, damages, threats, risks, treatment, and controls
Inline review and editing
Search, filters, and progress visibility
Coverage counters for missing links and incomplete chains
Traceability from threat reasoning to report output
Work product drafting for engineering review

EXAMPLE CHAIN

01Gateway ECU
02Loss of diagnostic integrity
03Unauthorized diagnostic command abuse
04Attack path
05Secure diagnostics control
06Evidence note

Generic engineering example. No real customer architecture.

ATTACK PATHS

Simulate attack paths before they become evidence gaps.

Structure attack trees, extract paths, and review feasibility step by step. Threats traced back to architecture; controls traced forward to verification.

OR/AND attack tree structures
Reusable attack path patterns
Feasibility factors for review
Path extraction from attack trees
Linkage from threat scenario to risk treatment
Reviewable logic for engineering discussion

ATTACK TREE — STEP-BY-STEP REASONING

Conceptual visualization. No exploit content.

TimeExpertiseKnowledgeEquipment

CVE → TARA

When a new CVE appears, the cybersecurity case should not go stale.

A CVE list is not a cybersecurity argument. SBOM and vulnerability signals connect to affected components, architecture context, threats, treatment decisions, and evidence updates. This treats vulnerability monitoring as part of the cybersecurity engineering lifecycle, not as an isolated CVE list.

CVE → TARA → EVIDENCE

CVE Signalalert
Affected Componentmatched
ECU Contextlocated
Asset / Threatlinked
Risk Treatment Reviewqueued
Evidence Updatetracked
Monitoringloop

Continuous monitoring loops back into TARA

Conceptual visualization. No customer data shown.

Component Awareness

Link software components and suppliers to vehicle functions, ECUs, and cybersecurity assets.

Risk Context

Prioritize vulnerabilities using exposure, architecture context, exploitability signals, and asset relevance.

TARA Feedback

Revisit affected threats, attack paths, controls, and residual risk when new vulnerabilities appear.

Evidence Refresh

Keep vulnerability decisions traceable for review, audit, and post-development cybersecurity monitoring.

LIFECYCLE COVERAGE

ISO/SAE 21434 evidence across the full vehicle lifecycle.

More than Clause 15 TARA. KAVACH helps teams connect architecture-aware TARA, attack paths, risk treatment, cybersecurity case evidence, ISO/SAE 21434 work products, UNECE R155/R156 evidence, and India-focused AIS 189 / AIS 190 readiness.

§5

Organizational Cybersecurity

Structure organizational cybersecurity evidence and governance inputs.

§6

Plan, Case, and Assessment

Support planning, argumentation, assessment evidence, and cybersecurity case preparation.

§7

Distributed Activities

Support supplier interface responsibilities, cybersecurity interface agreements, and evidence handover.

§8

Continual Activities

Connect vulnerability monitoring, post-development signals, and cybersecurity updates.

§9

Concept Phase

Support item definition, cybersecurity goals, and concept-level reasoning.

§10

Product Development

Connect requirements, controls, implementation evidence, and verification needs.

§11

Cybersecurity Validation

Support validation evidence and argument completeness.

§12

Production

Support production control evidence for cybersecurity-relevant processes.

§13–14

Operations, Updates, End of Support

Support operational monitoring, update reasoning, and lifecycle closure.

§15

TARA and Risk Treatment

Support architecture-aware threat analysis, risk assessment, and treatment decisions.

Work-product labels are traceability anchors. Final evidence remains subject to engineering review and customer approval.

DEPLOYMENT MODES

Use AI when allowed. Keep engineering moving when it is not.

AI is an accelerator, not a dependency. KAVACH runs as a manual workspace, a deterministic automation platform, or an AI-assisted workspace depending on the customer’s deployment boundary, AI policy, and review process. In every mode, engineers remain responsible for review, correction, approval, and final evidence.

AI not required

Manual Engineering Mode

Use KAVACH without AI generation. Engineers can manually create, edit, review, approve, link, and export cybersecurity work products while keeping traceability across the TARA and lifecycle evidence chain.

Rules and automation

Deterministic Automation Mode

Use built-in automation for rule-based suggestions, traceability links, work-product derivation, validation checks, report generation, vulnerability-to-TARA mapping, and audit-readiness gap detection without relying on AI generation.

Customer-boundary AI

Optional Private AI

Where permitted, use private AI assistance to accelerate structured draft generation, reasoning support, control suggestions, attack path drafting, and evidence preparation while keeping engineers in control of review and approval.

THREE MODES — ONE EVIDENCE CHAIN

Manual Engineering

Deterministic Automation

Optional Private AI

Traceability → Review → Evidence → Reports

AUTOMATION BEYOND AI

Even without AI, KAVACH still removes engineering effort.

Deterministic automation and structured workflow intelligence reduce repetitive engineering work even when AI is disabled.

Rule-based suggestions for impact ratings, security goals, controls, R155 mapping, and cybersecurity case arguments
Traceability rule engine across assets, threats, risk treatment, goals, controls, verification, and evidence
Real-time work-product validation with errors, warnings, suggestions, and ISO clause references
Completeness scoring and audit-readiness checks
Vulnerability-to-TARA mapping from CVEs/components to affected assets, threat scenarios, risk treatment, and evidence updates
ISO/SAE 21434 work-product and report generation from structured project data

Show all automation capabilities

Supports derivation of cybersecurity specification drafts from concept requirements, security goals, and controls
Supports generation of integration test case drafts from cybersecurity specifications
Helps derive validation criteria from security goals
Gap detection for orphan assets, missing links, incomplete controls, and evidence gaps
RACI / RASIC templates for roles and work-product ownership
Incident response playbook templates for automotive cybersecurity scenarios
Production cybersecurity checklist templates such as key provisioning, secure boot, firmware signing, and HSM-related checks

QUALITY GATES

Find evidence gaps before the review does.

Surface missing links, incomplete reasoning, and review gaps before work products leave the engineering team.

Orphan assets
Missing cybersecurity properties
Missing damage scenarios
Missing impact ratings
Unlinked damage scenarios
Threats without STRIDE / feasibility / risk
Untreated threats
Reduce decision without controls or goals
Treatment without justification
Retain / share decision without security claim
Goals without controls
Controls without linked goals
R155 mapping gaps
Cybersecurity case gaps
Traceability breaks

ILLUSTRATIVE REVIEW PANEL

Coverage status: In progress
Open review items: Several
Evidence links: Connected
Review status: Active

Illustrative panel. Not a real metric claim.

EVIDENCE OUTPUTS

Generate review-ready work products from one connected data model.

Structured drafts produced from connected engineering data — not retyped at review time.

TARA Report

Structured output covering assets, damage scenarios, threats, feasibility, risk, and treatment.

Cybersecurity Case

Claims, arguments, evidence links, review status, and open gaps.

R155 Compliance Matrix

Mapping of regulatory expectations to engineering evidence and work-product coverage.

Traceability Matrix

Links from architecture and assets through threats, controls, verification, and evidence.

Validation Report

Validation planning and evidence references connected to cybersecurity goals and risks.

Cybersecurity Plan

Programme-level cybersecurity planning inputs and work-product tracking.

Interface Agreement

Supplier and distributed-activity evidence for cybersecurity responsibilities.

Vulnerability Work Products

Component exposure, vulnerability triage, decision records, and update evidence.

Audit Readiness Summary

Gap overview, traceability status, review notes, and open actions.

Generated work products are structured drafts for engineering review and customer approval.

DEPLOYMENT

Built for sensitive vehicle architecture data.

Architecture, TARA, attack paths, controls, and evidence stay inside the customer-defined boundary.

Desktop Workspace

Engineering workspace for local project work, review, and evidence preparation.

On-Prem AI Inference

AI assistance can run inside the customer environment for sensitive programmes.

Customer-Dedicated VPC

Dedicated cloud boundary for teams that require controlled infrastructure without shared public inference.

Traceable Data Flow

Architecture, TARA, attack paths, controls, and evidence remain connected within the project model.

KAVACH does not have to depend on shared public AI services. Programmes can use manual workflows, deterministic automation, on-prem AI inference, or customer-dedicated cloud inference.

EFFORT GAP

See the effort gap between spreadsheet TARA and architecture-aware engineering.

TIME TO FIRST STRUCTURED TARA DRAFT

Architecture to first structured TARA draft in hours.

KAVACH accelerates the first structured draft of asset identification, damage scenarios, threat scenarios, attack paths, risk treatment, and evidence links. Final review, correction, approval, and release remain with the engineering team.

A moderate-complexity ECU can require around 250 manual engineering hours. KAVACH helps reduce the first-pass generation, structuring, linking, and report preparation effort while preserving engineer review. Estimate the effort gap with the TARA calculator →

Open TARA Calculator

Dimension	Manual Spreadsheets	Generic Tools	KAVACH
Architecture awareness	Manual interpretation	Limited or form-based	Native architecture context across ECUs, interfaces, data flows, and trust boundaries
Attack path reasoning	Written manually	Often generic	Attack trees, extracted paths, and feasibility reasoning linked to threats
Vulnerability-to-TARA update	Separate CVE tracking	Partial integration	CVE and component signals linked to assets, threats, treatment, and evidence
ISO/SAE 21434 lifecycle evidence	Manually assembled	TARA-heavy coverage	Connected work-product structure across lifecycle activities
R155 mapping	Manual mapping	Checklist style	Evidence-linked compliance matrix
Cybersecurity case	Separate document	Limited	Claims, arguments, evidence, and gaps connected to engineering data
Traceability	Fragile links	Partial	Asset-to-evidence chain maintained through the workflow
Deployment model	Local files	Usually SaaS	Desktop, on-prem, or customer-dedicated VPC
Engineer review	Manual review	Tool-assisted	Engineer-in-the-loop AI with editable, reviewable outputs
AI dependency	No AI; no structured automation	Either manual or unmanaged SaaS-assisted	Manual, deterministic automation, or optional private AI-assisted workflows
Automation without AI	Manual formulas and document effort	Limited templates or checklists	Rule-based suggestions, traceability automation, validation checks, work-product derivation, and report generation

Calculate the effort gap for your ECU or system →

GUIDED TOURS

Bring a real architecture. Walk through the cybersecurity thread.

Use a representative ECU, feature, or system to see how KAVACH moves from architecture context to reviewable cybersecurity evidence.

Build the Cybersecurity Digital Twin

Capture ECUs, interfaces, trust boundaries, data flows, diagnostics, update paths, and software components.

Request Demo →

Run Architecture-Aware TARA

Move from architecture to assets, damage scenarios, threats, attack paths, and risk treatment without losing traceability.

Request Demo →

Simulate and Review Attack Paths

Structure attack trees, extract paths, and review feasibility before treatment decisions.

Request Demo →

Map Risk Treatment to Controls

Link risk decisions to security goals, requirements, controls, and verification evidence.

Request Demo →

Trace a CVE into TARA

Connect a vulnerability to affected components, threat scenarios, treatment decisions, and evidence updates.

Request Demo →

Build a Cybersecurity Case

Assemble claims, arguments, gaps, and evidence into a reviewable case structure.

Request Demo →

Export Review-Ready Evidence

Generate work-product drafts from the same connected data model.

Request Demo →

FAQ

Frequently asked questions

See more on why teams choose KAVACH

See KAVACH on your architecture.

Bring a representative ECU, vehicle feature, or system architecture. We'll walk through how KAVACH moves from architecture context to reviewable cybersecurity evidence. For OEMs, Tier-1 suppliers, cybersecurity teams, system engineers, and programme owners building evidence for ISO/SAE 21434 and UNECE R155.

Request KAVACH Demo