PartnershipsJun 24, 2026 10 min

Bidirectional Charging Is a Software Problem: ABB E-mobility, V2G, and the Case for Backend Red-Teaming

ABB E-mobility's Power2Drive booth was built around bidirectional DC charging. Every V2G flow is also a new authentication and control path — and that's where we come in.

Row of white DC fast EV chargers in an urban plaza at sunset
By TrendGuru Research

Booth C6.550, Hall C6, Power2Drive Europe. ABB E-mobility — spun out of ABB in 2022 and now one of the top three DC-charger vendors globally — used its Munich footprint to make a single point loudly: the future of fast charging is bidirectional, and the future of bidirectional charging is defined in software. Their live demo cycled a parked EV between grid-support and vehicle-charging modes on a two-minute loop, coordinated end-to-end through OCPP 2.0.1 and ISO 15118-20.

Row of white DC fast chargers in an urban plaza at sunset
DC fast-charging plazas are now, functionally, distributed control systems with cellular modems.

The threat model shifted while nobody was looking

For a decade, EV-charging cybersecurity discussions have centered on the charger's local interfaces: OCPP over unauthenticated WebSockets, exposed maintenance ports, weak Wi-Fi provisioning. Those are largely solvable problems and the industry is closing them.

The 2026 threat surface is different. It is the *backend*. A modern DC fast-charger is a thin client that authenticates to a Charge Point Operator (CPO) cloud, which in turn talks to a Mobility Service Provider (MSP), a Distribution System Operator (DSO), a payment processor, a smart-charging optimizer, and — increasingly — a bidirectional-charging dispatch engine that decides, minute by minute, whether energy flows into the car or out of it. Every one of those hops is a trust decision.

ISO 15118-20 formalizes the plug-and-charge and V2G handshakes. OCPP 2.0.1 formalizes the charger-to-CPO channel. Neither standard, on its own, says anything about the AI-driven optimizer that may sit above them. That is the gap.

Three concrete failure modes

1. LLM-assisted operator tooling in the CPO backend

Every large CPO we spoke to at Power2Drive is either piloting or shipping an LLM-based copilot for their NOC: "why is site 214 offline, and what's the fastest fix?" The copilot ingests ticket text, vendor advisories, weather feeds and — critically — messages from the DSO. Indirect prompt injection through any of those channels is not hypothetical; it is the OWASP LLM Top 10's number-one entry for the third year running.

2. Dispatch-engine manipulation

A V2G optimizer that decides when to discharge parked fleets into the grid is, economically, a trading agent. Manipulate its inputs — price feed, weather forecast, state-of-charge reporting — and you manipulate its output. In a market with negative prices and imbalance settlement, the payoff for such manipulation is not small.

3. Cross-tenant leakage in shared platforms

Multi-tenant CPO platforms increasingly share model infrastructure across customers. The 2024–2025 wave of "EchoLeak"-style disclosures against Microsoft 365 Copilot showed that cross-tenant boundaries in AI-integrated SaaS are harder to hold than most vendors initially assumed. The same class of bug in a CPO backend leaks customer charging patterns — and, in a V2G world, revenue.

Where a TrendGuru partnership lands

The conversation with the ABB E-mobility team was not about their hardware, which is very good. It was about the backend software estate around it. Specifically:

  • Backend LLM red-teaming. Continuous, versioned indirect-injection test suites against NOC copilots, mapped to OWASP LLM Top 10 categories.
  • Optimizer input integrity. Signed, provenance-tracked price and forecast feeds into V2G dispatch, with anomaly detection on optimizer outputs.
  • Tenant-isolation assurance. Structured tests for cross-tenant data leakage in shared model infrastructure.
  • Standards alignment. Evidence packages that map controls to ISO/SAE 21434 (automotive), IEC 62443-3-3 SL2+ (OT), and NIS2 Annex I obligations for essential entities — the framework CPOs are now operating under across the EU.

Why this matters beyond one vendor

ABB E-mobility is a natural anchor for a conversation like this because their footprint spans hardware, backend and — via ABB — grid infrastructure. But the pattern applies across every serious Power2Drive exhibitor: Alpitronic, Kempower, ads-tec Energy, Compleo, Wallbox. The industry has, in three years, quietly become a software business with a hardware appendix. The security stack has not caught up.

When the car can push power back into the grid, the authentication path is a safety-critical control loop. Treat it like one.
Share this article
Keep Reading

© 2026 TrendGuru AI