How Europe’s Sovereign AI Push Exposes Major Security Risks in Legacy Systems
Europe’s push for digital sovereignty is accelerating, with governments investing in artificial intelligence, cloud infrastructure and secure data systems aimed at reducing reliance on external technology providers. Yet as these efforts expand, attention is increasingly turning to a less visible but critical issue: the security of the complex, aging systems already embedded across public infrastructure.
Across sectors such as energy, transport, healthcare and government services, infrastructure is typically built in layers, combining modern technologies with older components that are difficult to replace and not always fully monitored. These environments can create blind spots that are difficult to assess using traditional cybersecurity approaches.
A new development from DREAM, a cybersecurity company focused on protecting national infrastructure and government systems, highlights the scale of that problem and a potential shift in how it is addressed.
DREAM has launched an AI-native security research framework designed to identify vulnerabilities across complex government and critical infrastructure environments. The system uses a multi-agent approach to analyse source code, software binaries, network protocols and system behaviour at scale, enabling large-scale analysis of broad and fragmented attack surfaces.
The introduction of this technology comes as European policymakers place growing emphasis on “sovereign AI”, seeking to ensure that artificial intelligence systems can be developed and deployed within trusted and controlled environments. However, those systems will ultimately operate within infrastructure that often includes legacy technologies and overlooked services.
According to DREAM, the framework is intended to address that gap. Traditional vulnerability research, which relies heavily on manual analysis by small teams, remains effective but can struggle to scale across large and heterogeneous environments.
“This framework allows us to investigate complex technologies in a fundamentally different way,” said Kfir Fleischer, VP Research & Product at DREAM. He added that “much of government infrastructure still relies on legacy and overlooked technologies” that receive limited attention from the broader security ecosystem, despite being actively targeted by advanced threat actors.
As an early demonstration of the framework’s capabilities, DREAM disclosed a critical zero-day vulnerability in GNU Inetutils telnetd, a widely deployed implementation of the Telnet protocol.
The flaw (tracked as CVE-2026-32746 and rated 9.8 in severity) allows unauthenticated remote code execution. It can be triggered during the Telnet handshake, before authentication takes place, meaning that a single connection may be sufficient to compromise an affected system. In many deployments, telnetd runs with root privileges, increasing the potential impact.
While Telnet is an older protocol, it remains in use across a wide range of infrastructure, including networking equipment, embedded systems and operational technology. Public internet measurement data indicates that hundreds of thousands of Telnet services remain publicly accessible, including in environments that are difficult to update or replace quickly.
For Europe, that continued exposure highlights a broader structural issue. Sovereign AI initiatives are being developed alongside infrastructure that was not designed for today’s threat landscape, creating an expanding attack surface that spans both new and legacy systems.
DREAM said the research framework was developed as part of its broader Sovereign AI initiative, which focuses on enabling governments to deploy advanced AI capabilities securely within national environments.
“We are entering a world where AI systems themselves become part of national infrastructure,” said Amir Becker, Chief Business and Strategy Officer at DREAM. He added that “understanding vulnerabilities across those systems will be one of the defining security challenges of the coming decade.”
As Europe continues to invest in sovereign AI, the findings point to a parallel priority: ensuring that the systems supporting these technologies, including long-standing and often overlooked components, can be secured at scale.
The post How Europe’s Sovereign AI Push Exposes Major Security Risks in Legacy Systems appeared first on European Business & Finance Magazine.
