Press kit: AI/ML SaMD Security: Year in Review
Vulnerabilities, FDA expectations, and real-world findings on AI-enabled medical devices.
Media contact
Email [email protected] for interviews, custom data cuts, or fact-check requests. We respond same-day for active stories. Lead author for this report: Trevor Slattery, COO.
Quote-ready findings
- "Pending legal review."
Charts (embed-friendly)
Free to re-use with attribution. Drop the iframe snippet into any CMS that allows HTML — the chart will render at the correct aspect ratio with our methodology footer baked in.
FDA deficiency themes for AI/ML SaMD submissions
internal extract pendingShare of AI/ML deficiencies by content area.
Source: Blue Goat Cyber AI/ML SaMD deficiency subset, 2026. · Unit: % of deficiencies
<iframe src="https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/ai-ml-deficiency-themes" width="100%" height="420" style="border:0" loading="lazy" title="FDA deficiency themes for AI/ML SaMD submissions"></iframe>Direct chart URL: https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/ai-ml-deficiency-themes
Penetration test findings on AI/ML SaMD
internal extract pendingShare of findings by category (model supply chain, prompt injection, data poisoning, classic web/API).
Source: Blue Goat Cyber AI/ML SaMD penetration test subset, 2026. · Unit: % of findings
<iframe src="https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/ai-ml-finding-categories" width="100%" height="420" style="border:0" loading="lazy" title="Penetration test findings on AI/ML SaMD"></iframe>Direct chart URL: https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/ai-ml-finding-categories
2026 CVEs in ML inference stacks affecting MedTech
internal extract pendingCount of CVEs disclosed in 2026 by ML framework.
Source: Public CVE disclosures, 2026, filtered to ML inference frameworks. · Unit: CVEs
<iframe src="https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/ml-stack-cves" width="100%" height="420" style="border:0" loading="lazy" title="2026 CVEs in ML inference stacks affecting MedTech"></iframe>Direct chart URL: https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/ml-stack-cves
Predetermined Change Control Plan coverage in AI/ML submissions
internal extract pendingShare of AI/ML submissions including a PCCP that addressed cybersecurity-relevant changes.
Source: Blue Goat Cyber AI/ML SaMD submission subset, 2026. · Unit: % of submissions
<iframe src="https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/pccp-coverage" width="100%" height="420" style="border:0" loading="lazy" title="Predetermined Change Control Plan coverage in AI/ML submissions"></iframe>Direct chart URL: https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/pccp-coverage
Model supply chain SBOM completeness
internal extract pendingShare of AI/ML SBOMs that include training-data provenance, model-weight provenance, and inference-runtime version.
Source: Blue Goat Cyber AI/ML SBOM subset, 2026. · Unit: % of SBOMs
<iframe src="https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/model-sbom-completeness" width="100%" height="420" style="border:0" loading="lazy" title="Model supply chain SBOM completeness"></iframe>Direct chart URL: https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026/embed/model-sbom-completeness
Citation
Blue Goat Cyber. (2026). AI/ML SaMD Security: Year in Review. https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026
Canonical report URL: https://bluegoatcyber.com/research/ai-ml-samd-security-year-in-review-2026