Aufnahme von Christina Morillo aus Pexels zeigt einen Ingenieur mit Laptop.
Artificial Intelligence 08.05.2026

AI Action Month: Cyber Analytics for SMEs Without IT Teams

7 min read

The mAI Action Month launches on 5 May 2026 — a Federal Ministry for Economic Affairs and Energy (BMWE)–funded programme that gives SMEs free access to AI-powered cybersecurity analyses. For mid-sized companies without their own IT security departments, this is a tangible offer, not abstract funding. But: AI only plugs security gaps if the groundwork is in place.

Key Takeaways

  • mAI Action Month starts 5 May 2026. BMWE-funded programme provides SMEs with free AI-driven cybersecurity analyses via the Transfer Centre for Cybersecurity and the Chambers of Commerce network.
  • AI spots — humans decide. AI tools automatically scan networks, email set-ups and software versions for vulnerabilities. Fixing the findings is up to in-house IT staff or external providers.
  • Basics decide effectiveness. Without hygiene basics (patch levels, network segmentation, MFA), even AI tools can only help so much. The programme covers the analysis — implementation is on the company.
  • Target group: businesses under 250 employees. Especially relevant for manufacturers, tradespeople and service providers without dedicated security teams that fall under NIS2-adjacent or critical-infrastructure regulations.

What is the mAI Action Month? The mAI Action Month is a Federal Ministry for Economic Affairs and Energy (BMWE)–funded initiative that in May 2026 gives SMEs free access to AI-powered cybersecurity analysis tools. Run through the Transfer Centre for Cybersecurity and regional Chambers of Commerce networks, the offer includes automated vulnerability scans, phishing-simulation checks and configuration reviews for networks and cloud services.

Related: SecurityToday: Ivanti EPMM Zero-Days — What Operators of Critical Infrastructure Must Do Now

What AI cybersecurity tools actually deliver for SMEs

The Transfer Centre for Cybersecurity has supported more than 1,200 businesses with AI-driven security analyses since 2024. The result: 73 % of participating SMEs had at least one critical configuration gap that was previously unknown. AI tools detect patterns that manual checks miss — unusual access times, weak password hashes in Active Directory, outdated TLS versions on internal services.

SME practice figures (Transfer Centre for Cybersecurity 2024–2026)

73%

of analysed SMEs had unknown critical configuration gaps

1,200+

businesses supported with AI security analysis since 2024

Ø 2.8 h

time per full automated initial scan of an SME network

Which tools are included in the program

The mAI Action Month package comprises three levels of analysis. First, automated network scanning for known CVEs and open ports via AI-supported vulnerability scanners. Second, email security check: DMARC, DKIM, and SPF configurations are automatically validated and cross-checked against known phishing patterns. Third, cloud configuration review for Microsoft 365 and Google Workspace – conditional access rules, MFA enforcement, and unwanted OAuth app permissions are reported.

Important: These tools do not replace a penetration test. They identify known vulnerabilities and misconfigurations – an attacker using a zero-day or deploying targeted social engineering will not be stopped. For businesses that have never conducted systematic vulnerability analysis, this still represents a significant security improvement.

AI tools deliver

  • Detection of known CVEs in software and network devices
  • Automated verification of email security configurations
  • Identification of insecure cloud permissions
  • Evaluation of password policies and MFA status
  • Generation of baseline report with prioritized recommendations

AI tools do not replace

  • Penetration testing by human experts
  • Social engineering simulations and awareness training
  • Implementation of identified measures
  • Ongoing security monitoring and incident response
  • Protection against zero-days and targeted attacks

How SMEs can make the most of the program

Preparation for maximum benefit

  1. Inventory check: Document all devices and services connected to the network before the scan begins—otherwise results will be incomplete
  2. Verify patch status: Update operating systems and critical software—scans detect known CVEs, but outdated systems dramatically inflate the hit rate
  3. Enable MFA: Where not already in place, activate multi-factor authentication on all external access points—otherwise credentials remain the biggest risk factor that scans cannot resolve
  4. Assign a point of contact: Who will review the report and decide on follow-up actions? Without clear ownership, reports vanish unread
  5. Confirm budget: AI analysis is free—implementing recommendations is not. Typical costs for external specialists to remediate identified gaps range from €500 to €3,000

The registration for the mAI action month is handled via the Transferstelle Cybersicherheit or, regionally, through the responsible Chamber of Commerce and Industry. Capacity is limited—sign up in May 2026 as early as possible.

Source facts: BMWE press release April 2026, Transferstelle Cybersicherheit annual report 2025, BSI situation report 2025.

“Yet: AI only closes security gaps when the groundwork is in place.”

Frequently Asked Questions

Who can participate in the mAI Action Month?

The program is aimed at SMEs with up to 250 employees and headquarters in Germany. There are no industry restrictions—the offer is particularly relevant for manufacturing businesses, trades, commerce, and service providers that have implemented little to no structured cybersecurity measures so far. Participation is completely free of charge.

What does participation cost and are there any hidden fees?

The AI analysis itself is free and government-funded (BMWE). There are no hidden costs for the scan itself. Costs typically arise only afterward: if gaps are identified and external IT service providers are commissioned for remediation, expenses range from €500 to several thousand euros depending on the scope. Companies without internal capacity should budget accordingly.

How secure is the data being scanned?

The analysis is conducted under BSI framework conditions and in full GDPR compliance. Scan results are not shared with third parties. The tools used either operate entirely locally within the company network or via GDPR-compliant EU servers. Specific data protection details per tool are available from the Cybersecurity Transfer Office upon request.

What happens after the scan—who assists with implementation?

The Action Month concludes with a report. For implementation, the Cybersecurity Transfer Office refers to the BSI network of qualified IT service providers and regional IHK (Chamber of Commerce) advisory services. There is no automatic referral to paid providers—companies choose independently with whom to implement the recommendations.

Is this program a substitute for NIS2 compliance measures?

No. NIS2 compliance requires a formal risk management framework, reporting processes, and documented security measures. The mAI Action Month serves as a practical entry-level tool for a baseline analysis—it can serve as a foundation for an NIS2 security concept but does not replace full compliance consulting. Companies subject to NIS2 obligations should engage a certified consultant in parallel.

Source of cover image: Pexels | Facts basis: BMWE, Cybersecurity Transfer Office, BSI

Also available in

A magazine by evernine media GmbH