Advanced cyber protections to be embedded into digital systems
Image by Teerachai Jampanak / copyright Shutterstock
The work is supported by up to £21 million from Innovate UK and the Department for Science, Innovation and Technology (DSIT).
The cutting-edge technology, Capability Hardware Enhanced RISC Instructions (CHERI), builds defences into computer systems from the off. A large share of cyber attacks exploit common software bugs. CHERI adds security at the hardware level, which means many common cyber attacks, like hijacking software or stealing data, can be stopped, ensuring devices are better protected than ever.
The funding will strengthen the services people and businesses rely on, from energy and transport to healthcare and advanced manufacturing.
Two major competitions
As part of the package, Innovate UK is announcing the winners of two major competitions.
Almost £15 million from the Advancing CHERI RISC-V Devices competition will help three companies to get CHERI-enabled hardware into real products. The companies are:
- EnSilica
- SCI Semiconductor
- LowRISC
A further £6.1 million has been awarded to five projects to make supporting tools and software so developers can bring products to market faster. The projects are:
- SCI Semiconductor
- The University of Manchester
- Capabilities Limited
- University of Birmingham
- Sensor IT
Together, this coordinated investment will help move CHERI from world-class UK research into the devices we use every day. It will ensure that both the physical technology and the supporting software ecosystem are ready for widespread adoption. This will enable CHERI’s advanced cyber protections to be embedded into the systems that power everything from critical infrastructure to consumer electronics.
Boosting the UK’s cyber resilience
The UK’s £13.2 billion cyber sector is a national success story, with strengths across the country.
Yesterday’s announcement comes as Cyber Security Minister Liz Lloyd visited the North West, which is home to 10% of UK cyber jobs.
The minister visited the NCC Group and the Greater Manchester Digital Security Hub (DiSH), a start-up hub based at GCHQ’s office that supports small and medium-sized enterprises across technology, defence and cyber.
The purpose of the visit was to see how regional innovators are boosting the UK’s cyber resilience and getting cutting-edge research to market faster.
Cyber Security Minister Liz Lloyd said: "CHERI changes the game for cyber security, enabling us to build defences directly into device hardware. It can shut down up to 70% of the most common cyber attacks at source, helping protect everything from the smart devices in our homes to the systems that keep hospitals running and transport moving.
"This is how we are making systems stronger from the ground up, and these investments will help us build a safer digital future as we drive new growth across our tech sector."
Software consultancy The Good Penguin will also establish the CHERI Centre for Software and Tools, a hub that will convene the tools and software required to unlock quick business adoption of CHERI devices.
This investment means safer technology in everyday life, from cars and smart devices to the systems that keep our lights on and hospitals running.
It positions the UK as a leader in cyber security and helps protect against future threats.
Ian Lankshear, CEO of EnSilica said: "As a leading silicon chip maker, we are delighted to have our secure processor chip chosen by the UK Government for this Contract for Innovation. This will expand our products by offering a CHERI-enabled secure processor chip as a commercial off-the-shelf product, not only putting CHERI-enabled devices into the hands of product developers and strengthening their security capabilities, but also contributing to a more robust and resilient UK technology supply chain."
Haydn Povey, CEO of SCI Semiconductor said: "We are thrilled and honoured to be selected for this critical government contract. This represents a powerful validation of our mission to deliver foundational security for the future of connected systems. By integrating Microsoft’s higher-performance, open-sourced, 2nd generation, CHERIoT RISC-V core, we are building on a revolutionary hardware-first approach to memory safety that eliminates the vast majority of today’s cyberattacks.
"Furthermore, we are taking a quantum leap forward in embedded security and intelligence. The inclusion of Post-Quantum Cryptography ensures our microcontroller is resilient against the threats of tomorrow, while the integration of Google’s open-sourced Kelvin AI accelerator provides best-in-class, on-device machine learning capabilities.
"This powerful combination of CHERI’s proven security, next-generation cryptography, and advanced edge AI allows us to deliver the most secure and intelligent microcontroller on the market, providing an essential, trustworthy platform for critical infrastructure and industry."
Dana Huang, Corporate Vice President, Engineering, Cloud and Artificial Intelligence Edge Platform Security at Microsoft said: "Microsoft open-sourced the CHERIoT project in 2023 and the higher-performance CHERIoT Kudu RISC-V core in 2025 to enhance security of security processors and embedded ecosystems. We are very happy to see the Digital Security by Design programme funding SCI Semiconductor to adopt this in their next-generation microcontroller products."
Ben Laurie, Principal Engineer, Google Research added: "The Google open-source Kelvin AI/ML MLIR-compliant core is already in use in many challenging environments, however the ability to integrate it into a CHERI-enabled platform enables a wide array of additionally trustworthy applications to be developed. We are very pleased to be enabling this project and look forward to seeing devices from SCI Semiconductor based on this technology."
