Innovative technology that can be integrated into existing computer hardware and blocks up to 70% of the most common cyber attacks will soon be in devices across the country.
The work is supported by up to £21 million from Innovate UK and the Department for Science, Innovation and Technology.
The cutting-edge technology, Capability Hardware Enhanced RISC Instructions (CHERI), builds defences into computer systems from the off.
A large share of cyber attacks exploit common software bugs.
CHERI adds security at the hardware level, which means many common cyber attacks, like hijacking software or stealing data, can be stopped, ensuring devices are better protected than ever.
The funding will strengthen the services people and businesses rely on, from energy and transport to healthcare and advanced manufacturing.
Two major competitions
As part of the package, Innovate UK is announcing the winners of two major competitions.
Almost £15 million from the Advancing CHERI RISC-V Devices competition will help three companies to get CHERI-enabled hardware into real products. The companies are:
- EnSilica
- SCI Semiconductor
- LowRISC
A further £6.1 million has been awarded to five projects to make supporting tools and software so developers can bring products to market faster. The projects are:
- SCI Semiconductor
- The University of Manchester
- Capabilities Limited
- University of Birmingham
- Sensor IT
Together, this coordinated investment will help move CHERI from world-class UK research into the devices we use every day.
It will ensure that both the physical technology and the supporting software ecosystem are ready for widespread adoption.
This will enable CHERI’s advanced cyber protections to be embedded into the systems that power everything from critical infrastructure to consumer electronics.
Boosting the UK’s cyber resilience
The UK’s £13.2 billion cyber sector is a national success story, with strengths across the country.
Today’s announcement comes as Cyber Security Minister Liz Lloyd visits the North West, which is home to 10% of UK cyber jobs.
The minister will visit the NCC Group and the Greater Manchester Digital Security Hub (DiSH), a start-up hub based at GCHQ’s office that supports small and medium-sized enterprises across technology, defence and cyber.
The purpose of the visit is to see how regional innovators are boosting the UK’s cyber resilience and getting cutting-edge research to market faster.
Safer digital future
Cyber Security Minister Liz Lloyd said:
CHERI changes the game for cyber security, enabling us to build defences directly into device hardware. It can shut down up to 70% of the most common cyber attacks at source, helping protect everything from the smart devices in our homes to the systems that keep hospitals running and transport moving.
This is how we are making systems stronger from the ground up, and these investments will help us build a safer digital future as we drive new growth across our tech sector.
Software consultancy The Good Penguin will also establish the CHERI Centre for Software and Tools, a hub that will convene the tools and software required to unlock quick business adoption of CHERI devices.
This investment means safer technology in everyday life, from cars and smart devices to the systems that keep our lights on and hospitals running.
It positions the UK as a leader in cyber security and helps protect against future threats.
Robust and resilient supply chain
Ian Lankshear, CEO of EnSilica said:
As a leading silicon chip maker, we are delighted to have our secure processor chip chosen by the UK Government for this Contract for Innovation. This will expand our products by offering a CHERI-enabled secure processor chip as a commercial off-the-shelf product, not only putting CHERI-enabled devices into the hands of product developers and strengthening their security capabilities, but also contributing to a more robust and resilient UK technology supply chain.
Eliminating cyber attacks
Haydn Povey, CEO of SCI Semiconductor said:
We are thrilled and honoured to be selected for this critical government contract. This represents a powerful validation of our mission to deliver foundational security for the future of connected systems. By integrating Microsoft’s higher-performance, open-sourced, 2nd generation, CHERIoT RISC-V core, we are building on a revolutionary hardware-first approach to memory safety that eliminates the vast majority of today’s cyberattacks.
Furthermore, we are taking a quantum leap forward in embedded security and intelligence. The inclusion of Post-Quantum Cryptography ensures our microcontroller is resilient against the threats of tomorrow, while the integration of Google’s open-sourced Kelvin AI accelerator provides best-in-class, on-device machine learning capabilities.
This powerful combination of CHERI’s proven security, next-generation cryptography, and advanced edge AI allows us to deliver the most secure and intelligent microcontroller on the market, providing an essential, trustworthy platform for critical infrastructure and industry.
Next gen products
Dana Huang, Corporate Vice President, Engineering, Cloud and Artificial Intelligence Edge Platform Security at Microsoft said:
Microsoft open-sourced the CHERIoT project in 2023 and the higher-performance CHERIoT Kudu RISC-V core in 2025 to enhance security of security processors and embedded ecosystems. We are very happy to see the Digital Security by Design programme funding SCI Semiconductor to adopt this in their next-generation microcontroller products.
New applications
Ben Laurie, Principal Engineer, Google Research added:
The Google open-source Kelvin AI/ML MLIR-compliant core is already in use in many challenging environments, however the ability to integrate it into a CHERI-enabled platform enables a wide array of additionally trustworthy applications to be developed. We are very pleased to be enabling this project and look forward to seeing devices from SCI Semiconductor based on this technology.
Further information
Advancing CHERI RISC-V Devices
The Advancing CHERI RISC-V Devices funding competition, delivered by Innovate UK, awarded almost £15 million to three companies, to support businesses to accelerate the availability of CHERI-enabled devices. The companies are as follows.
EnSilica PLC
EnSilica PLC is developing a production-ready, single-chip Ethernet I/O Aggregator microcontroller. This device will power the next generation of secure vehicles and industrial automation by combining CHERI security with standards-based networking in one component.
SCI Semiconductor Limited
SCI Semiconductor Limited is building a high-performance, post-quantum capable processor that integrates secure artificial intelligence and machine learning capabilities, designed to secure the UK’s critical national infrastructure.
LowRISC
LowRISC is maturing commercial readiness of the CHERI enabled version of the CVA6, RISC-V 64-bit Linux-capable processor core and its integration in future high security platforms, such as OpenTitan.
Advancing CHERI Tools and Software Components
The Advancing CHERI Tools and Software Components contracts awarded £6.1 million to five projects. The projects are as follows.
SCI Semiconductor Limited
SCI Semiconductor Limited is delivering a comprehensive toolkit for developers, including CHERI-aware static analysis for C and C++ and full Rust toolchain support, providing a clear migration path to a memory-safe environment.
The University of Manchester
The University of Manchester is developing MicrOS, a specialised operating system for small, single-address space embedded systems. MicrOS will make it easy and efficient to build hardware-secured, compartmentalised software on low-cost devices that can’t afford the protections of traditional memory management hardware.
Capabilities Limited
Capabilities Limited is preparing the advanced security features developed in the CheriBSD operating system for integration into the mainstream FreeBSD operating system. This will bring CHERI’s protections to a wide range of CNI product vendors.
University of Birmingham
The University of Birmingham is maturing memory-safe CHERI support to the popular Zephyr Real-Time Operating System. This will create a go-to, highly secure operating system for a vast range of embedded products, from wind turbines to consumer electronics.
Sensor IT Ltd
Sensor IT Ltd is creating a highly secure gateway for industrial control systems, specifically targeting legacy RS485/Modbus protocols. This will protect critical equipment in sectors like manufacturing and utilities from modern cyber threats using CHERI’s hardware-enforced protection.