UK's £21M Investment Embeds CHERI Hardware to Fight Cyber Threats

The UK government has confirmed a major funding package worth more than £21 million to accelerate the development and adoption of CHERI (Capability Hardware Enhanced RISC Instructions), a hardware-based security technology designed to stop cyber attacks at source. The investment, delivered through Innovate UK and the Department for Science, Innovation and Technology (DSIT), aims to strengthen national cyber resilience and support the commercial production of secure-by-design processors for both public and private-sector use.

CHERI is an emerging architecture that integrates memory protection directly into computer chips, rather than relying solely on software defences. Researchers believe it could prevent up to 70 per cent of cyber attacks linked to memory corruption flaws — a long-standing weakness exploited in malware, ransomware operations and targeted state-sponsored campaigns.

The announcement follows increasing concern over global cyber threats, particularly those involving AI-assisted attack methods and vulnerabilities within critical infrastructure, connected devices and transport systems. Officials say the programme represents a shift towards embedding security at the silicon layer, reducing the need for reactive patching after systems are deployed.

More information on the initiative is available via the official UK Research and Innovation (UKRI) announcement.

Hardware-First Security Approach

Unlike most cybersecurity tools that detect or contain threats once an attack is underway, CHERI technology aims to block exploitation attempts before they begin. It does so by integrating capability-based memory controls that restrict which parts of a device’s memory can be accessed by software processes. This approach is intended to reduce the ability of an attacker to manipulate memory or execute malicious code, even if software vulnerabilities are present.

Security analysts say the approach marks a potential turning point in how governments and industry tackle the long-standing problem of insecure computing foundations.

Breakdown of Funding

The majority of the investment — just under £15 million — will be directed through the Advancing CHERI RISC-V Devices programme. Three organisations, EnSilica, SCI Semiconductor and LowRISC, will work on embedding CHERI-based architecture into commercially viable processors and chipsets.

A further £6.1 million will support five software and tools development projects led by SCI Semiconductor, the University of Manchester, the University of Birmingham, Capabilities Limited and Sensor IT. These groups will focus on building the wider ecosystem required for market adoption, including toolchains, development platforms and testing environments.

The initiative also involves collaboration with major global technology companies, including Microsoft and Google, who are providing open-source processor cores and AI-enhanced development support.

Government Position

Cyber Security Minister Liz Lloyd welcomed the programme, describing it as a step towards building long-term security into the UK’s digital and industrial infrastructure.

“This technology allows us to build defences directly into device hardware, shutting down up to 70% of common cyberattacks at the source,” she said. “It supports the systems that underpin daily life, from hospitals and transport to commerce and communications.”

Officials say the announcement aligns with wider policy objectives around protecting essential services, promoting innovation and preparing for next-generation cyber threats.

Strengthening Domestic Capability

The programme is expected to support the UK’s semiconductor and advanced computing sector by helping domestic firms develop secure, off-the-shelf processor solutions suitable for manufacturing partners and device makers.

Ian Lankshear, CEO of EnSilica, said the initiative will help bring secure processor products closer to commercial deployment, increasing the availability of CHERI-enabled hardware for industry developers and product designers.

The Good Penguin will lead the newly established CHERI Centre for Software and Tools, which will provide technical guidance, business support and adoption resources for organisations trialling or integrating the technology.

Wider Impact and Next Steps

CHERI technology is expected to be relevant across sectors including healthcare, transport, energy systems, industrial automation, telecommunications, defence and consumer electronics. Supporters believe the approach could reduce the long-term financial and operational impact of cyber incidents, which continue to rise globally.

The next phase of the programme will focus on testing, standards alignment, manufacturing partnerships and early-stage deployment in real-world environments. If successful, CHERI-based hardware could form part of future baseline cybersecurity requirements in both national and international markets.

About TheTechNews.co.uk

thetechnews.co.uk is a UK-based digital publication providing verified reporting, technology updates, industry analysis and coverage of cybersecurity, digital innovation, research development and emerging technologies. Our goal is to offer clear, factual, high-quality journalism that helps readers understand how technology affects business, society and everyday life.

Frequently Asked Questions (FAQs)

Q1: What is the UK government's recent investment in cybersecurity?
A: The UK government announced over £21 million in funding to advance the development and widespread deployment of CHERI (Capability Hardware Enhanced RISC Instructions) technology, aimed at strengthening hardware security. This initiative is part of a broader strategy to enhance cyber resilience across critical sectors, including energy, healthcare, transport, and manufacturing.​

Q2: What is CHERI technology and how does it improve cyber security?
A: CHERI is a hardware-level security architecture built into processors that mitigates vulnerabilities caused by software bugs, such as memory safety issues. By embedding security features directly into hardware, CHERI can prevent a significant portion of cyber attacks—up to 70%—by stopping exploits like data theft and system hijacking at an early stage. This approach fundamentally enhances system resilience and confidence in digital infrastructure.​

Q3: How is the UK government funding being allocated?
A: Nearly £15 million is being invested through the 'Advancing CHERI RISC-V Devices' competition, supporting companies like EnSilica, SCI Semiconductor, and LowRISC to embed CHERI into commercial hardware products. An additional £6.1 million is dedicated to five projects aimed at speeding up the development of software tools that facilitate broader adoption among developers.​

Q4: Why now is the UK investing heavily in hardware-based cybersecurity?
A: As cyber threats become more frequent and sophisticated, embedding security into hardware becomes essential for protecting critical systems before attacks occur. With the rise in cyberattacks exploiting software vulnerabilities, hardware-based solutions like CHERI are viewed as a proactive defense, securing systems from the ground up. The UK aims to lead globally in cyber resilience and safeguard vital infrastructure and services.​

Q5: What is the anticipated impact of this investment?
A: The initiative is expected to significantly reduce cyber risks across multiple sectors by enabling the deployment of robust, hardware-enforced defenses. It aims to foster a vibrant UK tech supply chain, accelerate innovation, and establish Britain as a global leader in cybersecurity hardware solutions. The protective architecture will be integrated into devices used in critical infrastructure, increasing security and facilitating secure digital adoption.​

Q6: Who are the industry partners involved in implementing CHERI?
A: Key industry players like EnSilica, SCI Semiconductor, and LowRISC are recipients of funding and are leading efforts to embed CHERI architecture into commercial products. Tech giants such as Microsoft and Google are also contributing open-source cores and AI accelerators to support the ecosystem, reinforcing the UK’s strategic focus on hardware security.