My podcast guest this week is Jason Oberg from Arteris. Jason and I discuss this profound transition toward hardware security, explore how Cycuity’s integration into Arteris is changing the game for system-level security and discuss how teams can address the emerging risks in our era of distributed systems, chiplets, and constant data movement.
Click here to check out the Fish Fry Archive.
Amelia Dalton:
Hello there everyone. Welcome to episode number 690 of this here electronic engineering podcast called Amelia’s Weekly Fish Fry, brought to you by EEJournal.com and written, produced, and hosted by yours truly, Amelia Dalton.
Folks, today we’re diving deep into a realm of cybersecurity that is often overlooked but increasingly critical: the silicon itself.
For years, the industry has poured billions into software and network defenses. But as the threat landscape evolves, the hardware is becoming the primary target.
My guest today is Jason Oberg from Arteris. Jason and I discuss the seismic shift toward hardware security, explore how Cycuity’s integration into Arteris is changing the game for system-level security, and how teams can address the emerging risks in our era of distributed systems, chiplets, and constant data movement.
So without further ado, please welcome Jason to Fish Fry.
Interview
Amelia Dalton:
Hi Jason, thank you so much for joining me.
Jason Oberg:
Thanks for having me. I’m excited to be here.
Amelia Dalton:
Excellent.
Okay, so for years cybersecurity investment has focused on software and networks. So what’s changed in the threat landscape that’s driving the rise in hardware vulnerabilities and making silicon a primary target?
Jason Oberg:
Yeah, it’s a great question.
It’s actually pretty amazing. There’s been a pretty significant increase in hardware vulnerabilities in the last, say, five-plus years or so. A lot of that’s really attributed to a couple things, I think.
First, a big factor is that modern chip designs are obviously just getting more and more complicated, both in terms of the IP that they’re leveraging as well as the gate count. And obviously, with the whole era of AI and LLMs, there’s huge demands for performance.
All of this layered on top of each other just dramatically increases the complexity of chip designs. As you know, complexity is always of benefit to the attacker. Security issues are always hidden in complexity.
As we’ve seen designs become more and more complicated, ensuring that those designs are behaving securely is becoming more and more challenging. So I think that’s one really big macro component.
The other one that’s probably a little bit less obvious is that a lot of these hardware issues can actually be exploited from software.
There was a big learning when the original Meltdown and Spectre issues came out. Modern chips have a lot of shared resources and performance features. You might be sharing the same physical chipset with different applications running on your phone, or in a cloud environment you have different virtual machines sharing the same physical chipset.
A lot of issues can come up with that. Information can leak between users or abstraction levels, whether it’s a VM or an application. Attackers figured out how to exploit some of that sharing in pretty sophisticated ways.
Meltdown and Spectre were the first instances of this, but beyond those attacks, there have been many new ways of exploiting hardware from software.
So really, I think those are the two key driving factors: new learnings about how to exploit hardware issues from software, and the fact that security problems are increasingly buried in the growing complexity driven by demands for higher performance.
Amelia Dalton:
So Cycuity has been focused on identifying and mitigating hardware vulnerabilities early in the design process. Now that Cycuity is part of Arteris, how does that expand what you can deliver to customers, especially as security becomes a system-level challenge?
Jason Oberg:
Absolutely.
It goes back to what I just mentioned about system complexity. Modern chipsets have hundreds of interconnected subsystems connected by a complex system interconnect, such as a NoC or some variant of that.
That’s really the foundation of data movement across the chip. It’s how secure subsystems communicate, and there’s a lot of access control built into that infrastructure.
Being able to add security assurance to the NoC and across the entire system interconnect is a key component of addressing these issues early.
You can proactively identify security weaknesses, generate secure NoC configurations, and address fundamental security weaknesses that arise from system complexity.
Being part of Arteris gives us broader reach and allows us to apply our technology to larger-scale system-level security challenges.
Amelia Dalton:
So Jason, as systems become more distributed with constant data movement and growing use of chiplets, where do you see the biggest security risks emerging, and how should teams be thinking about them differently?
Jason Oberg:
There’s a fundamental issue with security.
As ecosystems become more fragmented, and system integrators have less control over the components they’re integrating, security issues naturally increase.
In a perfect world, the same company would design every subsystem, write all the Verilog, build all the software, and develop everything from the ground up.
Very few companies actually do that.
With chiplets, this becomes even more challenging because you’re integrating very complex third-party subsystems. You know what the specifications say they should do, but you don’t necessarily know what’s happening internally.
That means assumptions have to be made during integration, and with systems this complex, mistakes are easy to make.
I do think the system interconnect provides interesting opportunities because it’s what connects all those chiplets together. There are opportunities to provide security assurance at the interconnect level to reduce system-level risks.
But ultimately, as ecosystems become more fragmented and no single stakeholder controls everything, security becomes much more challenging.
Amelia Dalton:
Traditional verification ensures a design works as intended, but that doesn’t necessarily make it secure. Where are the gaps, and why are they becoming more exposed now?
Jason Oberg:
Traditional functional verification starts with a specification describing what the chip should do. You build a verification plan around that specification and verify that the design behaves correctly.
Security is different.
Security requires looking for behaviors you didn’t anticipate. It’s about negative testing and identifying unknown behaviors.
That’s where our technology comes in.
We use symbolic analysis to identify information leakage and security issues that traditional functional verification wouldn’t normally consider.
The goal is to systematically identify unknown cases that conventional verification techniques simply aren’t designed to find.
Amelia Dalton:
Cycuity’s technology focuses on asset-based security and information flow analysis. How does that approach work in practice, and how does it help teams identify vulnerabilities earlier in the design process?
Jason Oberg:
Information flow sounds like a complicated term, but the basic idea is straightforward.
We can track the flow of information by identifying secure assets and determining whether information derived from those assets ends up somewhere it shouldn’t.
We do this symbolically, meaning we can track even a single bit of derived information over time.
That allows us to identify many of the gaps left by traditional verification.
For example, we can verify that information from one virtual machine never leaks into another virtual machine, or that sensitive key material never reaches an unauthorized destination.
The technology integrates with existing functional verification environments, making adoption relatively straightforward while providing much deeper security analysis.
Amelia Dalton:
With AI making it easier for adversaries to execute sophisticated multi-stage attacks, how does the security technology from Arteris empower designers to outpace AI-powered hardware exploits?
Jason Oberg:
This is definitely a scary one.
We’ve already seen LLMs become very good at identifying software vulnerabilities and automating exploits.
Many hardware weaknesses are exploited through software, and it’s very likely that AI systems will eventually learn from existing hardware attacks and begin generating entirely new ones.
Our approach focuses on identifying root-cause weaknesses before products ship.
There’s a relationship between weaknesses and vulnerabilities. Weaknesses are the underlying implementation flaws that attackers ultimately exploit.
If you proactively identify and eliminate those weaknesses, then chaining together sophisticated software attacks becomes much more difficult.
One of the most important concepts is ensuring that information simply cannot flow between security domains where it shouldn’t.
If information flow is impossible at the hardware level, then even sophisticated AI-generated attacks cannot exploit something that fundamentally doesn’t exist.
I think designing chips with that mindset will be essential for preventing future AI-powered hardware attacks.
Off-the-Cuff Question
Amelia Dalton:
All right, Jason, it’s time for your off-the-cuff question.
If you could have one meal right now—it doesn’t matter where in the world it is—what would you have?
Jason Oberg:
I would probably have some cold soba noodles.
They’re surprisingly hard to find. I live in the San Francisco Bay Area, and we have pretty much every kind of food you could want, but for some reason they’re difficult to find.
I love soba noodles, especially cold soba noodles. They’re awesome.
That’s what I’d have.
Amelia Dalton:
Nice! Good choice.
Well, Jason, I think that’s all I have time for today.
Thank you so much for joining me.
Jason Oberg:
Thanks, Amelia. Appreciate it. Thanks for having me.
Closing
Amelia Dalton:
Did you know that we have an entire Fish Fry playlist dedicated to security? It’s true!
On YouTube, we have a fantastic collection of security-related interviews, including my discussion with Cylynt CEO Ted Miracco about the increasing prevalence of software piracy in automotive designs and what can be done to combat unauthorized software use.
The playlist also includes my conversation with Cynthia Wright, Principal Cyber Security Engineer at the MITRE Corporation, about the many layers of cybersecurity in IoT, the weaponization of everything, and why privacy by design, security by design, and resiliency by design will play vital roles in the future of the Internet of Things.
You’ll also find my interview with Richard Jaenicke from Green Hills Software about satellite security, satellite vulnerabilities, how satellites can be hacked, and what solutions we need to keep them safely in orbit.
If you’d like to binge any—or all—of these episodes, I’ve included a direct link to this playlist on this week’s Fish Fry page on EEJournal.com. I’ve also included a bunch of links about Arteris, and you can find all of these links on this week’s YouTube episode as well.
Hey, have you checked out EE Journal on social media yet? Well, you should!
You can find us on Facebook at facebook.com/eejournal. If LinkedIn is more your thing, you can follow both EE Journal and me there. We’re also on Bluesky Social and Mastodon. And don’t forget our YouTube channel at youtube.com/eejournal. It’s chock-full of all kinds of techy videos, including our very popular Chalk Talk webcast series hosted by me. Be sure to subscribe while you’re there.
Thank you everyone for tuning in.
If you know of any cool new technology—or heck, if you just want to chat—shoot me a line at [email protected], or post a comment on our forums at EE Journal.
For the week of July 17, 2026, I’m Amelia Dalton, and you’ve been listening to Amelia’s Weekly Fish Fry.
0 Comments
Log in to join the conversation.No comments yet. Be the first to share your thoughts.