Wind River Champions Hardware-Level Security with CHERI Alliance, UK Pact

GLASGOW, Scotland – April 21, 2026 – In a significant move to fortify the foundations of digital infrastructure, mission-critical software leader Wind River today announced a two-pronged strategy to accelerate hardware-enforced cybersecurity. The Aptiv company has joined the CHERI Alliance and secured a strategic contract with Innovate UK, the UK's national innovation agency, to integrate the groundbreaking CHERI security architecture into its widely deployed operating systems for the RISC-V platform.

The announcement, made at the CYBERUK 2026 conference, signals a major industry push away from reactive software patches and toward building security directly into the processor architecture. Wind River will port its flagship VxWorks Real-Time Operating System (RTOS) and Helix Virtualization Platform to leverage CHERI's capabilities, aiming to neutralize entire classes of memory-related cyber threats before they can be exploited.

"Advances like CHERI mark an important shift toward hardware-enforced security as a foundation for next-generation systems," said Paul Miller, CTO, Intelligent Systems, Software and Services at Aptiv. "By addressing memory safety at the architectural level, CHERI has the potential to improve resilience across critical infrastructure and intelligent edge deployments."

Wind River's entry into the CHERI Alliance, a consortium dedicated to the technology's global adoption, was welcomed by its leadership. "We are excited to welcome Wind River to the CHERI Alliance," said Mike Eftimakis, a founding director of the group. "Their expertise and collaboration with our community will be a significant boost to our mission to accelerate CHERI adoption."

The Architectural Answer to Memory Vulnerabilities

For decades, the cybersecurity industry has been locked in a cat-and-mouse game with attackers exploiting memory safety vulnerabilities. Flaws like buffer overflows and use-after-free errors, which account for an estimated 70% of all serious security bugs, have been the root cause of countless high-profile breaches. Traditional defenses rely on software-based mitigations, which can be bypassed by sophisticated adversaries or incur performance penalties.

CHERI, short for Capability Hardware Enhanced RISC Instructions, offers a fundamentally different approach. Born from years of research at the University of Cambridge with support from the UK's National Cyber Security Centre (NCSC) and DARPA, CHERI is not another software tool but an architectural extension. It modifies the processor to use special, unforgeable security tokens called "capabilities" instead of standard pointers. These capabilities define precise permissions for accessing memory, effectively creating hardware-enforced boundaries that prevent code from reading or writing outside its designated area.

This fine-grained memory protection is designed to be preventative, stopping attacks at the hardware level rather than attempting to detect them in software. By building security into the silicon, the CHERI architecture makes it vastly more difficult for attackers to execute malicious code or escalate privileges, thereby enhancing the intrinsic resilience of a device.

A Strategic UK Investment in Cyber Resilience

Wind River's work is directly supported by a new contract from Innovate UK and the Department for Science, Innovation and Technology (DSIT). This partnership is part of a wider UK national strategy to embed advanced cyber protections into the technology supply chain and bolster the security of critical national infrastructure.

The UK government has committed significant resources to this effort, pledging over £80 million to CHERI research and co-investment, with Innovate UK recently allocating £21 million in new funding to help transition the technology from academic labs to commercial products. This investment aims to create a new class of secure-by-design devices, reducing the UK's reliance on vulnerable systems and positioning the nation as a leader in secure technology.

The collaboration with Wind River is a key part of this strategy, focusing on creating an industry-grade software ecosystem for the new generation of CHERI-enabled hardware. "Working with an industry leader like Wind River will help companies accelerate innovation using industry-grade CHERI-enabled software for a new class of secure RISC-V embedded devices," stated Georgios Papadakis, Senior Innovation Lead at Innovate UK. "Transitioning Wind River platforms to CHERI RISC-V combines the power of a proven RTOS like VxWorks that has extensive safety certifications with the strengthened digital security and resilience of CHERI technology."

Securing the Future of RISC-V and the Intelligent Edge

The project's focus on the RISC-V architecture is particularly timely. RISC-V, an open-standard instruction set architecture, has seen a meteoric rise in adoption due to its flexibility, modularity, and royalty-free model. It is rapidly becoming the platform of choice for innovation in embedded systems, from industrial IoT sensors to automotive controllers and data center accelerators. However, this rapid expansion also brings security concerns, as the diverse and open ecosystem requires a robust security foundation.

By porting its market-leading VxWorks and Helix platforms to support CHERI on RISC-V, Wind River is addressing this need head-on. This initiative builds on the company's prior experience enabling CHERI on Arm's experimental Morello processor, demonstrating a deep commitment to leading architectural security coverage for commercial RTOSs. The combination of a trusted, safety-certified operating system with hardware-enforced memory protection on an open-source hardware standard is a powerful proposition for developers of next-generation systems.

The impact is expected to be felt across numerous mission-critical sectors. In aerospace and defense, it means more secure flight control and communications systems. In automotive, it provides a stronger foundation for autonomous driving and connected vehicle platforms, helping to meet stringent regulations like ISO 26262. For industrial and medical applications, it enhances the reliability and safety of control systems and life-support devices, protecting them from cyber threats that could have devastating physical consequences. This move by Wind River and its partners represents a crucial step toward building a more trustworthy and resilient intelligent edge.