There is often skepticism around the concept of open-source silicon, especially when it comes to security, according to Dominic Rizzo, CEO and founder of ZeroRISC.

We had a chance to catch up with Rizzo last week as the company announced its latest funding round of $10 million, led by Fontinalis Partners (whose other portfolio companies tackle embedded automotive security, AI transformer chips and clean power circuits), as well as Analog Devices co-founder Ray Stata and the SemiAnalysis founder Dylan Patel.

“There’s not enough inherent understanding about open silicon,” Rizzo said. “But open silicon is inevitable, and at a certain maturity level now, especially with publicly disclosed implementations by companies like Nuvoton and Rivos.”

He explained that security is often considered an additional part of the development that adds cost and time to any design.

“Everyone treats security as a feature. But what if we just made it a thing that was like, you don’t have to pay much, is easy to adopt, and you don’t have to put additional people on it. You’re not going to burn through your engineering teams doing this, and people will just use it.”

“It was a very much an ecosystem argument: the ‘if you build it, they will come,’ kind of thing. And I think what we’ve seen over time is that it is in fact happening,” Rizzo added. “We did have to build this first chip, which we did in partnership with Nuvoton and lowRISC and other partners including Google. And now of course, Google announced that they’re adopting it in the data center in Chromebook. So that’s like a really nice proof point that shows that the IP works.”

Rizzo founded the OpenTitan project in 2019 as an open-source silicon root of trust, and in February 2024 claimed to be the first ever open–source chip to reach widespread commercial availability. Since founding ZeroRISC in April 2023, he and his team have pushed their vision of secure, open silicon for all, having transitioned from a development project to commercialization in partnership with Nuvoton and the open-source ecosystem to drive its first commercial tape-out.

Rizzo made sure to point to the traction the project is getting. For example, it is used in Chromebooks and with Rivos, which is reported to be using OpenTitan on the actual die of its chips, enabling multiple chiplets in the system to talk to each other with complete trust.

ZeroRISC said in its latest announcement that it is expanding access to production-grade, OpenTitan-based designs suitable for every stratum of the silicon supply chain, from IoT to data centers. Rizzo told EE Times that the most valuable and quickest opportunities would be in IoT and chiplets, and that automotive could be a real opportunity too.

The IP is built for seamless integration into SoCs, chiplets and devices, and its universal silicon security platform supports numerous applications.

A key part of ZeroRISC’s long term revenue model is to provide “identity-as-a-service” as opposed to simply being a silicon provider. For this, its Integrity Management Platform decouples device security from place of manufacture, scaling ownership and control with software rather than relying on physical possession. Device consumers can define security policies suited to their operational needs rather than relying on operating system developers or manufacturers to impose ill-fitting controls.

One of the key propositions of open-source silicon is to make strong security available to the entire market rather than just being the preserve of the large tech companies.

“Once considered a niche idea, open-source silicon is becoming an inevitability with the adoption of implementations like OpenTitan by Google. Leveraging open-source silicon means we can deliver ‘big tech’-like device security to every segment of the silicon ecosystem,” Rizzo said. “Moving away from unverifiable ‘black boxes’ and towards fully transparent and verifiable foundations unlocks a new paradigm, putting device owners back in control of their remotely connected devices without requiring physical diligence by hardware manufacturers. Instead, any trusted stakeholder in the supply chain can leverage ZeroRISC’s software-based monitoring to build confidence and retain control.”

As with all secure IP developers, ZeroRISC is keen to emphasize that a secure-by-design approach starts security as early as possible during chip design and manufacturing, ideally with transparent OpenTitan-based implementations. This assurance-first approach ensures that security starts below the operating system, offering protection against the most sophisticated hardware and firmware attacks and more common software vulnerabilities.

Another aspect that comes into play is the regulatory push for security liability to manufacturers. ZeroRISC said it gives CISOs final authority over what software can run on their devices, preventing unauthorized actions. By forging immutable trust of hardware by software, this can help secure the entire supply chain, from the factory to in-field operation. Based on strong interest from end users, OEMs and SoC vendors, ZeroRISC is offering an early access program to express interest in the first silicon or future collaboration.

Among its investors, Analog Devices co-founder Ray Stata said, “ZeroRISC is making truly trustworthy supply chain security accessible to every organization and end customer, not just those with specialized hardware or significant budgets. This is a massive shift.” 

Rajeev Surati, an investor at Fundomo, added, “ZeroRISC will become a foundational requirement for future systems essential for combating AI deepfakes and similar threats by ensuring end-to-end attestation, from real sensor data capture to the verified AI model and prompt used to generate outputs.”