Chiplets are replacing old chip designs and driving semiconductor design, enabling breakthroughs in next-generation artificial intelligence (AI) data centers and self-driving vehicles. But they also put applications and infrastructure at risk.
By stitching together smaller silicon components — all with different functions — into a single circuit, chiplets offer greater design flexibility and reusability than traditional chips. With traditional monolithic chip designs, each chip is built from scratch for a specific purpose, and changing the use case requires creating a whole new chip. Chiplets are a mix-and-match of components to create solutions that meet the exact needs of the customer, so it is quick and easy to swap out components to adapt to a different use case.
But the flexibility of chiplets could also expose AI infrastructure, autonomous vehicles, and critical computing devices to supply chain risks and expanded attack surfaces, says Alex Matrosov, founder and CEO of firmware security company Binarly.
“The idea of chiplets is actually good,” Matrosov says. “But it introduces complexity, and from a security perspective that complexity is not taken very seriously.”
Conventional chip designs ae monolithic, with a single vendor controlling the design and fabrication of an entire circuit on a single die. In contrast, chiplets are modular, and manufacturing is distributed — with global supply chains and multiple vendors involved in designing, validating, and manufacturing chiplets and assembling them into a package.
This process increases the risk of introducing vulnerabilities that could expose critical systems to hardware Trojans, supply chain attacks, and backdoored components. One hardware Trojan introduced into a single chiplet can sabotage the integrity of the whole system.
“In the future, you’re going to have different chiplets being manufactured in different locations using different distributors and different integrators of these multi-die systems,” says Dana Neustadter, senior director of product management for security IP solutions at Synopsys, which provides design tools to top chip companies. “If that chiplet is vulnerable and has significant security flaws, it can not only break a family of data center systems, it can expand to cars and to consumer devices. A malicious chiplet can be used to snoop, to modify, like man-in-the-middle kind of attacks.”
US companies rely heavily on overseas vendors, often with limited ability to verify how chips are fabricated. That could extend to chiplets, and there may not be enough provenance on the origins of a chiplet design or silicon.
“It’s very rare when the chips could be produced inside of the US. … You can design a perfect chip, but you don’t know how it will be baked in silicon,” Matrosov says. Buyers often “blindly trust” bulk orders without deep inspection, he adds.
“Companies want to make chips as cheap as possible … and from that perspective there are a lot of problems from the supply chain,” Matrosov says.
Security Is a Must
Chiplets are trending toward new computing paradigms, such as AI, so security needs a different approach. That includes stronger identity, authentication, and secure-boot mechanisms across multiple dies.
“It’s not as simple as saying chiplets are better or worse from a security point of view … it’s different,” Neustadter says.
Every chiplet should be identified and authenticated, he explains. Synopsys emphasizes traceability across multi-die and chiplet systems, rather than treating individual chiplets as inherently trusted components.
The highly regulated automotive sector is at the forefront of chiplet security. One defective chiplet could trigger a costly car recall, and international industry standards ISO 26262 and ISO 21434 require security to be addressed throughout the entire supply chain.
“If the chiplet is going to be used in the car or in mission-critical space safety and reliability, hand-in-hand with security is a must,” Neustadter says.
Athos Silicon, which builds secure AI chips and chiplets for autonomous cars, has created an audit mechanism across its supply chain and design.
The company used “a lot of third-party” suppliers before but has taken most of the design and development in-house to gain better control.
“We have reduced this to almost nothing,” says François Piednoel, chief technology officer at Athos.
As required by regulation, Athos and its customers visit and audit the remaining parts suppliers.
“The procurement team literally sends people to the factory you are planning to use, and they review the claims. They don’t trust you,” says Piednoel, a former Mercedes-Benz and Intel executive.
Chiplets are better than traditional chips for cars using AI required for Level 3 or Level 4 autonomous driving. Athos’ chip has multiple failover mechanisms, and one chiplet can take over in case another one fails or is attacked. When that happens, the last cypher has to be maintained in all the chiplets capable of taking over, Piednoel explains.
Athos’ hardware schedulers operate independently of software control, creating whitelisted processes that make it difficult for attackers to inject malicious code, even if they compromise the software layer.
“If you want to have a safe chip, power management needs to be safe,” Piednoel says. “Scheduling needs to be safe. Health monitoring needs to be safe.”
Industry organizations, such as the UCIe Consortium, are developing security standards. But chiplets are new, hackers are hungry, and it’s the start of the AI era, and standards are not experts.
“The systems evolve, the threats evolve, and the attackers also evolve,” says Synopsys’ Neustadter. “You have to keep up with those changes.”
