Black Hat USA 2025 | How to Secure Unique Ecosystem Shipping 1 Billion+ Cores?

At Black Hat USA 2025, Nvidia’s offensive security director Adam Zabrai and system software manager Marco Midik outlined how the company secures a sprawling ecosystem that now ships more than one billion processor cores across data‑center GPUs, consumer graphics, Jetson modules and emerging products. The talk emphasized that despite the diversity of form‑factors and threat models, all these devices share a common execution substrate built on RISC‑V, replacing Nvidia’s legacy Falcon architecture to achieve greater scalability, openness, and performance.

The presenters detailed the architectural shift: each Nvidia chip integrates 10‑50 micro‑controllers that run on a configurable RISC‑V core, leveraging hardware isolation primitives such as Physical Memory Protection (PMP), I/O PMP, and Nvidia’s proprietary NVMPU. By standardizing on a single‑core strategy, Nvidia can apply uniform security extensions—point‑masking, control‑flow integrity, and memory‑tagging—across all product lines while still tailoring trust levels for mixed‑criticality workloads.

Key examples included the decision to forego traditional ASLR in favor of stronger, hardware‑assisted protections, the creation of a custom pointer‑masking extension, and the deployment of a dedicated fuzzing accelerator to boost automated vulnerability discovery. Nvidia also retrofitted the RISC‑V toolchain with address‑sanitizer support, a capability that later entered the broader open‑source ecosystem.

The broader implication is a more future‑proof, scalable security foundation that can keep pace with Nvidia’s rapid AI‑centric growth. By contributing extensions back to the RISC‑V foundation, Nvidia helps mitigate fragmentation risks while ensuring that its massive, heterogeneous fleet remains resilient against emerging threats.