CEO Interview: Dr. Andreas Kuehlmann of Cycuity

Dr. Andreas Kuehlmann, Executive Chairman and CEO at Cycuity, has spent his career across the fields of semiconductor design, software development, and cybersecurity. Prior to joining Cycuity, he helped build a market-leading software security business as head of engineering at Coverity and, after its acquisition by Synopsys, as General Manager of the newly formed Software Integrity business unit. In that role he led its growth from double-digit-millions to a multi-hundred-million-dollar business. He also previously worked at IBM Research and Cadence Design Systems, where he made influential contributions to hardware verification. Dr. Kuehlmann served as an adjunct professor at UC Berkeley’s Department of Engineering and Computer Science for 14 years, and received a Ph.D. in Electrical Engineering from the Technical University Ilmenau, Germany.

Tell us about your company?

Cycuity provides software products and services to specify and verify semiconductor device security. We help customers to ensure that security weaknesses are identified and mitigated during the design phase before manufacturing. Our security solutions are a critical element in the semiconductor product ecosystem for commercial and defense industries. They provide the broadest security assurance for semiconductor development across the design supply chain from secure usage of third-party IPs (3PIP) to full chips, including firmware. Cycuity’s products fit smoothly into existing design flows and utilize the simulation and emulation products of all three EDA vendors: Synopsys, Cadence, and Siemens EDA. Furthermore, our technology is applied to perform advanced security assessments of legacy hardware components in existing systems.

What problems are you solving?

Security threats in modern hardware systems are complex, rapidly evolving, and often overlooked during the early stages of design. The Radix platform directly addresses these challenges by identifying security weaknesses and unexpected behaviors early in the chip design lifecycle, minimizing the risk of escapes that lead to potential exploits. Traditional verification tools frequently fall short in providing complete security coverage across hardware, firmware, and software. Radix closes this gap by delivering a comprehensive security verification solution that spans the entire system from block level to software.

Radix’s systematic approach allows teams to develop security measures effectively and document their proper functioning with full transparency. Radix transforms security assurance from a fragmented and reactive process into a proactive, scalable, and fully traceable solution.

What application areas are your strongest?

We excel in delivering quantifiable assurance for semiconductors used in critical applications across industries, especially for high-stakes applications in defense, automotive, and IoT where security and reliability are paramount.

What keeps your customers up at night?

Our customers are concerned about ensuring the security and resilience of their semiconductor chips and embedded systems. What keeps them up at night is the thought of receiving a call from one of their customers reporting a security vulnerability in a chip that is broadly deployed in many products. Besides the impact on their brand, the cost of remediating a hardware security flaw can be extremely high. Moreover, customers are concerned about delivering secure semiconductors which comply with increasingly stringent industry standards. We address these challenges head-on by providing quantifiable assurance and robust security practices. Our solutions empower customers to achieve confidence in their designs, so they can focus on innovation without compromising on security.

What does the competitive landscape look like and how do you differentiate?

Cycuity is uniquely positioned as a thought leader and innovator of hardware security solutions. We have demonstrated our commitment to the development of secure and resilient microelectronics for defense and commercial applications. Our Radix platform goes beyond the typical “pass or fail” checks. It offers unmatched security design support through advanced security exploration and analysis capabilities, as well as scalable and traceable security verification – helping to more effectively and efficiently achieve security signoff and prove compliance.

What new features/technology are you working on?

We’ve got some exciting new features coming soon—check back next month for the details. For now, we can share a bit about Radix’s unique exploration capabilities which help security and verification teams to better understand chip designs from a security perspective. Unlike functional security verification, which is aimed at ensuring that a required set of security features are correctly implemented, security exploration is focused on investigating unknown or unintended side effects of security functions that are not entirely understood but could lead to security weaknesses or vulnerabilities. Security exploration with Radix offers powerful analysis and graphical visualization capabilities to reveal unexpected security behaviors that cannot be observed with traditional design tools. Even if the unexpected behavior turns out to be benign, fully  analyzing and deeply understanding it serves as a powerful confirmation of the overall design intent.

How do customers normally engage with your company?

Many customers come to us with the need of building a comprehensive chip security program, often starting from scratch. Security is not like flipping a switch or using a software product. It is rather a journey on which we help customers to progress starting with training, security requirement development, tool selection, integration and production ramping to documentation and signing off security for manufacturing.

Talk to a Security Expert

Also Read:

Cycuity at the 2024 Design Automation Conference

Hardware Security in Medical Devices has not been a Priority — But it Should Be