At Hot Chips 2025, Microsoft pulled back the curtain on a fundamental redesign of Azure’s hardware security, revealing a custom security ASIC called Azure Integrated HSM and an open-source silicon root of trust dubbed Caliptra 2.0. The move shifts cryptographic protections from centralized network appliances into every new server chassis, aiming to cut latency, strengthen multi-tenant isolation, and underpin confidential computing at global scale. The presentation came with a stark economic backdrop: cybercrime now represents a $10 trillion-plus drain on the global economy, larger than the GDP of every country except the United States and China. For a cloud hyperscaler operating 70+ regions, 400+ data centers, and 275,000 miles of fiber, the decision to embed security into silicon is both a technical and existential imperative.

The $10 Trillion Threat and Why Hardware Security Must Evolve

Microsoft’s Hot Chips slides opened with a striking statistic: cybercrime costs reached $9 trillion in 2024 and are projected to exceed $10 trillion in 2025. In terms of economic weight, that places digital crime just behind the national GDPs of the US and China. For Azure, which supports millions of workloads across every imaginable industry, the threat surface is enormous. Beyond defending against external network attacks, the cloud must maintain impermeable isolation between tenants, protect against malicious insiders, and satisfy customers—especially in regulated sectors—who demand protections that extend even against the cloud operator itself. This multi-axis threat model, Microsoft argued, demands a rethinking of where and how cryptographic trust anchors are placed.

The company’s scale underscores the challenge: with 34,000 dedicated security engineers and a network spanning over 190 points of presence, Azure’s security architecture must be both hyperscale-efficient and deeply granular. The Secure Future Initiative (SFI) now layers hardware security, custom accelerators, and verified silicon roots of trust across Azure’s entire infrastructure fabric. Moving hardware security modules from centralized, rack-mounted appliances directly onto the server motherboard is the linchpin of that strategy.

From Centralized HSM Clusters to Host-Integrated Silicon

Historically, HSMs in the cloud were deployed as dedicated network appliances—secure, FIPS-certified boxes that handled key generation, storage, and cryptographic operations for entire clusters. These centralized models are proven and certifiable, but they introduce network latency: every TLS handshake, signing request, or key unwrap requires a round trip to the HSM. At hyper scale, that overhead can become a bottleneck for latency-sensitive workloads like web servers, API gateways, and confidential virtual machines. Worse, the centralized HSM becomes a high-value target and a single point of failure if not architected with extreme redundancy.

Microsoft’s pivot is clear: embed an HSM ASIC directly on each server board, placing cryptographic acceleration and key protection as close to the CPU as possible. By servicing crypto requests without leaving the host, the Azure Integrated HSM eliminates the TLS handshake to a remote cluster for many operations, reducing latency to microseconds rather than milliseconds. This per-host approach also enables finer-grained isolation—each server can have its own hardened key boundary—and better aligns with confidential computing models where data-in-use must be protected even from the hypervisor or cloud operator.

Inside the Azure Integrated HSM: Design and Capabilities

The Azure Integrated HSM is a purpose-built ASIC designed not just for speed but for a tightly constrained power and area envelope. Unlike a centralized HSM that can be generously over-provisioned at the rack level, a server-attached HSM must fit within strict thermal and physical budgets of a standard server node. Microsoft’s designers had to balance several competing demands: low power consumption to avoid inflating TCO across hundreds of thousands of machines, sufficient cryptographic throughput for a single server’s peak workload, and robust physical security features including tamper detection and sensors. The chip includes dedicated hardware accelerators for AES and public-key algorithms (RSA, ECC), along with cryptographic hashing. What makes it compelling is not just performance but its security posture: keys remain inside the silicon boundary during operations, and the module can detect physical intrusion (lid removal, thermal anomalies, voltage glitching) and respond by zeroizing secrets or locking down operations.

Multi-tenancy is a first-class design goal. The integrated HSM supports logical partitions that allow multiple virtual machines or containers to use hardware-backed key protection without cross-contamination. This is critical for cloud providers hosting millions of customers on shared infrastructure. Microsoft indicated that the HSM can accelerate not only bulk encryption but also high-frequency signing operations, TLS session key derivation, and attestation flows, offloading substantial CPU cycles. The net effect is a reduction in both latency and host processor utilization, making the integrated HSM particularly attractive for confidential VMs that require continuous attestation and encrypted memory.

Caliptra 2.0: An Open-Source Root of Trust for Cloud Infrastructure

Perhaps the most surprising element of the Hot Chips disclosure was the depth of detail on Caliptra 2.0, an open-source silicon root of trust. A root of trust is the foundational hardware component that verifies firmware integrity, controls secure boot, and provides platform attestation to prove a host is in a known-good state. By open-sourcing Caliptra, Microsoft is taking the unusual step of inviting third-party audits, academic research, and community contributions into the heart of its hardware security.

The presentation slides included gate counts for various Caliptra features and described verification release gates—a level of candor rarely seen from hyperscalers. This transparency is meant to increase trust, enable ecosystem partners to build interoperable attestation workflows, and accelerate vulnerability discovery before widespread deployment. Microsoft argued that an open root of trust lowers the barrier for customers to verify the security posture of the cloud infrastructure they rely on, turning attestation from a black-box promise into an auditable process.

However, the company was careful to note that opening the design does not automatically make implementations secure. Manufacturing integrity, secure key provisioning, and supply-chain controls remain paramount. Caliptra 2.0 must be provisioned with unique device identities in a secure facility, and its firmware must be signed and updated through a tightly controlled pipeline. Microsoft’s verification gates—including simulation, emulation, and formal verification steps—are designed to catch logic errors before tape-out, but operational security of the supply chain is equally critical.

Caliptra serves as the attestation hub in Azure’s confidential computing stack. It measures boot sequences, validates firmware signatures, and generates attestation reports that can be consumed by external verifiers. When a confidential VM is launched, the CPU can rely on Caliptra’s attestation to confirm that the underlying hardware and hypervisor are trustworthy before releasing secrets into memory. This chain of trust, anchored in silicon, is a foundational piece of Azure’s confidential computing offerings.

A Hybrid Ecosystem: DPUs, PCIe HSMs, and Marvell LiquidSecurity

While Microsoft is aggressively pushing host-integrated security, it is not abandoning the existing PCIe HSM market. The company confirmed continued support for third-party modules like Marvell’s LiquidSecurity, which are used in Azure Key Vault and Azure Managed HSM for single-tenant configurations. These dense PCIe cards deliver FIPS 140-3 Level 3 validated key storage and acceleration and appeal to customers who want dedicated, physically isolated security boundaries with strong certifications.

Microsoft also highlighted its Azure Boost DPU, a custom data processing unit that offloads networking, storage, and security functions from the CPU. Together, the DPU and integrated HSM form a platform that shifts security primitives into dedicated silicon, reducing the attack surface of the main x86 cores and freeing up cycles for customer workloads. This layered approach—silicon RoT, host-attached HSM, and smartNIC/DPU—creates multiple independent defensive layers, complicating attacks and aligning with zero-trust principles.

The coexistence of integrated HSMs and PCIe cards reflects a pragmatic understanding that one size does not fit all. Some workloads, especially those requiring FIPS-certified single-tenant HSM boundaries, will continue to rely on dedicated PCIe modules. Others, particularly latency-sensitive or highly virtualized workloads, will benefit from the low-latency, per-host acceleration of the integrated HSM. Microsoft’s hybrid strategy gives customers choice while allowing Azure to optimize cost and performance at scale.

Certification, Supply Chain, and Operational Hurdles

Moving security functionality into the server introduces subtle but significant compliance complexities. FIPS 140-3 and other certifications are often tied to specific firmware versions, physical form factors, and even regional deployments. While Microsoft has been transitioning its HSM firmware and services toward FIPS 140-3 Level 3, customers cannot assume that every instance of an Azure Integrated HSM is certified in every Azure region. Enterprises must verify coverage for their regulatory needs, checking specific SKU and firmware combinations.

Supply chain security also becomes more intricate. Open-sourcing Caliptra provides transparency, but it also exposes architectural details to potential adversaries. Microsoft relies on rigorous manufacturing controls, secure provisioning facilities, and tamper-evident logistics to prevent implants or substitution. The Hot Chips presentation’s emphasis on verification gates and continuous attestation is meant to address these risks, but the operational complexity is real. Any firmware update or provisioning flaw could undermine the entire chain of trust.

Moreover, the tight integration of hardware attestation and key management with Azure’s control plane may increase vendor lock-in. Organizations with multi-cloud strategies should model migration scenarios early, ensuring that cryptographic assets and attestation records can be exported or re-established in another environment. Microsoft’s support for customer-managed keys and single-tenant HSM clusters provides some portability, but the integrated HSM’s value is maximized within the Azure ecosystem.

Enterprise Playbook: What Architects Need to Know

For enterprise security architects, the Azure Integrated HSM and Caliptra 2.0 represent an opportunity to enhance data-in-use protections and reduce cryptographic latency, but they require proactive planning. Key steps include:

  • Inventory cryptographic dependencies: Identify which applications require low-latency, in-use key protection or FIPS-validated cryptography. Map these to the specific Azure regions and hardware generations where integrated HSM support is available.
  • Validate certification scope: Do not assume blanket FIPS 140-3 Level 3 coverage. Confirm that the target SKU, firmware version, and region meet your compliance requirements before migrating regulated workloads.
  • Plan for phased benefit realization: Integrated HSM advantages will roll out incrementally as new server hardware replaces older racks. Build migration timelines around hardware refresh cycles and regional availability.
  • Integrate attestation logs: Feed Caliptra (or similar) attestation logs into SIEM and key-management systems to maintain audit trails and enable runtime integrity verification.
  • Model multi-cloud portability: If your strategy involves multiple cloud providers, evaluate how easily cryptographic assets and attestation configurations can be moved or replicated. Avoid over-coupling to Azure-specific hardware attestation flows unless the benefits outweigh the lock-in risk.
  • Engage with Microsoft on supply chain assurances: For highly sensitive regulated workloads, request documentation on secure provisioning, manufacturing controls, and firmware update processes.

The Road Ahead: Custom Silicon Shaping Cloud Security

Microsoft’s disclosures at Hot Chips 2025 are more than a product announcement; they represent an industry inflection point. Custom ASICs for security, once the domain of niche HSM vendors, are becoming integral to hyperscale infrastructure. By embedding trust anchors directly in servers and opening the root of trust to public scrutiny, Azure is raising the baseline for confidential computing and demonstrating that hardware-backed security can scale to meet the demands of the world’s largest clouds.

For competitors, the message is clear: integrated, transparent hardware security is no longer optional. For enterprise security leaders, the immediate task is to update procurement and audit checklists, validate certification scopes, and prepare for a future where cryptographic protections are as ubiquitous as CPU cores. In a world where cybercrime dwarfs many national economies, Microsoft’s silicon-level security play is a calculated bet that the most effective defense is one built directly into the foundation.