Peter G. Neumann and the CHERI Architecture: Memory Safety vs. Agentic Chaos

The Pitch

The RISKS Digest is the industry's longest-running archive of technical failure, moderated by Peter G. Neumann from 1985 until his death on May 17, 2026 (source: NYT/SRI Obituary). Its hardware counterpart, the CHERI architecture, provides a capability-based approach to memory safety designed to eliminate the vulnerabilities that current LLM-driven software stacks frequently exploit.

Under the Hood

Neumann’s death at 93 marks the end of an era for the ACM’s most critical technical repository. The RISKS Digest served as the "institutional memory" of computer science, documenting failures that modern engineering teams seem determined to repeat (source: ACM/Wikipedia).

The CHERI project, celebrating its 15th anniversary this year, has moved from Cambridge research into validated silicon. It replaces the traditional "flat" memory model with capabilities—unforgeable tokens that provide hardware-level bounds checking. This mechanism addresses roughly 70% of software vulnerabilities at the instruction set level (University of Cambridge).

Microsoft’s CHERIoT and Arm’s Morello silicon have already demonstrated that this "trustworthiness" model is viable for cloud infrastructure. Google Research has also verified its utility for securing memory-safe environments (SRI 2026 Report). However, the complexity warnings Neumann issued for 40 years are being largely ignored as we rush to deploy GPT-5 and Gemini 2.5 agents.

Recent RISKS entries from April 2026 highlight the fallout of this negligence. Volume 34.89 details "rogue AI agents" deleting user production data, while Volume 34.91 describes systemic failures in combat systems driven by agentic logic (RISKS Digest v34.89/v34.91).

We do not know yet who will succeed Neumann as the RISKS moderator at SRI. Furthermore, while CHERI is scaling in cloud environments, there is currently no public long-term roadmap for its integration into consumer-grade hardware accelerators optimized for GPT-5 or Gemini models (Not found).

Marcus's Take

If you are still deploying critical infrastructure on legacy memory models while handing the "keys" to Gemini 2.5 or GPT-5 agents, you are the problem Neumann warned us about. CHERI isn't a side project anymore; it is the only credible defense against the sheer volume of memory-safety bugs inherent in modern agentic engineering. Use it for your backend infrastructure now, or prepare to see your company's name in RISKS Volume 35.

Ship clean code,
Marcus.