US chip and IT supply chains face a new era of embedded risk and legislative scrutiny, with the Chip Security Act seeking to secure on-chip supply chains against adversarial threats.

Why This Matters

The semiconductor supply chain is a battlefield of geopolitical, economic, and security interests. The Chip Security Act, supported by a bipartisan coalition, aims to embed security directly into chip design and fabrication processes to mitigate threats posed by adversaries, particularly China. This reflects an evolving national security approach to technology regulation, aligning with broader AI and critical technology supply chain resilience strategies.

• The Chip Security Act of 2023 introduces mandatory security standards for US Department of Defense (DoD) contractors and calls for end-to-end supply chain visibility.
• The bill also seeks to leverage on-chip security technologies, such as embedded hardware roots of trust, to ensure chips can be verified and trusted at the point of use.
• This is part of a growing policy push to secure AI and semiconductor supply chains, as emphasized in reports like the Center for a New American Security (CNAS) primer on securing the AI chip supply chain.
• Leaders in national security technology argue that U.S AI diffusion strategies, particularly those that emphasize high-beta strategies and secure supply chains, are essential for maintaining geopolitical and technological leadership.

Key Points

• Chip Security Act (2023): Proposes mandatory security requirements for semiconductor supply chains linked to national security use cases. See: Chip Security Act PDF
• Embedded Security as Baseline: Focuses on integrating hardware-based security at the silicon level, using roots of trust and anti-tamper measures.
• AI and Semiconductor Supply Chain Convergence: Echoes warnings from the CNAS report that semiconductor supply chain integrity is foundational to AI leadership. See: Technology to Secure the AI Chip Supply Chain – CNAS
• AI Diffusion and High-Beta Strategy: Emphasizes the need for secure, high-beta strategies in US AI diffusion to counter adversarial influence. See: High-Beta Strategy for US AI Diffusion – Pablo Chavez

What is a High-Beta Strategy for U.S. AI Diffusion?

High-Beta strategies offer the U.S. a pathway to outpace adversaries in AI diffusion by embracing risk-taking, dynamic ecosystems, and aggressive scaling—while ensuring secure supply chains.

Pablo Chavez argues that U.S. AI competitiveness requires embracing high-beta strategies, defined as bold, high-risk/high-reward approaches that prioritize rapid scaling and experimentation. This mindset contrasts with risk-averse, compliance-driven approaches prevalent in government and legacy industries, which could hinder US leadership in AI. Key to this strategy is building secure, resilient infrastructure, including trusted AI chip supply chains, as any vulnerabilities at the hardware level could undermine AI diffusion and geopolitical advantage.

A High-Beta Mindset urges U.S. policymakers and industry to lean into risk-taking, aggressive scaling, and dynamic experimentation, similar to early-stage Silicon Valley models:

• Secure Infrastructure as Enabler: Emphasizes the need for secure, trusted semiconductor supply chains to enable this high-beta diffusion model.
• Counter Adversaries Through Speed and Agility: Suggests that U.S. agility, risk tolerance, and dynamic market structures are key differentiators against more rigid, state-driven competitors like China.
• Policy Implication: Calls for aligning national security strategies with bold AI diffusion and supply chain risk mitigation, rather than slowing down innovation in pursuit of unattainable zero-risk postures.

Summary: The Chips Security Act

The Chip Security Act mandates the integration of security standards into semiconductor supply chains, requiring the Department of Defense and federal agencies to prioritize chips with embedded security features from trusted sources.

The Chip Security Act establishes a national policy to secure semiconductor supply chains critical to U.S. national security and defense. It:

• Directs the DoD to establish secure sourcing requirements for microelectronics.
• Requires that chips used in sensitive systems have embedded hardware-based security, such as roots of trust and anti-tamper capabilities.
• Establishes reporting requirements on foreign influence risks, particularly from China and other adversaries.
• Calls for enhanced transparency and oversight of the global chip supply chain, including vendors and subcontractors.

For the full legislation, see: The Chips Security Act.

Summary: CNAS Report – Technology to Secure the AI Chip Supply Chain: A Primer

The CNAS primer outlines how securing the AI chip supply chain is essential for U.S. AI leadership, recommending a layered approach combining on-chip security technologies, trusted fabrication, and enhanced policy tools.

The Center for a New American Security (CNAS) report’s central argument is that AI chip supply chains are a strategic vulnerability, as adversaries could compromise chips during design, fabrication, or distribution, undermining critical AI systems. The report:

• Advocates for embedding hardware-based security (roots of trust, anti-tamper features) into chips.
• Recommends policy levers like export controls, investment screening, and secure foundry initiatives.
• Urges collaboration between government, industry, and allies to strengthen supply chain resilience.

For the full CNAS report, see: Technology to Secure the AI Chip Supply Chain

What Next?

• Policy Implementation Risks: The challenge lies in enforcing the Act’s provisions across globalized supply chains without alienating critical partners.
• Chipmakers’ Dilemma: Semiconductor firms may face higher costs and compliance burdens, impacting innovation cycles.
• Broader Alignment Needed: Expect future executive orders and defense industrial base (DIB) directives to align on-chip security mandates with AI and critical infrastructure supply chain frameworks.
• Evolve US Industrial Policy: Integrate high-beta thinking into national strategies for AI, chips, and critical infrastructure.
• Balance Risk and Resilience: Avoid overregulation that slows diffusion while embedding security-by-design at the chip and systems levels.