While many open-source enthusiasts like to flaunt RISC-V as not having the security challenges as x86_64 CPUs have seen over the past several years with various speculative execution / side-channel attacks and arguing for the benefits of an open-source ISA in stronger security, in practice it's not so clear-cut. Security researchers at Germany's CISPA Helmholtz Center for Information Security have found current RISC-V CPU implementations coming up short for their actual security.

Fabian Thomas and Lukas Gerlach of CISPA presented at FOSDEM 2026 this weekend in Brussels on RISC-V CPU security. They have been evaluating the security of RISC_V processor implementations in relation to the transient execution attacks and security problems that have given x86_64 CPUs much frustration in recent years. Unfortunately, the RISC-V situation isn't nearly as ideal and even with being a younger and cleaner ISA, there are vulnerabilities. There's also the matter of Linux kernel Spectre patches for RISC-V lagging behind and only working their way to mainline now, even though they are vulnerable too and years after Arm and x86 processors saw their Spectre mitigations land.