Microsoft Deploys Custom Security Chip Across Azure Servers to Combat $10 Trillion Cybercrime Threat

At Hot Chips 2025, Microsoft outlined the security measures it is using to protect Azure against the growing cybercrime pandemic

Cybercrime reportedly worth $10.2 trillion annually, making it the world's third-largest economy in 2025 Microsoft has revealed more on the custom-built security chip it deploys across every Azure server, aiming to counter what it calls a cybercrime "pandemic" now costing $10 trillion annually. The Azure Integrated HSM, which was first announced in late 2024, is the centerpiece of a wider security architecture the company outlined at the recent Hot Chips 2025 event. A slide Microsoft showed there claims the global cost of cybercrime is currently $10.2 trillion - meaning it now ranks as the equivalent of the third-largest economy in the world. The trillion-dollar estimate places cybercrime behind the United States and China, but ahead of Germany and Japan, and also far bigger than the entire AI market. Microsoft said the scale of the threat requires both architectural and operational changes. As ServeTheHome reports, the company listed a number of statistics at the event, including that Azure already spans more than 70 regions and 400 data centers, supported by 275,000 miles of fiber and 190 network points of presence, along with employing 34,000 engineers dedicated to security. To take on the cybersecurity problem at a hardware level, Microsoft moved from a centralized hardware security module model to its own Azure Integrated HSM. The custom ASIC is designed to meet FIPS 140-3 Level 3 requirements, providing tamper resistance and local key protection within servers. By embedding the chip in each system, cryptographic functions no longer need to pass through a centralized cluster, reducing latency while enabling tasks such as AES, PKE and intrusion detection locally. ServeTheHome noted building an in-house chip required trade-offs. Instead of scaling hardware security modules at a cluster level, Microsoft had to size them for individual servers. The result, the company argued, was a balance between performance, efficiency and resilience. The tech giant also presented its "Secure by Design" architecture at Hot Chips, part of its Secure Future Initiative. This includes Azure Boost, which offloads control plane services to a dedicated controller and isolates them from customer workloads, and the Datacenter Secure Control Module, which integrates Hydra BMC, and enforces a silicon root of trust on management interfaces. Confidential computing, backed by trusted execution environments, extends protection to workloads in multi-tenant environments. Caliptra 2.0, developed in collaboration with AMD, Google and Nvidia, anchors security in silicon and now incorporates post-quantum cryptography through the Adams Bridge project.

Azure Integrated HSM hits every Microsoft server

Microsoft has deployed a custom-built security chip, the Azure Integrated HSM, across every Azure server to counter an annual cybercrime cost projected to reach $10.2 trillion by 2025. The Azure Integrated HSM, first announced in late 2024, constitutes a central component of Microsoft's comprehensive security architecture. This architecture was detailed at the recent Hot Chips 2025 event. Microsoft presented data indicating that the global cost of cybercrime is equivalent to the world's third-largest economy, positioning it behind the United States and China but ahead of nations like Germany and Japan. This figure also significantly exceeds the entire artificial intelligence market. Microsoft asserts that the current scale of the cyber threat necessitates both architectural and operational changes. According to a report by ServeTheHome, Azure operates across more than 70 regions and 400 data centers, supported by 275,000 miles of fiber and 190 network points of presence. The company employs 34,000 engineers dedicated to security. To address cybersecurity challenges at a hardware level, Microsoft shifted from a centralized hardware security module model to its proprietary Azure Integrated HSM. This custom ASIC is engineered to meet FIPS 140-3 Level 3 requirements, offering tamper resistance and localized key protection within individual servers. By embedding this chip in each system, cryptographic functions such as AES, PKE, and intrusion detection can be performed locally, reducing latency historically associated with centralized clusters. ServeTheHome noted that developing an in-house chip required trade-offs, specifically regarding the scaling of hardware security modules for individual servers rather than at a cluster level. Microsoft highlighted this approach as striking a balance between performance, efficiency, and resilience. Microsoft also outlined its "Secure by Design" architecture at Hot Chips, a key part of its Secure Future Initiative. This initiative incorporates Azure Boost, which offloads control plane services to a dedicated controller, isolating them from customer workloads. The Datacenter Secure Control Module integrates Hydra BMC, enforcing a silicon root of trust on management interfaces. Confidential computing, supported by trusted execution environments, extends protection to workloads within multi-tenant environments. Caliptra 2.0, a collaborative effort with AMD, Google, and Nvidia, anchors security in silicon and now includes post-quantum cryptography through the Adams Bridge project.