Securing Scale-Up AI: Cadence’s Complete UALink Solution

By Yan-Tarō Clochard

May 12, 2026

As AI systems continue to scale, adding more compute is no longer the biggest challenge. Moving enormous volumes of data between accelerators quickly, predictably, and securely is where the real complexity lies.

Scale-up interconnects have become the backbone of modern AI architectures. They must deliver ultra-low latency, massive bandwidth, and seamless interoperability—while also protecting highly sensitive data in motion. Meeting all these requirements simultaneously is not trivial. This is precisely the challenge that UALink^™ and its integrated security capabilities are designed to solve.

As an early contributor to the UALink ecosystem, Cadence delivers a production-ready solution built for real-world AI deployments. By combining high-performance connectivity IP with integrated security, Cadence enables customers to scale AI infrastructure with confidence.

A Complete Scale-Up Platform

Cadence's UALink IP is more than a collection of individual components—it is a cohesive, end-to-end platform designed to address the full scale-up challenge.

At its core is a UALink controller implementing the complete protocol stack, paired with silicon-proven high-speed PHYs optimized for both short- and long-reach deployments. Around this foundation, Cadence provides subsystem-level integration, including debug, test, and verification capabilities that accelerate bring-up and reduce design risk.

The architecture is designed to scale efficiently. Support for high lane counts and flexible configurations enables system designers to adapt to evolving topologies without redesigning the interconnect. The result is a solution that simplifies integration, shortens time to silicon, and delivers the low-latency, high-bandwidth performance required for next-generation AI accelerators and XPU-to-XPU connectivity.

The Cadence UALink Controller IP implements the full set of spec-derived protocol features required for low-latency, large-scale accelerator fabrics. It supports native UALink read, write, atomic, and message transactions, enabling the load/store semantics and synchronization primitives that modern AI training and inference workloads depend on. Flexible lane bifurcation (1×4, 2×2, 4×1) and support for 212.5Gb/s and 106.25Gb/s serial rates allow system designers to tailor bandwidth, port count, and topology without redesigning the controller. Built-in credit-based flow control (CBFC) and link-level retry (LLR) mechanisms provide deterministic forward progress and resiliency under congestion or transient errors—critical for tightly coupled multi-accelerator execution. Advanced PHY-aware capabilities such as programmable FEC interleaving, error indication bypass, and transmitter pacing further reduce latency and power while sustaining high link utilization, addressing a core UALink objective: maximizing effective bandwidth with predictable, low-jitter behavior at scale.

Why Security Has to Be Built In

As scale-up fabrics become central to AI systems, they also become a critical attack surface. Data exchanged between accelerators—including model weights, intermediate results, and proprietary algorithms—is simply too valuable to leave unprotected. In this context, security cannot be treated as an add-on—it must be designed into the fabric from the start.

Cadence addresses this requirement by integrating UALinkSec, developed by Secure-IC—a Cadence company and the security excellence center of Cadence—directly into the UALink subsystem. Fully aligned with UALink 1.0 security requirements, UALinkSec provides a native security layer for intra-data-center communications.

Security is implemented as a first-class, line rate capability within the Cadence UALink Controller, aligned with UALink v1.0 security requirements. The controller supports AES-GCM with 256-bit keys, perXPUpair master key contexts, and FSM-controlled key derivation and handshake mechanisms, ensuring authenticated, encrypted data movement between accelerators without exposing application software to security complexity. The design sustains full UALink bandwidth through the security layer, supports transparent operation, and allows selective UALlinkSec bypass when applicable—preserving architectural flexibility. Scalable context support for 8 to 1024 accelerators and split crypto cores enables secure operation across large pods while minimizing power overhead when traffic is low. These capabilities directly address the reality that scaleup fabrics now carry highly valuable assets—model parameters, intermediate activations, and proprietary algorithms—making pervasive, low-latency data-in-motion protection essential for production AI deployments.

Built on a high-performance, silicon-optimized, and modular AES-GCM engine derived from the Securyzr^™ neo Core platform, UALinkSec enables encryption, authentication, and integrity protection at line rate. This ensures that security is enforced without introducing latency or compromising bandwidth—preserving the deterministic performance required by AI fabrics.

Explore UALink Security IP:

• UALinkSec Engine
• 224G SerDes PHY and controller for UALink for AI systems
• UALink Controller

Scaling AI Securely with Cadence and Secure-IC

As Cadence's security excellence center, Secure-IC brings deep expertise in embedded and hardware-based security, leveraging Securyzr portfolio technologies designed to resist both logical and physical attacks. When combined with Cadence's UALink IP, that expertise becomes a native part of the scale-up fabric.

Together, the solution enables secure data authentication and integrity protection optimized for high-performance AI fabrics, leveraging a high-performance AES-GCM engine and integrated Root-of-Trust-based key management via Securyzr iSE S800 for a secure key lifecycle. Rather than treating security as a separate layer, connectivity, performance, and protection are designed to work together as a unified system.

For system architects, this approach has a very practical benefit: security is addressed early in the design process, reducing late-stage design risk, simplifying compliance, and ensuring robust protection for hyperscale and enterprise AI deployments.

Reducing Complexity, Accelerating Deployment

UALinkSec is available as an optional component within the Cadence UALink subsystem, enabling straightforward adoption without requiring additional integration effort. This tight integration between connectivity and security eliminates the need to stitch together separate IP blocks, ensuring consistent performance, interoperability, and compliance.

For system designers, this translates into less integration effort, faster bring-up through built-in debug and visibility, and confidence that security and performance remain aligned as AI systems scale. As architectures grow in size and complexity, this level of integration and simplicity becomes a clear competitive advantage.

A Foundation for What Comes Next

The next generation of AI systems will be defined not just by how much compute they deploy, but by how efficiently and securely data moves across accelerators. By combining high-performance UALink connectivity IP with Secure-IC's UALinkSec hardware security IP and integrated RoT key management, Cadence delivers a solution that addresses the full set of requirements facing modern AI architectures.

The result is a secure, scalable, standards-based foundation for AI acceleration—built to support today's workloads and ready for what comes next.

Learn more about Secure-IC's UALinkSec ENGINE.