At embedded world 2026, Paige Hookway speaks to Jan Pleskac, CEO & Co-Founder of Tropic Square, about TROPIC01, a RISC-V secure element that provides a hardware root of trust for tamper-proof IoT, autonomous systems, and critical infrastructure.
Tropic Square was founded five to six years ago with a mission to build a security chip that could be fully audited, moving away from the black-box solutions that dominate the hardware security industry. Pleskac explains that device makers and solution builders are routinely constructing systems on top of components whose inner workings are entirely opaque. This lack of transparency creates a fundamental vulnerability – if you cannot see what a component is doing, you cannot be certain it has not been compromised.
The company’s flagship product, TROPIC01, is a secure element in a compact QFN32-pin package, designed to integrate easily with microcontrollers and FPGAs. Its primary function is to serve as a root of trust — a security foundation that Pleskac describes as a “toolbox for building systems.”
At its core, TROPIC01 uses a RISC-V architecture, specifically the open-source Ibex core, configured in a dual lock-step arrangement designed for high-reliability security applications. Pleskac describes this as a deliberate choice as open architecture aligns with the company’s commitment to auditability. On top of this, Tropic Square has added hardened cryptographic implementations, with the RISC-V core orchestrating the chip and managing the user interface.
Pleskac says that the importance of a hardware root of trust comes down to identity. In an increasingly connected world, it is not enough to trust a database record – devices need to be able to provide cryptographic proof of who they are and what software they are running. TROPIC01 enables this, allowing operators to independently attest – at a cryptographic level – that a device in the field is running the expected firmware stack, catching anomalies and variants before they become serious problems.
On the challenge of keeping security resilient against evolving threats, Pleskac says that hardware, once deployed in the field, is difficult to update. A firmware layer provides some flexibility to respond to emerging vulnerabilities, but the deeper answer lies in the auditability model itself. As the cost of attacks falls and the threat landscape shifts rapidly, Pleskac believes that secrecy and hidden architectures are no longer adequate defences. Openness, flexibility, and long-term roadmap thinking are essential.
In terms of markets, Tropic Square has roots in the Bitcoin hardware wallet space, but Pleskac sees TROPIC01 as a broadly horizontal solution — digital identity under different names across many sectors. The company is headquartered in Prague and has grown from a single founder to a core team of around 25 people, spanning chip design, verification, firmware, and, more recently, business development and marketing.
Looking ahead, Pleskac is focused on expanding the customer base, delivering more real-world validated applications, and continuing to push the concept of auditable, open-source silicon from niche experimentation to industry-grade production volumes.
Watch the full interview here.
