The U.K. National Cyber Security Centre (NCSC) developed intellectual property for a new cybersecurity device and licensed Goldilock Labs to manufacture and sell it globally. Designed to block malicious connections between monitors and laptops, the SilentGlass device marks the initial commercially available product for CNI (critical national infrastructure) and businesses, authorized to carry NCSC branding, produced in partnership with Sony UK Technology Centre.
The plug-in device is intended to provide scalable, low-cost protection for government and business users. It is being introduced to the global market at CYBERUK, the UK government’s flagship cybersecurity conference, as part of a broader push to strengthen defenses against hardware-based attack vectors.
“Display screens and monitors are everywhere in modern business environments, and the SilentGlass device will help protect previously vulnerable IT infrastructure with unprecedented ease,” Ollie Whitehouse, chief technology officer at NCSC, said in a media statement last week. “Its development and commercialisation shows the impact that the NCSC can have, alongside industry partners, with an affordable and effective product now globally available.”
He added, “By helping to launch a UK company onto the global market with this world-class innovation, we are breaking new ground and helping to strengthen national prosperity.”
SilentGlass, a plug-and-play device, actively blocks anything unexpected or malicious between HDMI and DisplayPort connections and screens. Already deployed on government installations, SilentGlass is now available for anyone to buy and use. It has been approved for use in the highest-threat environments.
The NCSC assesses that monitors can be a hugely attractive target for threat actors as they can hold and process valuable, sensitive or personal data. Monitors are ‘highly likely’ to be used to gain access to a network for espionage purposes, disruption or financial gain, with mitigations often costly and inefficient.
Over the years, an increasing array of more sophisticated devices has become available, as more connections increase the risk of attack. SilentGlass has been developed to help protect against malicious connections and shut down this attack vector.
Following a competitive process, the exploitation licence has been awarded to Goldilock Labs, a U.K.-based small business with expertise in cybersecurity innovation and secure manufacturing. They have partnered with Sony UK Technology Centre, and the product is available globally now.
Through this partnership with Goldilock and their partner Sony UK Technology Centre, the NCSC expects rapid global adoption of SilentGlass by governments and risk-conscious organisations, positioning it as an example of how the government’s intellectual property can be commercialized to drive national prosperity.
“SilentGlass addresses a gap that has been widely overlooked. The hardware interfaces people rely on every day have rarely been treated as security boundaries, despite being exposed to risk through supply chains, third-party servicing, and direct physical access,” Stephen Kines, co-founder at Goldilock Labs, said. “Originating in NCSC-led work and brought into the commercial domain through its IP exploitation programme, SilentGlass turns high-assurance innovation into a practical, deployable security solution.”
Kines added, “What was once confined to national security environments is now being applied with a low-cost, easy-to-deploy solution for CNI and businesses where the same risks exist. SilentGlass is the first step in a wider effort to enforce behaviour at hardware interfaces before it reaches complex software. It reflects a shift toward treating physical connectivity as a point of control rather than an assumed trust boundary.”
Last week, the NCSC released cross-domain guidance aimed at helping government, industry and the wider security community design and deploy secure data flows across differing trust environments, shifting away from legacy ‘point solution’ models toward a pipeline-based approach that builds assurance at every stage of data movement. The updated approach introduces core concepts such as zones of trust, trust boundaries and control points, while emphasizing flexible, layered security controls and deprecating older design patterns and principles for new architectures, though these will remain in use for assurance in the near term as the transition unfolds.
