THE APEX TIMES
U.S. blacklists Hesai lidar maker, citing national security cyber risk amid Nvidia-linked ties
The Department of Defense designated Hesai Technology a Chinese military entity and added it to a restricted list in 2024, blocking Pentagon contracting. A new report also spotlights ongoing business ties with Nvidia and concerns that lidar hardware could be manipulated for cyber intrusion.
Hesai Technology, a Shanghai-based maker of lidar sensors used in robotics, autonomous vehicles, and other machine-vision systems, has been a focus of U.S. national security scrutiny after the Pentagon blacklisted the company in 2024 as a Chinese military entity, according to CNBC. The designation puts Hesai on a U.S. government restricted list that prevents the company and 187 other listed entities and subsidiaries from securing contracts with the Department of Defense, even though it does not outlaw U.S. firms from buying or using Hesai technology in nonmilitary applications.
CNBC reported on July 7, 2026, that researchers and security critics argue lidar systems can be compromised through malware and other means, potentially creating safety and security consequences when the sensors are used in real-world environments. The concerns are tied to the role lidar plays in helping vehicles and robots perceive their surroundings. If an attacker could alter the indicates, firmware, or software pathways that process lidar data, the systems could be misled or exposed to unauthorized access to information collected by the sensors.
In its reporting, CNBC said Hesai’s blacklist status does not stop commercial deployment by non-Pentagon users, and that the company has been expanding its footprint in the U.S. It also described Hesai’s partnership ties with Nvidia as part of how Hesai’s sensor ecosystem is integrated into broader computing stacks used for perception and autonomy workflows.
Hesai co-founder and chief executive David Li told CNBC that the company does not work for the Chinese military and that its products are safe. The dispute, as presented in the reporting, centers on whether the practical risk comes from deliberate military use or from vulnerabilities inherent in hardware and software supply chains that can be exploited even in ostensibly civilian deployments.
The Department of Defense designation matters most for procurement and compliance, not for legality in private markets. As CNBC explained, being listed prevents Hesai from participating in Pentagon contracting, while nonmilitary buyers can still use the products. That distinction has been central to how U.S. agencies manage national security concerns: restricting direct government purchasing while leaving broader consumer and industrial usage governed by separate rules and engineering risk assessments.
For companies integrating lidar into robots, factory systems, and autonomous-drive functions, the Pentagon blacklist raises questions about vendor oversight, cybersecurity validation, and ongoing support such as firmware updates and driver behavior. Researchers cited by CNBC described the sensor and its associated software as potential points of cyber exposure, including risks related to sensitive data collection and pathways that might allow unauthorized access.
The next steps for affected industries are likely to involve internal compliance and technical security reviews, particularly for organizations that work with restricted vendors. While the blacklist does not automatically bar civilian use, the reporting underscores that national security restrictions can still translate into operational friction, including supplier vetting and additional testing requirements for safety-critical deployments.
Why It Matters
- The 2024 Pentagon designation restricts federal procurement, but it does not automatically limit civilian or industrial use, creating a compliance gap between defense purchasing rules and private-sector cybersecurity risk management.
- If lidar hardware and associated processing chains can be manipulated, public safety risks could extend beyond military systems into civilian autonomy and robotics deployments.
- Vendor-level restrictions can increase engineering and procurement friction through added verification, security testing, and supply-chain oversight for organizations that deploy sensor systems at scale.
- The focus on Nvidia-linked integration highlights how sensor cybersecurity concerns can flow through widely used computing platforms and software ecosystems used for autonomy and robotics.
Sources
Key Facts
- The Department of Defense designated Hesai Technology a Chinese military entity and added it to a national security blacklist in 2024.
- CNBC reported that the 2024 blacklist prevents Hesai and other listed entities from securing Pentagon contracts.
- Hesai Technology produces lidar sensors used in robotics and autonomous vehicle perception systems.
- CNBC reported that researchers and critics say lidar can be compromised through malware and other methods, with potential safety and security consequences.
- CNBC said Hesai has business ties with Nvidia and is expanding its U.S. presence through those commercial relationships.
- Hesai’s CEO David Li told CNBC that the company does not work for the Chinese military and that its products are safe.