DJI has released the findings of an independent cybersecurity assessment of two of its drone systems, which they say produced zero critical, high, or medium-risk findings over five months of adversarial testing.

The assessment was conducted by OnDefend, a U.S.-based cybersecurity firm whose team includes military and government professionals with national security backgrounds. Testing covered the DJI Air 3S with RC 2 controller and the DJI Matrice 4E with RC Plus 2 Enterprise controller. To preserve independence, consumer units were purchased directly from retail outlets without advance notice to DJI, and enterprise units were sourced from existing dealer stock.

The engagement ran from October 2025 through March 2026 and focused on three national security concerns: data sovereignty, hardware vulnerabilities, and drone manipulation risks. OnDefend conducted static and dynamic application security testing, full network traffic analysis, hardware teardown and component analysis, full-spectrum radio frequency scanning from 1 MHz to 6 GHz, and adversary simulation including replay attacks, jamming, injection attempts, and jailbreak efforts.

The review identified no evidence of data transmission outside the United States, no backdoors or unauthorized remote access mechanisms, no unexplained radio frequency emissions, and no supply chain tampering or unauthorized hardware modifications. Ten low-risk findings and thirteen observations were identified, which were characterized as being “consistent with industry norms for complex mobile and embedded systems.” DJI said it is working to address remaining items in subsequent software releases.

The release of the findings comes as DJI continues to appeal its inclusion on the FCC Covered List, a designation the company received in December 2025. DJI has maintained that the designation was not accompanied by a specific, documented security vulnerability and has called for a transparent, evidence-based technical review.

"These findings confirm what DJI has consistently maintained: our products are secure, our data practices are transparent, and the concerns underlying our FCC Covered List designation are not supported by technical evidence," said Adam Welsh, Head of Global Policy at DJI. "We are calling on the FCC to consider these findings carefully as part of our ongoing appeal."

DJI has pointed to downstream impacts of any restrictions on its technology, noting that more than 80 percent of the roughly 1,800 state and local law enforcement agencies that use drones rely on DJI platforms for applications including search and rescue, crime scene documentation, and tactical overwatch. A separate survey conducted by Pilot Institute found that 43 percent of drone business users believe restrictions on DJI would have an extremely negative or business-ending impact on their operations.