You gotta give props to DJI for standing up to the bully and defending the integrity of its products and security processes in the face of a powerful adversary – the US federal government that has been making strides to ban DHI products out of the US market.

Not that we think the government will care, as it seems really determined to convince its citizens that the Chinese drone maker’s drones and related products are a danger to the security of the state; but DJI has just released the findings of what it claims is the “most comprehensive independent security assessment ever conducted on our products.”

The findings based on an audit conducted by OnDefend, a US-based cybersecurity firm trusted by national security stakeholders and enterprise leaders, which tested the DJI Matrice 4E with RC Plus 2 Enterprise controller and the DJI Air 3S with RC 2 controller, subjecting both systems to advanced adversarial testing across software, hardware, and radio frequency domains.

The audit ran from October 2025 through March 2026 and was structured around three national security concerns: data sovereignty, hardware vulnerabilities, and drone manipulation risks.

For full disclosure, DJI revealed that the assessment was carried out with its full authorisation, but the conclusions were independent, the company said.

To preserve the integrity of the evaluation, enterprise units were sourced from existing dealer stock and consumer units were procured directly from retail outlets without pre-notification to DJI. All tested devices reflect standard U.S. market distribution.

“OnDefend performed a thorough technical evaluation of two DJI drone systems, the Air 3S and Matrice 4E, along with their corresponding controllers and applications,” the cyber security company’s report read in part.

“The objective was to determine whether these devices transmit data outside the United States, contain backdoors that

could enable unauthorized access or control, or present cybersecurity risks that would affect operational use. The evaluation covered both software and hardware across multiple testing disciplines.

Two units of each drone model were tested across controlled indoor and outdoor environments over a five-month engagement period from October 2025 through March 2026.

On the software side, the team conducted static and dynamic application security testing of the DJI Fly and Pilot 2 applications, analysed all network traffic during normal and Local Data Mode operation, and tested the controllers for jailbreak and privilege escalation vulnerabilities.

The hardware aspect of the audit saw OnDemand performing a full spectrum radio frequency scanning, near field component analysis, and RF exploitation testing including jamming, replay, and injection attempts.

So, what did they find?

“During the window of testing, OnDefend’s assessment of the Air 3S and Matrice 4E drone systems identified no clear evidence of hidden backdoors, no data transmissions outside the United States, and no viable pathways for hijacking or weaponization,” the report said.

“No critical or high-risk findings were observed. Ten low-risk findings and thirteen observations were identified, consistent with industry norms for complex mobile and embedded systems. They were primarily related to application security configurations, session handling, and wireless hardening. None presented a realistic risk to safe drone operation or to widespread exposure of confidential information.”

In other words, the company found no evidence that data collected by DJI drones on US soil was being secretly transmitted outside the country to China; nor did it find any backdoors or unauthorised remote access mechanisms (controllers resisted all jailbreak and firmware modification attempts).

Additionally, they did not identify any unexplained radio frequency emissions. All detected signals were traced to known system functions. Emissions not previously documented in FCC filings were confirmed to be standard artifacts of signal generation methods, not covert channels.

No supply chain tampering or unauthorised hardware modifications were also detected.

“Ten low-risk findings and thirteen observations were identified, consistent with industry norms for complex mobile and embedded systems,” DJI added.

The identified risks were primarily related to application security configurations, session handling, and wireless hardening. None presented a realistic risk to safe drone operation or to widespread exposure of confidential information. DJI collaborated with OnDefend on potential remediation during the engagement and is working to address remaining items in subsequent software releases.

“This is the most comprehensive independent security assessment ever undertaken on our products,” said Adam Welsh, DJI Head of Global Policy.

“These findings confirm what DJI has consistently maintained: our products are secure, our data practices are transparent, and the concerns underlying our FCC Covered List designation are not supported by technical evidence. We commissioned this independent assessment because we believe facts should inform policy decisions. We are calling on the FCC to consider these findings carefully as part of our ongoing appeal, and we remain committed to engaging constructively with relevant authorities.”

The latest audit by OnDemand is part of DJI’s efforts to stave off a ban on the sale of its drone and related products in the USA, which saw it being included on the Federal Communications Commission (FCC) Covered List in December 2025.

DJI insist this inclusion was not accompanied by the identification of a specific, documented security vulnerabilities on its products, and has appealed this designation, requesting a transparent, evidence-based technical review.

Across the US, DJI drones are deeply embedded in real-world operations that save time, money, and in some cases, lives.

Police departments use them for search-and-rescue missions, accident reconstruction, tactical response, and missing person cases. Fire departments use them during wildfires and disasters. Farmers rely on them to monitor crops and reduce costs.

Roof inspectors, utility operators, surveyors, filmmakers, real estate creators, and independent freelancers use DJI systems every single day because they are often dramatically cheaper and easier to deploy than alternatives.

DJI says more than 80 percent of the 1,800-plus state and local law enforcement agencies using drones rely on DJI systems. 43 percent of drone business users reportedly believe restrictions on DJI would have an “extremely negative” or even “business-ending” impact.

This could be the the part many Americans outside the drone world may not fully understand yet. For countless operators, this isn’t about gadgets. It’s about mortgages. Paychecks. Emergency response. Small businesses. Side hustles. Creative careers. And entire public safety programs built around equipment that agencies can actually afford.

That’s why DJI’s inclusion on the FCC Covered List in late 2025 triggered such panic across the industry, as it effectively stuck a label o DJI drones as a national security risk.