The CHERI ISA extension provides memory-protection features which allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide robust, compatible, and efficient protections against many currently widely exploited memory safety vulnerabilities.In this talk, we will present a security analysis of the CHERI ISA and review which security guarantees are provided by the architecture and how compilers and software can use it to enforce a new level of memory safety in legacy code. To get a better and deeper understanding, we will go down the rabbit hole and exploit two vulnerabilities on cheribsd, a FreeBSD prototype built over CHERI in QEMU. We will reveal the strongest parts of CHERI during the exploitation process, alongside the areas that are still interesting for security research and might be a critical Achilles' heel of this new model.Finally, we will share the takeaways we had from this research and explain different approaches (both in Microsoft Research and in the external community) to mitigate attacks that are still possible with CHERI's current model.