We carefully consider our hardware choices and is a part of why we use Pixels. They are a lot more trustworthy than the vast majority of Android devices. Part of why they're more trustworthy is because they have a ton of external security research and are friendly to it.

No smartphones are open hardware. Pixels aren't open hardware. However, they do have a lot more open source code for the firmware and even to a tiny extent hardware than most other phones. For example, they use the open source Trusty OS as the basis for the TEE and secure core.

They use the open source Open Titan as the basis for the secure element. We hope they follow through on the promise of that by fully opening the device-specific sources for these components, and other ones. It'd be quite useful since we could use it when working with another OEM.

A sophisticated attacker doesn't need a backdoor. They can and do exploit vulnerabilities.

Google Project Zero recently decided to help secure Samsung cellular modem used by Pixels via offensive research. In a few months, they developed multiple remote code execution exploits.

If your concern is a sophisticated state actor, then clearly they can develop remote code execution exploits for relevant firmware and software. It doesn't actually make sense for them to try to add backdoors because they can use the front door: the many serious accidental bugs.

The benefit of using GrapheneOS on top of all that is that you increase your protection against persistence as well as the escalation of those using an RCE to exploit the OS where they'd need a further exploit to do so.

Nobody has yet claimed to have done so and GrapheneOS is a high value target just like the Pixel.