17th Annual
17th Annual
17th Annual
CSAW’25
AI Hardware Attack
Global Event
It’s time to think a little differently about the capabilities of generative AI for chip design
Participating teams will be tasked with leveraging AI tools, such as LLMs, to insert and exploit hardware vulnerabilities and Trojans for various open-source hardware designs. These can include cryptographic accelerators, processors, communication IPs, etc.
Each month leading up to the in-person final at CSAW, a new challenge (or challenges) will be issued. Each of these challenges will remain available for the duration of the competition until the finalist teams are selected so new teams can join at any time. At the conclusion of each month’s challenges, a winning team will be selected and awarded a small hardware prize.
Potential challenges could include:
-
Inserting a Trojan that can evade detection by state of the art security analysis tools and models.
-
Modifying security checks to allow a Trojan-infected hardware module to pass verification.
-
Modifying a design to make it more vulnerable to potential side-channel attacks.
All challenges must be completed using AI tools and all information regarding those tools must be submitted, including complete and detailed logs of their use, i.e. if an LLM is being used, we require all conversations with the model be submitted.
competition timeline
July 10 2025
August 15 2025
September 12 2025
October 8 2025
October 10 2025
October 15 2025
November 14 2025
First challenge given
Second challenge given
Third challenge given
All challenges due
Finalists announced
Final challenge given
Winners announced
Note: The challenges do not need to be completed within the month they are given, this is just when we are releasing them. We will also update a monthly leaderboard in this repository as the competition progresses. All teams will have up until the 8 October deadline to submit their challenges to earn points and be considered as a finalist team.
Challenges
Each challenge has its own details for the competition. Those details are given on the GitHub for this competition here.
Challenge 1: The first challenges will focus on leveraging generative AI to add hardware Trojans to an AES core. Three difficulties of challenge will be provided: easy, medium, and hard, with each worth increasing points. Teams can submit all three difficulties of challenge to earn the most points.
Judging criteria
Each challenge will have its own rubric regarding how points can be awarded. Challenges will have their base functionality automatically graded, and manual judging will take place over the following days to ensure all rules were followed, as well as to award additional points for completing further objectives. These extra points will be awarded for each competition for things like “most creative use of AI”. Please refer to each challenge's rubric for how this will be done.
Each submission must also be fully open source, guidelines for this are here.
Organizers
Jason Blocklove
Global Student Lead
NYU
Awards
TBA
2024 Winners
2023 Winners