top of page

AI Hardware Attack Challenge

451709_Black background logo for artific
It’s time to think a little differently about the capabilities of generative AI.

Using generative AI (e.g. ChatGPT, Bard, or similar) you will work to insert a hardware vulnerability, such as a trojan or backdoor, into an open-source digital design of your choice (e.g. OpenTitan, Ariane, a design from OpenCores, etc.). The result must be simulatable and synthesizable, and you will need to be able to demonstrate the effects of the added security vulnerability (e.g HW-CWE). An additional award track will be for designs which are compatible with the Efabless ChipIgnite platform (for instance, a crypto accelerator with an inserted back-door). A successful submission will need to include all the prompts and responses from the language model, a document describing both the method used for inserting the vulnerability and the method of exploiting it, and makefiles for simulating and synthesizing the design. You may instruct the AI to directly edit files or perform the edits as the AI describes. You may need to perform ‘prompt injection’. Points will be awarded for subtle yet powerful exploits, e.g. those that allow system compromise from userspace, those that leak encryption keys, etc. 

competition timeline

15 September 2023
5 October 2023
15 October 2023
20 October 2023
5 November 2023
9-10 November 2023
Competition Launches
Instructional Webinar
Round 1 Submission deadline
Finalist Notification
Round 2 code and document submission deadline
Contestant Final Presentations and Award Ceremony

Judging criteria

Judging Criteria

- Usefulness of the open-source design - more popular / more broadly applicable designs are worth more

- Method for adding the vulnerability - all prompts and logs must be kept and provided, and the more that the LLM did the better, including changing of scripts and testbenches outside the hardware design itself.

- The severity of the vulnerability - e.g. theoretical CVSS score.

- The stealth of the vulnerability - how well does it hide in the overall design? Extra points for showing that it can hide from existing security scanners / functional tests / test benches.

- The vulnerability demonstration - it must be possible to observe the claimed impact of your vulnerability (e.g. via simulation).

- All entries must be completely open-source (using Apache license or compatible) but need not fully rely on open-source platforms (e.g. you can use ModelSim, Vitis, Synopsys etc.)

Round 1 Submission

The submission for Round 1 must include a detailed plan of action for adding your vulnerability(ies), your progress in that plan, an explanation of the potential impact of the bug(s), and any of your preliminary results including your current code and conversations

Round 2 Submission

The submission for Round 2 must include a detailed report explaining the
vulnerability(ies) added, simulation results, proposed exploits, and LLM

Finalists should also prepare the following:
        - A 6-minute presentation for the judges, to be followed by a
          2-minute Q&A session.
        - A 24 x 36 inch poster to be presented during a poster session to
          both the judges and other CSAW participants

If submitting for the Efabless prize, the design must also be submitted to the CI 2311 shuttle:



2023 competition organizers




​Best hardware-based vulnerabilities:

First place $1000
Second place $750
Third place $500

Best hardware-vulnerability demonstration suitable for the Efabless ChipIgnite
Award: Free placement on Efabless ChipIgnite tapeout shuttle

Competition award sponsored by efabless

Purple - Blue Gradient

2023 Winners


Thank you 

bottom of page