The CSAW AI Hardware Attack Challenge is a well-regarded global competition in the hardware security community. The participant's task was to leverage AI tools, particularly large language models, to insert and exploit hardware vulnerabilities and Trojans in open-source hardware designs. They were tasked with using only open-source designs and EDA tools for development and evaluation.
Competing as TitanBreakers, a team comprising students from Rensselaer Polytechnic Institute (Samit Shahnawaz Miftah, Hanpei Liu) and the University of Texas at Dallas (Amisha Srivastava, Swastik Bhattacharya, Sanjay Das), under the mentorship of RPI ECSE Associate Professor, Dr. Kanad Basu, submitted two initial challenges and qualified for the final round. The final targeted OpenTitan, a complete silicon root-of-trust that provides foundational security primitives for connected hardware—an especially high-value target for adversaries. The final challenge required using generative AI to modify OpenTitan’s source to introduce and exploit vulnerabilities while still demonstrating that the design simulates and functions correctly under the standard test harness; the participants were also required to provide full logs and transcripts of the AI interactions.
The proposed workflow by team TitanBreakers was systematic and disciplined. The team began by inspecting module documentation and RTL code to locate secrets, PRNG and entropy sources, clear or zeroize functions, and alert signals. Next, they identified suspicious constructs such as unused outputs, conditional security flags, and weak PRNG settings. The team then formulated concise hypotheses about potential leaks or suppressed alerts and assessed their possible impact. Large language models were used to draft testbench skeletons, assertions, and minimal bug templates, which they reviewed manually to ensure correctness. After that, the team created small, well-documented RTL variants on separate branches for controlled verification and ran directed simulations to validate both baseline and modified designs, checking functional behavior and security assertions. Using this process, the team discovered four exploitable bugs, implemented hardware Trojans, and built testbenches for thorough validation. Following the final submission and presentation, Team TitanBreakers earned third place in the competition.