Can Agents Secure Hardware? Evaluating Agentic LLM-Driven Obfuscation for IP Protection

TL;DR

This paper introduces an LLM-driven framework for automating hardware netlist obfuscation to protect IP, evaluating its effectiveness and limitations against security attacks on benchmark circuits.

Contribution

It presents a novel agentic LLM-based approach that decomposes hardware obfuscation into specialized stages for improved automation and security evaluation.

Findings

Framework generates correct obfuscated netlists

SAT attacks remain effective against the obfuscation

Measurable output corruption under incorrect keys

Abstract

The globalization of integrated circuit (IC) design and manufacturing has increased the exposure of hardware intellectual property (IP) to untrusted stages of the supply chain, raising concerns about reverse engineering, piracy, tampering, and overbuilding. Hardware netlist obfuscation is a promising countermeasure, but automating the generation of functionally correct and security-relevant obfuscated circuits remains challenging, particularly for benchmark-scale designs. This paper presents an agentic, large language model (LLM)-driven framework for automated hardware netlist obfuscation. The proposed framework combines retrieval-grounded planning, structured lock-plan generation, deterministic netlist compilation, functional verification, and SAT-based security evaluation. Rather than a single prompt-to-output generation step, the framework decomposes the task into specialized stages for circuit analysis, synthesis, verification, and attack evaluation. We evaluate the framework on ISCAS-85 benchmarks using functional equivalence checking and SAT-based attacks. Results show that the framework generates correct locked netlists while introducing measurable output corruption under incorrect keys, while SAT attacks remain effective. These findings highlight both the potential and current limitations of agentic LLM-driven obfuscation.