NDSS 2025 – LLMPirate: LLMs For Black-Box Hardware IP Piracy

The rapid diffusion of large language models into hardware design workflows has opened a new attack surface that extends beyond software code. While LLMs accelerate verification and synthesis, they also possess the capability to reinterpret and rewrite netlists, creating subtle yet functional variations that can bypass traditional black‑box detection methods. This dual‑use nature forces security practitioners to reconsider the trust model of AI‑assisted design tools, especially as design houses increasingly outsource parts of their workflow to cloud‑based AI services.

LLMPirate demonstrates a concrete exploitation path by integrating LLMs with three custom pipelines that address prompt engineering, circuit scalability, and output validation. Tested on eight models ranging from open‑source to commercial offerings, the approach consistently produced pirated versions of benchmark circuits that slipped past four widely‑used IP piracy detectors. The researchers validated the technique on complex real‑world designs such as the IBEX and MOR1KX processors and a GPS module, showing that even sophisticated, performance‑critical IP can be altered without triggering alarms. These results underscore the potency of generative AI in subverting hardware security controls.

For the semiconductor industry, the implications are profound. Existing detection tools, which rely on structural similarity and signature matching, are ill‑equipped to handle AI‑generated transformations that preserve functionality while mutating representation. Companies must invest in next‑generation verification frameworks that incorporate behavioral analysis, provenance tracking, and AI‑aware threat modeling. Moreover, policy makers and standards bodies may need to define guidelines for the responsible deployment of LLMs in hardware design to mitigate intellectual property theft before it becomes a systemic risk.