- Hardware Trojans threaten global chip industry from deep within supply chains
- Even 97% accuracy leaves room for devastating vulnerabilities in production chips
- Detecting hidden threats before deployment remains a critical engineering challenge
AI is increasingly being used to detect threats hidden in computer chips, and researchers at the University of Missouri say their new method achieves a 97% success rate in identifying hardware Trojans.
These malicious alterations are inserted during chip manufacturing and can compromise devices used in data centers, medical equipment, or even defense systems.
The team’s work represents an important step in applying artificial intelligence tools to protect the hardware that underpins much of the digital economy.
The Persistent Challenge of Hardware Trojans
Modern computer chips are produced through an extensive global supply chain, and design, testing, and assembly are often handled by multiple companies in different countries.
This complexity creates opportunities for Trojans to be inserted at almost any stage of production, making them extremely difficult to detect.
Once integrated, they can remain dormant until activated, leading to data theft or device failure.
Detecting and removing these threats is costly and, in severe cases, can force companies to recall entire product lines, damaging both finances and reputation.
To address these challenges, researchers at the University of Missouri introduced PEARL, a system that applies large language models (LLM) such as GPT-3.5 Turbo, Gemini 1.5 Pro, Llama 3.1, and DeepSeek-V2 for hardware Trojan detection.
PEARL uses in-context learning techniques, including zero-shot, one-shot, and few-shot strategies, to identify Trojans in Verilog code without requiring training from scratch.
It also provides human-readable explanations describing why a section of code was classified as malicious, thereby improving transparency.
By combining enterprise and open source LLMs, the researchers tested the model’s adaptability and interpretability on different chip benchmarks, including the Trust-Hub and ISCAS 85/89 data sets.
Experimental results show that enterprise LLMs such as GPT-3.5 Turbo achieved up to 97% accuracy in detecting unknown hardware Trojans, while open source models such as DeepSeek-V2 achieved around 91%.
Additionally, PEARL works without the need for a “golden model,” which is typically a clean reference chip used for comparison, allowing for broader practical application.
Despite its promising results, a 97% detection rate still leaves a small but significant margin for undetected Trojans.
Since chips underpin critical digital systems, from financial networks to national defense operations, even minor vulnerabilities could have far-reaching effects.
In high-risk industries, a single unaddressed threat could result in catastrophic failures; Therefore, experts remain cautious about relying solely on AI-powered models without additional layers of manual verification and testing.
The authors acknowledge that perfect detection is still unattainable, especially given the sophistication of emerging Trojans.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
