Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

A hardware security AI assistant that checks chips for hidden backdoors

0
Medium
Published: 07/13/2026 (07/13/2026, 07:57:13 UTC)
Source: Reddit Cybersecurity

Description

Researchers at the University of Florida developed VeriChat, an AI assistant designed to help hardware security engineers detect hidden backdoors in chip designs. VeriChat answers technical questions and runs verification tools on uploaded design files to identify suspicious elements. In a demonstration, VeriChat successfully detected a planted Trojan in an AES S-Box that leaked encryption keys upon a rare trigger sequence. The system uses a retrieval-based approach to ensure factual accuracy and refuses to speculate when evidence is insufficient. While promising, the tool's effectiveness against unknown or novel attacks remains unproven, and some evaluation methods rely on AI-based judgments. VeriChat aims to address supply chain risks by enabling engineers to interrogate and verify third-party hardware components more effectively.

Reddit Discussion

r/cybersecurity·posted by u/sunychoudhary
00

Researchers at the University of Florida built a tool aimed at this problem. Called VeriChat, it works as a conversational assistant for hardware security engineers. The system answers technical questions about chip security and runs verification tools directly on a design file that a user uploads.

https://www.helpnetsecurity.com/2026/07/13/hardware-security-ai-assistant-hidden-backdoors/

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/13/2026, 08:02:35 UTC

Technical Analysis

VeriChat is a hardware security AI assistant developed by the University of Florida to detect hidden backdoors in integrated circuit designs. It functions as a conversational agent that answers security-related questions and runs automated verification tools on user-uploaded chip design files. VeriChat employs a three-agent retrieval-first architecture to source information from a curated library of hardware security papers and live web results, ensuring answers are evidence-based and limiting hallucinations common in general chatbots. In a proof-of-concept, VeriChat identified a deliberately inserted Trojan in an AES S-Box that leaked secret keys upon detecting a rare trigger sequence. The system performed syntax checks, synthesis analysis, simulation of the trigger, and formal verification to confirm the data leak. Evaluations showed VeriChat achieved 87.73% factual accuracy and effectively rejected fabricated technical claims. However, the demonstration used a known implant created by the researchers themselves, leaving open the question of detection efficacy for unknown threats. The tool addresses the challenge of hardware supply chain security by enabling engineers to query suspicious designs in natural language and validate findings with automated checks.

Potential Impact

VeriChat provides hardware security engineers with a tool to detect hidden backdoors and Trojans in chip designs, potentially reducing the risk of supply chain attacks involving malicious circuitry. By automating verification and providing evidence-backed answers, it can improve the accuracy and efficiency of hardware security assessments. However, its current validation is limited to known implants created by the developers, so its effectiveness against novel or sophisticated backdoors remains to be proven. There are no known exploits in the wild related to VeriChat itself, and it is not a vulnerability but a security tool.

Mitigation Recommendations

This entry describes a security tool rather than a vulnerability. No patch or remediation is applicable. Users interested in hardware security verification can consider evaluating VeriChat as a potential aid in detecting hidden backdoors. Since the tool is newly developed and demonstrated, engineers should continue to validate its findings independently and not rely solely on its output. No urgent action is required.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":30,"reasons":["external_link","newsworthy_keywords:backdoor","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["backdoor"],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a549b9068715ace4374623b

Added to database: 07/13/2026, 08:02:24 UTC

Last enriched: 07/13/2026, 08:02:35 UTC

Last updated: 07/14/2026, 02:47:37 UTC

Views: 21

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses