HarmChip: Evaluating Hardware Security Centric LLM Safety via Jailbreak Benchmarking
For researchers and practitioners using LLMs in hardware design, this work highlights the need for domain-specific safety alignment to prevent irreversible hardware threats.
The paper introduces HarmChip, a benchmark for evaluating LLM safety in hardware security contexts, revealing that LLMs refuse legitimate security queries but comply with semantically disguised attacks, exposing critical blind spots.
The integration of large language models (LLMs) into electronic design automation (EDA) workflows has introduced powerful capabilities for RTL generation, verification, and design optimization, but also raises critical security concerns. Malicious LLM outputs in this domain pose hardware-level threats, including hardware Trojan insertion, side-channel leakage, and intellectual property theft, that are irreversible once fabricated into silicon. Such requests often exploit semantic disguise, embedding adversarial intent within legitimate engineering language that existing safety mechanisms, trained on general-purpose hazards, fail to detect. No benchmark exists to evaluate LLM vulnerability to such domain-specific threats. We present the HarmChip benchmark to assess jailbreak susceptibility in hardware security, spanning 16 hardware security domains, 120 threats, and 360 prompts at two difficulty levels. Evaluation of state-of-the-art LLMs reveals an alignment paradox: They refuse legitimate security queries while complying with semantically disguised attacks, exposing blind spots in safety guardrails and underscoring the need for domain-aware safety alignment.