Table of Contents
Fetching ...

MARVEL: Multi-Agent RTL Vulnerability Extraction using Large Language Models

Luca Collini, Baleegh Ahmad, Joey Ah-kiow, Ramesh Karri

TL;DR

This work proposes MARVEL, a multi-agent LLM framework for a unified approach to decision-making, tool use, and reasoning in hardware security verification, which mimics the cognitive process of a designer looking for security vulnerabilities in RTL code.

Abstract

Hardware security verification is a challenging and time-consuming task. Design engineers may use formal verification, linting, and functional simulation tests, coupled with analysis and a deep understanding of the hardware design being inspected. Large Language Models (LLMs) have been used to assist during this task, either directly or in conjunction with existing tools. We improve the state of the art by proposing MARVEL, a multi-agent LLM framework for a unified approach to decision-making, tool use, and reasoning. MARVEL mimics the cognitive process of a designer looking for security vulnerabilities in RTL code. It consists of a supervisor agent that devises the security policy of the system-on-chips (SoCs) using its security documentation. It delegates tasks to validate the security policy to individual executor agents. Each executor agent carries out its assigned task using a particular strategy. Each executor agent may use one or more tools to identify potential security bugs in the design and send the results back to the supervisor agent for further analysis and confirmation. MARVEL includes executor agents that leverage formal tools, linters, simulation tests, LLM-based detection schemes, and static analysis-based checks. We test our approach on a known buggy SoC based on OpenTitan from the Hack@DATE competition. We find that of the 51 issues reported by MARVEL, 19 are valid security vulnerabilities, 14 are concrete warnings, and 18 are hallucinated reports.

MARVEL: Multi-Agent RTL Vulnerability Extraction using Large Language Models

TL;DR

This work proposes MARVEL, a multi-agent LLM framework for a unified approach to decision-making, tool use, and reasoning in hardware security verification, which mimics the cognitive process of a designer looking for security vulnerabilities in RTL code.

Abstract

Hardware security verification is a challenging and time-consuming task. Design engineers may use formal verification, linting, and functional simulation tests, coupled with analysis and a deep understanding of the hardware design being inspected. Large Language Models (LLMs) have been used to assist during this task, either directly or in conjunction with existing tools. We improve the state of the art by proposing MARVEL, a multi-agent LLM framework for a unified approach to decision-making, tool use, and reasoning. MARVEL mimics the cognitive process of a designer looking for security vulnerabilities in RTL code. It consists of a supervisor agent that devises the security policy of the system-on-chips (SoCs) using its security documentation. It delegates tasks to validate the security policy to individual executor agents. Each executor agent carries out its assigned task using a particular strategy. Each executor agent may use one or more tools to identify potential security bugs in the design and send the results back to the supervisor agent for further analysis and confirmation. MARVEL includes executor agents that leverage formal tools, linters, simulation tests, LLM-based detection schemes, and static analysis-based checks. We test our approach on a known buggy SoC based on OpenTitan from the Hack@DATE competition. We find that of the 51 issues reported by MARVEL, 19 are valid security vulnerabilities, 14 are concrete warnings, and 18 are hallucinated reports.
Paper Structure (35 sections, 16 figures, 2 tables)

This paper contains 35 sections, 16 figures, 2 tables.

Figures (16)

  • Figure 1: Supervisor-Executor Architecture.
  • Figure 2: MARVEL's Multi-Agentic Framework. Purple denotes LLM assistants, Orange denotes tools, and Blue denotes RAG databases. The Supervisor Agent can list directories, read from files, and assign tasks to executor agents. From the responses, it may decide to continue assigning tasks or determine that the security analysis is complete. Simulator, Similar Bug, CWE, Assertion, Linter, and Anomaly agents are executor agents, each responsible for a specific security verification task.
  • Figure 3: Supervisor Agent's System Prompt. It is instructed to analyze the given SoC for security bugs. It provides information about the executor agents and is tasked to produce a security report.
  • Figure 4: Results using reasoning (Gemini 2.5 Pro and GPT-5) and non-reasoning (GPT-4.1) models.
  • Figure 5: Normalized and Absolute Supervisor Action Distribution, Overall and for single IPs.
  • ...and 11 more figures