This work addresses the growing threat of reverse engineering and tampering in globalized IC supply chains by proposing the first agent-based, large language model (LLM)-driven framework for automated generation of secure and functionally correct obfuscated circuits. The approach decomposes the obfuscation task into distinct phases—circuit analysis, synthesis, verification, and attack evaluation—and integrates retrieval-augmented planning with structured logic locking to overcome the limitations of conventional single-step prompting. Evaluated on the ISCAS-85 benchmark suite, the method successfully produces functionally equivalent locked netlists that effectively corrupt outputs under incorrect keys. Although susceptibility to SAT attacks persists, the results demonstrate the feasibility and promise of end-to-end automated circuit obfuscation.

The globalization of integrated circuit (IC) design and manufacturing has increased the exposure of hardware intellectual property (IP) to untrusted stages of the supply chain, raising concerns about reverse engineering, piracy, tampering, and overbuilding. Hardware netlist obfuscation is a promising countermeasure, but automating the generation of functionally correct and security-relevant obfuscated circuits remains challenging, particularly for benchmark-scale designs. This paper presents an agentic, large language model (LLM)-driven framework for automated hardware netlist obfuscation. The proposed framework combines retrieval-grounded planning, structured lock-plan generation, deterministic netlist compilation, functional verification, and SAT-based security evaluation. Rather than a single prompt-to-output generation step, the framework decomposes the task into specialized stages for circuit analysis, synthesis, verification, and attack evaluation. We evaluate the framework on ISCAS-85 benchmarks using functional equivalence checking and SAT-based attacks. Results show that the framework generates correct locked netlists while introducing measurable output corruption under incorrect keys, while SAT attacks remain effective. These findings highlight both the potential and current limitations of agentic LLM-driven obfuscation.