Hardware Trojans (HTs) remain a critical threat because learning-based detectors often overfit to narrow trigger/payload patterns and small, stylized benchmarks. We introduce TrojanGYM, an agentic, LLM-driven framework that automatically curates HT insertions to expose detector blind spots while preserving design correctness. Given high-level HT specifications, a suite of cooperating LLM agents (instantiated with GPT-4, LLaMA-3.3-70B, and Gemini-2.5Pro) proposes and refines RTL modifications that realize diverse triggers and payloads without impacting normal functionality. TrojanGYM implements a feedback-driven benchmark generation loop co-designed with HT detectors, in which constraint-aware syntactic checking and GNN-based HT detectors provide feedback that iteratively refines HT specifications and insertion strategies to better surface detector blind spots. We further propose Robust-GNN4TJ, a new implementation of the GNN4TJ with improved graph extraction, training robustness, and prediction reliability, especially on LLM-generated HT designs. On the most challenging TrojanGYM-generated benchmarks, Robust-GNN4TJ raises HT detection rates from 0% to 60% relative to a prior GNN-based detector. We instantiate TrojanGYM on SRAM, AES-128, and UART designs at RTL level, and show that it systematically produces diverse, functionally correct HTs that reach up to 83.33% evasion rates against modern GNN-based detectors, revealing robustness gaps that are not apparent when these detectors are evaluated solely on existing TrustHub-style benchmarks. Post peer-review, we will release all codes and artifacts.

翻译：硬件木马（HTs）因其对基于学习的检测器常过度拟合于狭窄的触发/载荷模式及小型风格化基准测试而构成持续的重大威胁。本文提出TrojanGYM，一种基于大语言模型的智能体框架，能自动生成HT植入方案以暴露检测器盲区，同时保持设计正确性。给定高层HT规范，一组协同工作的大语言模型智能体（基于GPT-4、LLaMA-3.3-70B和Gemini-2.5Pro实例化）可提出并优化RTL级修改方案，在实现多样化触发机制与载荷功能的同时不影响电路正常功能。TrojanGYM构建了与HT检测器协同设计的反馈驱动式基准生成循环，其中约束感知的语法检查与基于GNN的HT检测器提供反馈，迭代优化HT规范与植入策略，从而更有效地揭示检测器盲区。我们进一步提出Robust-GNN4TJ——一种改进的GNN4TJ新实现，其增强了图结构提取能力、训练鲁棒性与预测可靠性，尤其针对大语言模型生成的HT设计。在最富挑战性的TrojanGYM生成基准测试中，相较于先前的基于GNN的检测器，Robust-GNN4TJ将HT检测率从0%提升至60%。我们在RTL层级对SRAM、AES-128和UART设计实例化TrojanGYM，证明其能系统化生成多样化且功能正确的HTs，对现代基于GNN的检测器实现高达83.33%的规避率，揭示了仅使用现有TrustHub风格基准测试评估时无法显现的检测器鲁棒性缺陷。经同行评审后，我们将公开全部代码与实验材料。