AI-FI: Giving Claude Code Glitch Skills for Bypassing Secure Boot (raelize.com)

AI-FI, an innovative AI project, has successfully executed a Fault Injection attack that bypasses Secure Boot on the Espressif ESP32 System on Chip (SoC) using Claude Code, an AI designed for hardware vulnerability exploitation. This groundbreaking demonstration marks the first publicly-documented AI-driven Fault Injection attack at such a comprehensive level, where all hardware and software tooling was generated solely by the AI without human code intervention. By meticulously managing a sophisticated setup involving glitch injection and real-time monitoring, Claude managed to reprogram the flash memory and navigate through various complexities autonomously, showcasing its capability to adapt and optimize strategies in a real-world scenario. The significance of this development lies in the demonstration of an agentic workflow for discovering and exploiting hardware vulnerabilities, suggesting that such AI-assisted techniques could revolutionize the security landscape in both hardware and software realms. Moving forward, the implications of employing AI like Claude to automate and enhance penetration tests and vulnerability assessments could lead to faster, more efficient security evaluations, though it also raises serious concerns about the potential misuse of these technologies by malicious actors. The attack itself specifically affects ESP32 V1, which has been mitigated in ESP32 V3, but the underlying principles could apply to other platforms, emphasizing a pressing need for improved security measures across the board.