Yeah, there’s lots of hypothetical routes. Braiins or similar getting a poisoned repo would be my bet for a real attack, but I was mostly considering how much of an impact it would have to, say, slip a few tens of millions to a handful of TSMC (or buy 15% of NVIDIA…) design engineers to include something on the compute dies. The specific issue with ASICs is that manipulations could be present below firmware, baked in at the physical silicon level, and with modern lithographic densities there’s essentially no mechanism for anyone to check to make sure that hasn’t happened.
Yeah, there’s lots of hypothetical routes. Braiins or similar getting a poisoned repo would be my bet for a real attack, but I was mostly considering how much of an impact it would have to, say, slip a few tens of millions to a handful of TSMC (or buy 15% of NVIDIA…) design engineers to include something on the compute dies. The specific issue with ASICs is that manipulations could be present below firmware, baked in at the physical silicon level, and with modern lithographic densities there’s essentially no mechanism for anyone to check to make sure that hasn’t happened.