AI Agents Can Defeat Security by Obscurity for Rowhammer Defenses
- Stefan Saroiu ,
- Alec Wolman ,
- Jay Bosamiya ,
- Adam Grenzebach ,
- Victor Bahl
Workshop on DRAM Security (DRAMSec) |
The era of AI agents is disrupting the benefits of security by obscurity for Rowhammer defenses. While industry relies on secrecy as a defense layer for Rowhammer mitigations, it is unclear whether obscurity will continue to provide a measurable security benefit. This paper puts forward an agentic framework to evaluate the benefits of obscurity. We evaluate seven underprovisioned Rowhammer defenses under whitebox, graybox, and blackbox threat models,
asking agents to find traces that cause bit flips, maximize DRFM activity, or maximize memory controller stalls. Our results show that agents achieve these goals regardless of how much information is withheld, suggesting that design secrecy should not be counted as a defense layer.