ESPY Logo | Chip Scan

ESPY Prequal Appliance

A gatekeeper to keep vulnerabilities out of your microelectronics.
The ultimate solution to achieve Zero Trust for microelectronics.

As hardware design threats continue to increase, it is vital to assume that any item used in the design may be compromised. But with ESPY Prequal Appliance, you can rest assured that your hardware design is safe and secure. ESPY Prequal Appliance detects undocumented stealthy functionality, flaws, trojans, backdoors, and other risks well before fabrication. It continuously certifies trust at every stage, from the receipt of third-party IP to modifications of that IP, to even first and second-party IP used in the design. This type of checking provides the assurance and trust necessary to build secure mission-critical systems.

Don't leave your hardware design vulnerable to potential threats. Trust ESPY Prequal Appliance to provide the necessary protection and security your design deserves. Get your ESPY Prequal Appliance today and achieve hardware Zero Trust for Microelectronics.
ESPY Product Image
Accidental or malicious modifications can creep into a design via insider modifications. Similar to a simulation appliance, ESPY scans each and every design change and notifies your team of when risky material appears in a design.

Secure on-premises

ESPY is designed with national security applications in mind, and our appliances are self contained and operate without a cloud connection. Your proprietary IP remains on-site and never leaves the Prequal appliance.

Threat Discovery

ESPY discovers many types of hardware threats such as hardware backdoors, trojans and stealthy hidden functionality. Our tools can also crack the triggers necessary to exercise discovered threats to aid remediation.

Are there special considerations for DoD contractors?

DoD contracts are required to incorporate DFARS 252.239-7017 and 252.239-7018, on supply chain risks, with few exceptions. These regulations have been updated as recently as 2022 to address the risk of sabotage and subversion of all microelectronics used by the DoD including systems that use commercial off-the-shelf components.  These clauses apply to systems delivered to the government or operated as a service for the government, including those used for intelligence missions, national security cryptography, command and control of military forces, weapon systems, and more. Chip Scan’s ESPY tool can satisfy these requirements.

What should I expect with ESPY Prequal?

ESPY Prequal Appliance racks up on-site and is used to continuously assure all in-house and third-party IP cores. It does not require changes to your workflow. You do not need to learn a new language. It does not even require high level source, but it will work better with it. It works seamlessly in the background until it discovers a vulnerability such as a stealthy flaw, hardware trojan, backdoor or other undocumented material. ESPY will help you address cyber risk and safeguard your digital microelectronics products against malicious implants and even accidental vulnerabilities well before costly fabrication.
Many designers are familiar with functional verification and validation (V&V) or even formal methods which has the goal of detecting functional deviations from design intent. However, ESPY has a different goal: discovery of stealthy/hidden functionality that represent cybersecurity threats that are difficult to detect using other tools and methods. For example, hardware trojans and intentionally hidden backdoors may never be caught by V&V. ESPY detects, documents and helps remediation by providing attentional guidance to designers.
In many cases, third party IP or even legacy IP is used and does not have high level source available. Sometimes the third party IP contains obfuscations and protections to prevent easy identification of the functionality. Sometimes legacy IP was inherited from a prior design with very little documentation. Errata and additional undocumented functionality can be baked in resulting in potential vulnerabilities the team simply isn't aware of. In these cases, ESPY can be used to identify vulnerabilities and help hardware designers remediate them.  
Credit card mockups

Choose the edition that works for you

The full edition of ESPY that scans the workflow of an entire team of hardware designers.
An inexpensive single seat appliance for scanning the workflow of a single designers.
A cloud secured SaaS version of ESPY.
Dashboard mockup

No Golden Models, Ever.

ESPY offers a unique advantage: we don't rely on a golden model, essentially a clean reference version of your product. Crafting and maintaining a golden reference model is tricky because the model is not guaranteed to be entirely free of threats. Without a reliable way to verify its cleanliness, the threats in the golden model may find their way into the design, posing a significant risk to the end product. With ESPY, we quickly identify risks without relying on a golden model.
IP/Design does not go to the cloud
DoD 5400.44 Compliance
Appropriate for secure environments
Scans third party IP
Dashboard mockup

No Databases of Malicious Code!

At the present stage of hardware malware, any organization that has built up comprehensive "antivirus" type databases of hardware trojans and backdoors are probably not the good guys. Further, the way silicon is developed, the myriad of proprietary toolchains and optimizations that bake functionality into the final form will likely obscure malicious code and prevent positive identification. ESPY uses proven mathematical methods that identify a signal that indicates a high likelihood of stealthy vulnerabilities without knowing the specific implementation.
IP/Design does not go to the cloud
DoD 5400.44 Compliance
Appropriate for secure environments
Scans third party IP
Dashboard mockup

Much faster than formal verification

Formal verification is a systematic process that verifies the intent of the design is carried out in the implementation. Use of these tools requires expertise in an assertion language, training in an assertion tool, and often requires the expense of a Ph.D. level operator to be more sure it's done correctly. Beyond a certain level of complexity, formal verification software takes unreasonable amounts of time and resources to fully verify every assertion. For this reason, standards across major industries recommend formal methods but cannot require them. These standards include:  RTCA DO-254, DO-178C, ISO 26262, MIL-STD-882, EN 50128, IEC 61508 and many more. We recommend using a continuous assurance method like ESPY either alone, or in concert with a formal method where possible.
Does not require learning a domain specific language
ESPY produces fast results without the overhead of formal methods
ESPY discovers undocumented functionality detrimental to safety
Does not preclude use of formal methods alongside ESPY


ESPY was designed from the beginning with security in mind. ESPY Prequal does not require an Internet connection. It also operates out-of-band with the toolchain. Chip Scan is cognizant of threats to the toolchain and the assurance of the toolchain itself is as important as the assurance of your designs. As designs are created or changed, special one-directional scripts are used to transport your designs into ESPY Prequal. These designs are examined and when threats are discovered, ESPY will signal for an engineer.

ESPY is designed to integrate at multiple points in the design workflow. For example, pre or post RTL, verification, post-synthesis. As part of Zero Trust practices, rescanning the IP as the toolchain transforms the material is important to assure against a compromised toolchain.

Rapidly adopt the capabilities of ESPY with ESPY Cloud

ESPY Cloud allows you to rapidly adopt the full capabilities of ESPY without the up front time and cost needed to install and maintain hardware assurance on site.

Peer Reviewed Publications

The ESPY technology was developed in response to the Department of Defense's need for novel techniques for exposing compromised hardware during design and integration. Our techniques have been published, academically peer-reviewed, thoroughly red-teamed, improved, and later baked into our commercial Prequal appliance.

Technical Specifications

High Level Language Support
Verilog 2005, VHDL, SystemVerilog IEEE 1800-2005/2009/2012/2017.
Golden Model
No golden model is required.
Input Support
Netlists, high level source.
Toolchain Support
ESPY supports most commercial toolchains.
ASICs / FPGAs / 3PIP / SoCs
While under support, Chip Scan provides bug fixes and maintenance for your appliances. In the event of parts or appliance failure, Chip Scan provides advanced parts replacement warranty and on-site service.
U.S. Patents

Useful Documents

Guide on MITRE's Hardware CWE and ESPY Mitigations

Frequently asked questions

Everything you need to know about the ESPY.
Can we request a demonstration?
Yes, you can schedule a demonstration with Chip Scan to get a sense for how to operate the user interface portion of ESPY. After watching the demonstration, we offer a free limited version of ESPY to run through its capabilities.
Can we request a pilot installation?
Chip Scan has a commercial pilot program where we ship out a loaner appliance. We understand it's important to understand how a tool interacts with your IP especially when your organization does not allow your IP to leave premises. Contact us for details on how a limited pilot can help.
Does this scale to very large projects?
Yes. Depending on performance requirements, sometimes multiple appliances are required to maintain good performance with very large designs.
Is Chip Scan a US company?
We are US owned and operated. CAGE code 73SX3.
Does Chip Scan have a contract vehicle for acquisitions?
Yes!  Any federal agency may enter into a Phase III commercial contract with no requirement for compete. Phase III contracts may be executed against any prior Chip Scan SBIR award related to ESPY.
Are USG contractors required to comply?
Yes!  Since 2011, all acquisition contracts for unclassified commercial components are subject to FAR Part 12, DFARS 252.239-7306 and 252.239-7018 that requires all items used for intelligence activities, national security cryptography, command and control of military forces, integral to weapons, non-routine critical to direct fulfillment of military/intelligence missions to be risk mitigated against sabotage, unwanted functions, subversion of a covered system as to surveil, deny, disrupt, degrade function/use/operations of such a system. This includes both government and contractor operated items.

Level up your security today

Schedule a consultation with us. Let's talk.

Other products we offer

Chip Scan offers proven complementary tools and capabilities for protecting the various layers of your hardware systems.


Protect your operational technology (OT) systems against modern cyber attacks.

Deep Lift

Real introspection of digital microelectronics, rapidly decompile and recover critical design elements and high level source from the gate level.