On 17 July 2026, researchers posted an arXiv preprint describing malcos, a tool that automatically extracts leakage contracts from x86 and ARM processors without manual templates [S1]. If the approach holds up, it could change how chipmakers document the side-channel risks baked into every modern CPU. But the paper has not been peer-reviewed, and the tool's guarantees have a narrow scope that matters more than the headline suggests.
What a leakage contract actually is
Side-channel attacks exploit subtle differences in how CPUs behave to leak sensitive data [S1]. A leakage contract is a security abstraction at the instruction set architecture level that describes what information each instruction might expose, giving software developers a foundation for writing code that stays safe [S1]. Think of it as a nutrition label for a CPU instruction: it tells you exactly what data the instruction might leak to an attacker watching timing, power draw, or cache behaviour.
Until now, writing these contracts required extensive manual effort [S1], and most modern CPUs simply do not have dedicated leakage contracts [S1]. Prior work, including research on open-source RISC-V processors [P4], has tackled contract synthesis for chips where the design is open and inspectable. For proprietary black-box CPUs like Intel's x86 or ARM's designs, the internal workings are hidden, making manual contract writing even harder.
How malcos works
The authors, including Elvira Moreno Sánchez of IMDEA Software Institute and Tiziano Marinaro of CISPA Helmholtz Center [P2], built malcos to extract instruction-centric leakage contracts with minimal human intervention [S1]. They call it the first template-free tool that automates this synthesis for black-box CPUs [S1]. "Template-free" means the tool does not need a human to pre-define the structure of potential leaks; it discovers them on its own.
The team evaluated malcos on both x86 and ARM processors [S1]. The contracts it produced were precise and sound with respect to all leaks observed during the synthesis process [S1]. That last phrase matters: the guarantee covers only the leaks malcos actually saw, not every possible leak the CPU might produce under conditions the tool did not test.
What it means
For a reader with no security background, here is the core problem. Every time your CPU executes an instruction, it leaves traces: how long it took or which cache lines it touched. An attacker who can measure these traces can sometimes reconstruct secret data like encryption keys. A leakage contract tells software developers which instructions are safe to use with sensitive data and which ones might leak.
malcos automates the discovery of these contracts for CPUs whose internal designs are not public. The paper's conclusion is straightforward: learning leakage contracts from black-box CPUs is feasible [S1]. That matters because the two most common CPU families in the world, x86 and ARM, are both largely black-box from a researcher's perspective.
What it means for business
For a two-person cybersecurity firm auditing client infrastructure, tools like malcos could eventually reduce the cost of side-channel assessments. Today, evaluating whether a client's x86 or ARM deployment is vulnerable to timing or cache attacks requires deep expertise and weeks of manual analysis. An automated contract extraction tool would not replace that work, but it could give auditors a starting map of which instructions leak what.
For a cloud provider running multi-tenant workloads on shared x86 servers, precise leakage contracts would let engineers write software that avoids leaky instructions in security-critical code paths. The same applies to any company building cryptographic libraries: knowing which CPU instructions are safe is the difference between a library that protects user data and one that silently bleeds it.
No CPU vendor has endorsed or implemented these contracts yet, and the tool has not been deployed commercially. The practical impact depends on whether vendors adopt the methodology or whether independent security teams use malcos to pressure them into publishing contracts.
What we don't know yet
The paper is a preprint and has not been peer-reviewed [S1]. The "precise and sound" claim applies only to leaks observed during synthesis, not to all possible CPU behaviours under all conditions [S1]. The authors' claim that malcos is the first template-free tool of its kind is self-asserted and has not been independently verified.
The arXiv listing also places the paper in the q-fin.GN category alongside cs.CR, which is unusual for a computer security paper [S1]. This may be a tagging error or may reflect a cross-disciplinary element not obvious from the title.
The next step is peer review and, ideally, independent reproduction of the results on the same x86 and ARM processors. Watch for whether the authors release malcos publicly, and whether CPU vendors respond with their own contract publications.
If this kind of deep-dive reporting is what you come here for, subscribe to keep reading.
Sources
- [S1] Automated Template-free Synthesis of Instruction-Centric Leakage Contracts for Black-Box CPUs — arXiv preprint (cs.CR, q-fin.GN) (attributed)
- [P2] Automated Template-free Synthesis of Instruction-Centric Leakage Contracts for Black-Box CPUs — Automated Template-free Synthesis of Instruction-Centric Leakage Contracts for Black-Box CPUs (attributed)
- [P3] skills/huggingface-paper-publisher/SKILL.md — skills/huggingface-paper-publisher/SKILL.md (attributed)
- [P4] Synthesis of Sound and Precise Leakage Contracts for Open-Source RISC-V Processors — Synthesis of Sound and Precise Leakage Contracts for Open-Source RISC-V Processors (attributed)
- [P5] zilongwang123/LeaSyn — zilongwang123/LeaSyn (attributed)
Related reading
- StoryTeller: training-free AI for film audio descriptions — our technology desk, 2026-07-14
- Label-free AI sorts real cosmic signals from noise — our technology desk, 2026-07-13
- Retrain-free recommendation system serves new users in under 1ms — our technology desk, 2026-07-17
Generated from an audited evidence pack with primary-source research. Social-media items are discussion signals, not verified facts. Nothing here is financial, legal or medical advice.