Researchers from Imperial College London and Bytedance released “Systems-Level Attack Surface of Edge Agent Deployments on IoT”.
Abstract
“Edge deployment of LLM agents on IoT hardware introduces attack surfaces absent from cloud-hosted orchestration. We present an empirical security analysis of three architectures (cloud-hosted, edge-local swarm, and hybrid) using a multi-device home-automation testbed with local MQTT messaging and an Android smartphone as an edge inference node. We identify five systems-level attack surfaces, including two emergent failures observed during live testbed operation: coordination-state divergence and induced trust erosion. We frame core security properties as measurable systems metrics: data egress volume, failover window exposure, sovereignty boundary integrity, and provenance chain completeness. Our measurements show that edge-local deployments eliminate routine cloud data exposure but silently degrade sovereignty when fallback mechanisms trigger, with boundary crossings invisible at the application layer. Provenance chains remain complete under cooperative operation yet are trivially bypassed without cryptographic enforcement. Failover windows create transient blind spots exploitable for unauthorised actuation. These results demonstrate that deployment architecture, not just model or prompt design, is a primary determinant of security risk in agent-controlled IoT systems.”
Find the technical paper here. February 2026.
Zhan, Zhonghao, Krinos Li, Yefan Zhang, and Hamed Haddadi. “Systems-Level Attack Surface of Edge Agent Deployments on IoT.” arXiv preprint arXiv:2602.22525 (2026).
Leave a Reply