Security researchers are warning that the specialised chips powering artificial intelligence features in smartphones, industrial sensors and connected devices are becoming a growing cybersecurity risk, as companies race to deploy AI at the edge of networks.
Recent studies and vulnerability disclosures suggest that AI accelerators, chips designed to handle machine learning tasks locally on devices, may expose systems to attacks that bypass traditional operating system protections.
Researchers from New York University and the University of California, Santa Barbara, published findings this week showing that six of seven tested AI accelerators from major vendors could be manipulated into carrying out privileged operations on behalf of malicious applications. The researchers said the flaw affected more than 128 system-on-chip designs and potentially more than 100 million devices.
The study focused on what is called “confused deputy attacks”, where AI accelerators perform actions beyond normal application permissions because the chips operate outside many conventional operating system security controls.
The issue comes as AI processing increasingly shifts from cloud servers to local devices, including laptops, cameras, cars and industrial equipment. Chipmakers and device manufacturers have promoted edge AI as a way to reduce latency, lower cloud costs, and improve privacy.
But cybersecurity researchers say the rapid deployment of AI hardware has created new attack surfaces.
Last month, researchers at Kaspersky disclosed a hardware-level vulnerability affecting several Qualcomm Snapdragon and modem chipsets used in smartphones, industrial systems and automotive components. The flaw, located in the BootROM firmware, could allow attackers to gain access to stored data, sensors and in some cases full device control.
Separately, researchers at ETH Zurich disclosed a vulnerability in AMD’s EPYC server processors that could allow malicious cloud providers to access encrypted virtual machine memory and forge security attestations. AMD has since issued patches.
Security concerns are also expanding beyond hardware flaws to AI-driven vulnerability discovery itself.
Google’s Threat Intelligence Group said this month it had identified what it described as the first confirmed AI-assisted zero-day exploit used in real-world attacks.
Meanwhile, cybersecurity firm Calif said Anthropic’s experimental Mythos AI system helped researchers develop a working exploit against Apple’s macOS security protections within five days.
Industry reports suggest the wider cybersecurity environment is also worsening. Verizon’s 2026 Data Breach Investigations Report found that vulnerability exploitation overtook stolen credentials as the leading cause of security breaches for the first time, accounting for 31% of incidents reviewed.
Researchers said many organisations remain focused on securing software applications while underestimating risks linked to AI hardware and inference infrastructure.
Analysts expect spending on edge AI devices to continue growing despite the concerns, particularly in industrial automation, automotive systems and consumer electronics. However, researchers said the industry may need stronger security standards for AI accelerators and embedded AI systems as adoption expands.
