English

Systems-Level Attack Surface of Edge Agent Deployments on IoT

Cryptography and Security 2026-04-23 v2

Abstract

Edge deployment of LLM agents on IoT hardware introduces attack surfaces absent from cloud-hosted orchestration. We present an empirical security analysis of three architectures (cloud-hosted, edge-local swarm, and hybrid) using a multi-device home-automation testbed with local MQTT messaging and an Android smartphone as an edge inference node. We identify five systems-level attack surfaces, including two emergent failures observed during live testbed operation: coordination-state divergence and induced trust erosion. We frame core security properties as measurable systems metrics: data egress volume, failover window exposure, sovereignty boundary integrity, and provenance chain completeness. Our measurements show that edge-local deployments eliminate routine cloud data exposure but silently degrade sovereignty when fallback mechanisms trigger, with boundary crossings invisible at the application layer. Provenance chains remain complete under cooperative operation yet are trivially bypassed without cryptographic enforcement. Failover windows create transient blind spots exploitable for unauthorised actuation. These results demonstrate that deployment architecture, not just model or prompt design, is a primary determinant of security risk in agent-controlled IoT systems.

Keywords

Cite

@article{arxiv.2602.22525,
  title  = {Systems-Level Attack Surface of Edge Agent Deployments on IoT},
  author = {Zhonghao Zhan and Krinos Li and Yefan Zhang and Hamed Haddadi},
  journal= {arXiv preprint arXiv:2602.22525},
  year   = {2026}
}

Comments

Proceedings of the 6th Workshop on Machine Learning and Systems (EuroMLSys '26), co-located with EuroSys 2026

R2 v1 2026-07-01T10:53:10.315Z