AI Accelerators in Devices Present Significant Cybersecurity Risks

Severity: High (Score: 69.5)

Sources: Newindianexpress

Published: 2026-05-22 · Updated: 2026-05-22

Keywords: chips, devices, risk, inside, everyday, emerge, cyber

Summary

Security researchers have identified vulnerabilities in AI accelerators used in smartphones and connected devices, potentially affecting over 100 million devices. A study from NYU and UC Santa Barbara revealed that six out of seven tested AI chips could be exploited to perform unauthorized privileged operations. This type of attack, known as 'confused deputy attacks', bypasses traditional OS security controls. Recent vulnerabilities in Qualcomm and AMD chips further exacerbate the issue, allowing attackers to access sensitive data and control devices. The shift of AI processing from cloud to local devices increases the attack surface. Additionally, Google reported the first confirmed AI-assisted zero-day exploit in real-world attacks. The 2026 Verizon Data Breach Investigations Report indicates that vulnerability exploitation is now the leading cause of breaches, surpassing stolen credentials. Many organizations are still underestimating the risks associated with AI hardware. Key Points: • Vulnerabilities in AI accelerators could affect over 100 million devices. • Confused deputy attacks exploit AI chips, bypassing traditional security controls. • Vulnerability exploitation is now the leading cause of security breaches.

Detailed Analysis

**Impact** Over 100 million devices across sectors including smartphones, industrial automation, automotive systems, and consumer electronics are affected by vulnerabilities in AI accelerators embedded in system-on-chip designs. The flaws enable attackers to perform privileged operations, risking unauthorized data access and device control. The shift of AI processing to edge devices increases exposure to attacks that bypass traditional OS protections, potentially disrupting business operations and compromising sensitive data globally. **Technical Details** The primary attack vector involves “confused deputy attacks” exploiting AI accelerators operating outside conventional OS security controls to execute privileged actions on behalf of malicious applications. Vulnerabilities include hardware-level flaws such as a BootROM firmware issue in Qualcomm Snapdragon and modem chipsets, and a memory access flaw in AMD EPYC processors. AI-assisted zero-day exploits have been confirmed in real-world attacks, including those developed using Anthropic’s Mythos AI system targeting macOS. Specific CVEs were not provided in the articles. **Recommended Response** Apply available patches from AMD and Qualcomm promptly to address disclosed hardware vulnerabilities. Implement monitoring for anomalous privileged operations originating from AI accelerators and edge AI components. Harden device firmware and restrict AI accelerator permissions where possible. Maintain vigilance for AI-assisted exploit activity and update detection rules accordingly. Further security standards development for AI hardware is advised as adoption expands.

Source articles (2)

• AI chips inside everyday devices emerge as new cyber risk — Newindianexpress · 2026-05-21
  Security researchers are warning that the specialised chips powering artificial intelligence features in smartphones, industrial sensors and connected devices are becoming a growing cybersecurity risk…
• AI chips inside everyday devices emerge as new cyber risk — Newindianexpress · 2026-05-21
  Security researchers are warning that the specialised chips powering artificial intelligence features in smartphones, industrial sensors and connected devices are becoming a growing cybersecurity risk…

Timeline

• 2026-04-20 — Qualcomm vulnerability disclosed: Kaspersky reported a hardware-level vulnerability in Qualcomm chipsets that could allow full device control.
• 2026-05-01 — AMD vulnerability disclosed: ETH Zurich researchers revealed a vulnerability in AMD EPYC processors allowing access to encrypted virtual machine memory.
• 2026-05-15 — First AI-assisted zero-day exploit confirmed: Google's Threat Intelligence Group identified the first confirmed AI-assisted zero-day exploit in real-world attacks.
• 2026-05-21 — AI accelerator vulnerabilities disclosed: Researchers found that six of seven tested AI accelerators could be manipulated for unauthorized operations, impacting over 100 million devices.
• 2026-05-22 — Verizon report highlights breach trends: The 2026 Data Breach Investigations Report found vulnerability exploitation overtook stolen credentials as the leading cause of breaches.

Related entities

• Data Breach (Attack Type)
• Zero-day Exploit (Attack Type)
• ETH Zurich (Company)
• Kaspersky (Company)
• CWE-200 - Exposure of Sensitive Information (Cwe)
• CWE-269 - Improper Privilege Management (Cwe)
• T1068 - Exploitation for Privilege Escalation (Mitre Attack)
• AMD EPYC (Platform)
• MacOS (Platform)
• Qualcomm Snapdragon (Platform)