Speed Kills: Exploring Confused Deputy Attacks Through Edge AI Accelerators (arxiv.org)

A recent study delves into the security vulnerabilities of AI Accelerators (AIAs) used in edge devices, focusing on Confused Deputy Attacks (CDAs). These attacks exploit the lack of operating system oversight in AIAs, enabling malicious applications to trick the accelerators into executing privileged operations. Researchers introduced DeputyHunt, a framework leveraging Large Language Models (LLMs) to analyze and identify CDA vulnerabilities across seven popular AIAs from leading vendors like Google and NVIDIA. The findings revealed that six out of the seven analyzed accelerators are vulnerable, potentially affecting over 128 System on Chips (SoCs) and 100 million devices. This research is significant for the AI/ML community as it underscores the critical security risks associated with deploying AIAs in embedded systems. By establishing a CVE-2025-66425 designation for these vulnerabilities, it highlights the urgent need for enhanced security measures in the design of AIAs. The proposed on-demand validation defense against CDAs, which incurs minimal runtime overhead (~15%), offers a practical solution to mitigate these risks, ensuring the integrity of AI applications operating in increasingly vulnerable environments.