Systems-Level Attack Surface of Edge Agent Deployments on IoT

TL;DR

This paper analyzes the security vulnerabilities of deploying large language model agents on IoT edge devices, highlighting attack surfaces and security trade-offs across different architectures.

Contribution

It provides an empirical security analysis of three IoT deployment architectures, identifying five attack surfaces and measuring security properties.

Findings

Edge-local deployments reduce cloud data exposure but degrade sovereignty.

Fallback mechanisms can create invisible boundary crossings.

Provenance chains are vulnerable without cryptographic enforcement.

Abstract

Edge deployment of LLM agents on IoT hardware introduces attack surfaces absent from cloud-hosted orchestration. We present an empirical security analysis of three architectures (cloud-hosted, edge-local swarm, and hybrid) using a multi-device home-automation testbed with local MQTT messaging and an Android smartphone as an edge inference node. We identify five systems-level attack surfaces, including two emergent failures observed during live testbed operation: coordination-state divergence and induced trust erosion. We frame core security properties as measurable systems metrics: data egress volume, failover window exposure, sovereignty boundary integrity, and provenance chain completeness. Our measurements show that edge-local deployments eliminate routine cloud data exposure but silently degrade sovereignty when fallback mechanisms trigger, with boundary crossings invisible at the application layer. Provenance chains remain complete under cooperative operation yet are trivially bypassed without cryptographic enforcement. Failover windows create transient blind spots exploitable for unauthorised actuation. These results demonstrate that deployment architecture, not just model or prompt design, is a primary determinant of security risk in agent-controlled IoT systems.