BotBeat
...
← Back

> ▌

NVIDIANVIDIA
RESEARCHNVIDIA2026-05-19

Researchers Discover Critical Confused Deputy Vulnerabilities in AI Accelerators Affecting 100+ Million Devices

Key Takeaways

  • ▸Six of seven major AI accelerators from Google, NVIDIA, AWS, Hailo, Texas Instruments, NXP, and Rockchip are vulnerable to Confused Deputy Attacks, impacting 100+ million devices worldwide
  • ▸AI accelerators lack OS-level security visibility and isolation boundaries, allowing malicious apps to trick hardware into performing unauthorized privileged operations
  • ▸Researchers developed DeputyHunt (an LLM-assisted framework) for identifying vulnerabilities and a low-overhead defense with ~15% performance cost, enabling practical mitigation
Source:
Hacker Newshttps://arxiv.org/abs/2605.17707↗

Summary

Security researchers have published a groundbreaking study revealing Confused Deputy Attacks (CDAs)—a critical vulnerability class affecting AI accelerators from seven major vendors including Google, NVIDIA, AWS, Hailo, Texas Instruments, NXP, and Rockchip. The research demonstrates that malicious applications can trick AI accelerator hardware into performing privileged operations on their behalf, exploiting a semantic gap: accelerators operate outside traditional OS security boundaries with limited visibility into kernel security mechanisms. The study, using an LLM-assisted framework called DeputyHunt, found that six out of seven tested AI accelerators are vulnerable, impacting over 128 System-on-Chips (SOCs) and potentially over 100 million devices globally. The findings have been assigned CVE-2025-66425 and acknowledged by affected vendors.

Researchers propose an on-demand validation defense mechanism with minimal runtime overhead (~15%), offering a practical mitigation path. The work highlights a critical architectural vulnerability in the AI hardware ecosystem: as specialized accelerators proliferate in edge and embedded devices, they've evolved outside traditional security frameworks. This timing is significant given the rapid expansion of edge AI deployment across IoT, autonomous systems, and resource-constrained environments.

Editorial Opinion

This research exposes a fundamental architectural vulnerability in the AI accelerator ecosystem at a critical moment when edge AI deployment is exploding. The 100+ million device impact underscores how design shortcuts in specialized hardware can cascade across entire ecosystems. While vendors have acknowledged the issue, the security community must push for systemic improvements: accelerators need built-in OS integration for security policies, not afterthought patches. This is a wake-up call that AI hardware security must evolve as rapidly as AI capability itself.

MLOps & InfrastructureAI HardwareCybersecurityAI Safety & Alignment

More from NVIDIA

NVIDIANVIDIA
PRODUCT LAUNCH

NVIDIA Launches Cloud Functions Platform for GPU-Accelerated Workload Deployment at Scale

2026-07-03
NVIDIANVIDIA
RESEARCH

NVIDIA Launches Blackwell GPU Optimization Series: First Comprehensive Guide to Matrix Multiplication Kernels

2026-07-02
NVIDIANVIDIA
POLICY & REGULATION

Singapore Seizes $42M Mansion in NVIDIA Chip Smuggling Crackdown

2026-07-02

Comments

Suggested

Google / AlphabetGoogle / Alphabet
RESEARCH

Stanford Researchers Use Multi-Agent AI and Reinforcement Learning to Improve HIP Kernel Generation for AMD GPUs

2026-07-04
LLM Agent EcosystemLLM Agent Ecosystem
RESEARCH

Researchers Expose Critical Payload-Less Attack on LLM Agent Supply Chains

2026-07-04
OpenAIOpenAI
INDUSTRY REPORT

Investigation Uncovers AI-Generated Deepfakes in Lily Jay Foundation Charity Fraud

2026-07-04
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us