AICybersecurity

SecTor 2025 | Threat Architecture, Attack Surfaces & Real-World Risk

Black Hat
Black HatMay 15, 2026

Why It Matters

Agentic edge AI reshapes product design by delivering real‑time, privacy‑preserving intelligence at the edge, while creating novel security challenges that businesses must address to protect emerging autonomous devices.

Key Takeaways

  • Agentic edge AI runs autonomous agents on compact on‑device models.
  • Local processing reduces latency, enhances privacy, and works offline.
  • Multi‑layer architecture: perception, edge cognition, cloud assistance, learning, actuation.
  • Real‑world examples include home robots, autonomous vehicles, wearables, security cameras.
  • Development pipeline is complex and introduces new attack surfaces.

Summary

The SecTor 2025 session introduced "agentic edge AI," a software architecture that embeds autonomous AI agents within edge devices using compact, power‑efficient language models. Trend Micro’s research team described how an on‑device orchestrator breaks goals into tasks, leverages specialized tools, and coordinates with the cloud only for heavy analytics or fleet updates. Key insights highlighted the five‑layer stack—perception, edge cognition, optional cloud cognition, continuous learning, and actuation—enabling sub‑millisecond decision making, offline operation, and enhanced privacy. Real‑world prototypes such as Samsung’s rolling robot, autonomous vehicle pilots, advanced wearables, and AI‑enabled security cameras illustrate the breadth of applications. The speaker cited a hands‑on experiment with Nvidia Jetson modules, noting the need for synthetic data generation, extensive simulation, and validation before deployment. This complex workflow itself becomes an attack surface, underscoring the importance of secure development pipelines. For enterprises, the rise of agentic edge AI promises faster, more private services but also demands new security controls, tooling, and talent to manage the intricate lifecycle from model training to on‑device orchestration.

Original Description

AI is ubiquitous, so no surprises that Physical AI is primed and ready to enter the market. Autonomous gadgets powered by AI brains are graduating from demos at trade shows into consumer-grade devices in 2025. Early contenders include: Samsung's Ballie, expected availability this summer; Hengbot's Sirius AI robot-dog, accepting deposits with shipping expected in September; and smart security cameras that decide "on-device" when to unlock doors or trigger alarms. These AI-powered edge devices embody Agentic Edge AI—systems that sense, reason, and act locally, optionally using the cloud for heavyweight analytics or fleet learning.
This split architecture is what makes them susceptible to threats. By mixing safety-critical control loops with opaque fast-evolving AI models, they introduce new attack surfaces that neither traditional embedded security nor classic cloud-app SecOps cover. This talk examines the five-layer stack common to every edge AI agent—from perception to learning—highlighting security cracks identified by researchers and exploring how those cracks could translate into real-world impacts.
We will present three realistic kill-chain scenarios from our research into Agentic Edge AI architecture: sensor-side prompt injection convincing a household robot a sleeping dog is a "burning sofa," triggering the sprinkler API and calling emergency services; adversarial vision patches allowing a stranger to bypass an AI doorbell's face whitelist; and federated-learning poisoning quietly degrading thousands of wearables through a single software update. For each case-study, we explore how the compromise travels through the software stack layers, which mitigations block the attack, and what still fails under pressure.
Whether we are securing AI powered consumer gadgets, industrial robots, or municipal smart-city deployments, we'll need to harden these chatty little machines before they turn into our next cyber-attack entry point.
By: Numaan Huq | Senior Threat Researcher, Trend Micro

Comments

Want to join the conversation?

Loading comments...