From Glitches to Leaks: Tools for Assessing AI Hardware Resilience (E12d)
Embedded and IoT systems increasingly integrate Artificial Intelligence (AI) accelerators to enable local decision-making in security-critical applications. While cryptographic protections safeguard data and communications, the underlying hardware remains vulnerable to physical attacks such as Fault Injection (FI) and Side-Channel Analysis (SCA). These attacks can compromise AI inference integrity, creating a blind spot in current evaluation frameworks. In this work, we leverage existing fault injection and side-channel analysis tools to evaluate hardware security in AI-enabled embedded platforms. Using a commercially available NPU as a test case, we show that FI can induce controlled misclassification such as phantom object detections and missing valid detections at high confidence while the device continues normal operation. We demonstrate that electromagnetic side-channel monitoring can delineate execution phases, thereby enabling precise fault targeting and the identification of sensitive inference phases. By correlating EM signatures with specific inference stages and executing thousands of controlled trials, we demonstrate how attackers can exploit these timing windows to induce misclassifications without triggering system-level faults. Our evaluation highlights how existing FI and SCA tools can be systematically applied to AI accelerators and calls for extending these capabilities into a structured framework tailored for AI workloads, enabling comprehensive security assessments across hardware and algorithmic layers.