When AI Leaves the Cloud: Trust, Attestation, and Provenance for Edge and Iot Deployed Models (E12c)
AI inference is rapidly shifting from centralized cloud environments to edge and IoT deployments, driven by the need for lower latency, data locality, and autonomous decision-making. Retail computer vision systems, industrial robots, connected medical devices, and even consumer products now execute models directly on-device. However, recent incidents such as the model manipulation vulnerabilities in autonomous vehicle perception systems demonstrate that when AI moves to the edge, the trust boundary moves with it, expanding the attack surface and introducing new vectors for tampering, context poisoning, and covert model substitution. The Model Context Protocol (MCP) provides a structured mechanism for AI models to request and consume external data, tools, and state, essential for real-time edge inference. Yet MCP alone does not ensure that the model itself is authentic, that the execution environment is trusted, or that retrieved data is validated. This talk presents a layered trust architecture combining MCP with model signing, hardware-rooted attestation, authenticated data exchange, and immutable provenance logging. The result is a verifiable, auditable, and resilient trust pipeline for securing context-aware AI at the IoT edge.