Skip to main content
  1. Home
  2. Computing
  3. News

This new AI attack steals models without touching the system

A side-channel attack can reconstruct AI models from a distance using leaked signals.

By
Add as a preferred source on Google
ai-scam
Sora Shimazaki / Pexels

AI systems have long been treated like sealed black boxes, especially in areas like facial recognition and autonomous driving. New research suggests that protection isn’t as solid as assumed.

A KAIST-led team shows that AI systems can be reverse engineered remotely using emissions that leak during normal operation, without direct intrusion. Instead, the approach listens.

Recommended Videos

Using a small antenna, the researchers captured faint electromagnetic traces from GPUs and rebuilt how the system was designed. It sounds like a heist trick, but the results hold up, and the security implications are immediate.

How the side channel works

The system, called ModelSpy, collects electromagnetic output produced while GPUs handle AI workloads These traces are subtle, yet they follow patterns tied to how the architecture is arranged.

Computer Hardware, Electronics, Hardware
AI model structures can be stolen through walls using an antenna hidden in a bag NDSS Symposium 2026 paper by Jun Han et al.

By analyzing those patterns, the team inferred key details, including layer setups and parameter choices. Tests showed core structures could be identified with up to 97.6 percent accuracy.

The setup is what makes this unsettling. The antenna fits inside a bag and doesn’t need physical access. It worked from as far as six meters away, even through walls, across multiple GPU types. Computation itself becomes a side channel, exposing the system’s design without a traditional breach.

Why this changes AI security

This pushes AI security into less familiar territory. Most defenses focus on software exploits or network access. ModelSpy targets the physical byproducts of computation instead.

Even isolated systems could leak sensitive information if hardware emissions aren’t controlled. For companies, that architecture is often core intellectual property, which turns this into a direct business risk.

ransomware
pwstudio/123RF

The work frames this as a cyber physical challenge, where defending AI now involves both digital safeguards and the surrounding environment, which raises the bar for what protection actually means.

What defenses look like now

The team also outlined ways to reduce the risk, including adding electromagnetic noise and adjusting how computations run so patterns become harder to interpret

Those fixes suggest a broader change. Securing AI may require hardware level adjustments, not just software updates, which complicates deployment for industries already locked into existing systems.

The research earned recognition at a major security conference, signaling how seriously this threat is being taken. The next exposure may not involve breaking in at all, but simply observing what systems unintentionally reveal.

Paulo Vargas
Paulo Vargas
News Writer
Paulo Vargas is an English major turned reporter turned technical writer, with a career that has always circled back to…
Topics
Google Search can now monitor the web for updates on things you care about
AI Mode on Google search now lets users create search agents
Google Search information agents featured

Google has started rolling out AI Search agents that can monitor the web for users and send updates when relevant information changes. The feature was first announced at Google I/O 2026 as part of Google’s wider AI Mode overhaul, which also included a redesigned search box, Gemini 3.5 Flash, personal intelligence features, and new agentic tools for creating mini apps and dashboards.

The new feature is called information agents. It is designed for searches that do not end with a single answer. Instead of checking the same query again and again, users can ask Google to keep tracking a topic in the background.

Read more
Apple made Liquid Glass adjustable, which says plenty about Liquid Glass
The new slider is useful, welcome, and mildly hilarious after a year of Apple acting like transparent everything was the obvious future.
Text, Document, Business Card

Apple’s big glassy software future now comes with a way to make it less glassy. In iOS 27, users can adjust the translucency of the Liquid Glass effect, while macOS Golden Gate adds its own Liquid Glass controls under System Settings.

Liquid Glass is still alive across Apple’s platforms, still shimmering through menus and panels, still doing the elegant UI trick Apple clearly likes. The big visual bet has already earned a dimmer switch. After a year of treating translucency like the obvious next step, WWDC’s most revealing design update may be the one that lets people dial it back.

Read more
Windows 11 just fixed one of Search’s dumbest limitations, and you’ll wonder how you lived without it
One less character, one less annoyance every time you search your PC.
Person sitting and using a Windows Surface computer with Windows 11.

If you have ever typed two letters into the Windows 11 search box, paused, and watched nothing useful happen until you added more characters, you already know exactly why this Windows 11 update matters. 

Microsoft's June 2026 Patch Tuesday update, part of a release Windows Latest calls the biggest of the year (via Windows Latest), quietly fixes that. Windows Search can now find and prioritize files with as few as two characters, down from the old three-character minimum.

Read more