Trend in Digitals

This new AI attack steals models without touching the system

By Paulo Vargas
Published April 2, 2026

AI systems have long been treated like sealed black boxes, especially in areas like facial recognition and autonomous driving. New research suggests that protection isn’t as solid as assumed.

A KAIST-led team shows that AI systems can be reverse engineered remotely using emissions that leak during normal operation, without direct intrusion. Instead, the approach listens.

Using a small antenna, the researchers captured faint electromagnetic traces from GPUs and rebuilt how the system was designed. It sounds like a heist trick, but the results hold up, and the security implications are immediate.

The system, called ModelSpy, collects electromagnetic output produced while GPUs handle AI workloads These traces are subtle, yet they follow patterns tied to how the architecture is arranged.

By analyzing those patterns, the team inferred key details, including layer setups and parameter choices. Tests showed core structures could be identified with up to 97.6 percent accuracy.

The setup is what makes this unsettling. The antenna fits inside a bag and doesn’t need physical access. It worked from as far as six meters away, even through walls, across multiple GPU types. Computation itself becomes a side channel, exposing the system’s design without a traditional breach.

This pushes AI security into less familiar territory. Most defenses focus on software exploits or network access. ModelSpy targets the physical byproducts of computation instead.

Even isolated systems could leak sensitive information if hardware emissions aren’t controlled. For companies, that architecture is often core intellectual property, which turns this into a direct business risk.

The work frames this as a cyber physical challenge, where defending AI now involves both digital safeguards and the surrounding environment, which raises the bar for what protection actually means.

The team also outlined ways to reduce the risk, including adding electromagnetic noise and adjusting how computations run so patterns become harder to interpret

Those fixes suggest a broader change. Securing AI may require hardware level adjustments, not just software updates, which complicates deployment for industries already locked into existing systems.

The research earned recognition at a major security conference, signaling how seriously this threat is being taken. The next exposure may not involve breaking in at all, but simply observing what systems unintentionally reveal.

Acer reveals Veriton compact PC to tackle the Mac mini with AMD Ryzen and plenty of AI mojo

Acer is making a direct play in that space with the Veriton RA110 AI Mini Workstation, a compact desktop that runs on AMD's Ryzen AI Max+ 395 processor, aimed at the same desk-bound professional who wants power without the tower.

Acer’s Swift Air 14 is a peppy MacBook Neo rival with some cool upgrades and a $699 ask

At a time when even mainstream laptops are creeping toward four-figure price tags, Acer’s latest machine feels refreshingly straightforward. It’s aimed at students, remote workers, and anyone who wants a laptop that looks and feels expensive without draining their bank account. The Swift Air 14 is powered by Intel’s new Core Series 3 processors and delivers up to 19 hours of battery life. That’s the sort of endurance that could realistically get many users through a full workday and beyond without scrambling for a charger.

Google Drive can now batch-scan your documents and spare you a few other frustrations, too

Well, Google Drive's new document scanner redesign fixes all three problems at once. Announced by Sameer Samat, the President of Android Ecosystem at Google, the feature is now rolling out for Android users.