In April and May 2024, Google engaged NCC Group to conduct an analysis of potential security benefits and risks that hardware-for-Artificial Intelligence (AI) on personal and edge computing devices could have for AI companies, developers, users, Original Equipment Manufacturers (OEM), and other impacted stakeholders. This analysis includes an assessment of the global landscape from both a product development and regulatory perspective, such that Google and other companies can make informed decisions on a strategic approach to the cybersecurity of these technologies.
NCC Group adopted a threat modeling based approach to explore the differences in threats and overall risk profile to identified stakeholders, their data, and personal devices when AI is used in different modes of deployment. The different modes of AI integration deployment include vertically integrated and dis-aggregated models, as well as on-device and cloud- based compute.