Risks of AI in IoT: The Spy in the Fridge

When Things Wake Up: The Silent Threat of the AI in IoT Revolution

After the title about how the risks of AI in Internet of Things might turn your fridge into a potential spy has caught your attention, it’s worth stepping back to recognize that we are standing at the brink of a transformation as significant as the invention of the internet itself.

Over the last decade, we have been connecting our world by linking our thermostats, watches and cars to the internet. We called this the Internet of Things (IoT) and it was largely harmless.

But that era is over.

We are now witnessing the birth of AIoT (Artificial Intelligence of Things).

The next big thing in the Internet of Things (IoT) will be the integration of artificial intelligence (AI) into IoT devices. Although artificial intelligence and machine learning are often used in IoT solutions within the cloud and in the edge, they are not yet widely used inside the IoT devices.

A simple example of an AIoT device is a webcam that can recognize faces and the mood of humans, animals, objects, such as cars and their number plates on the device itself (example of such webcam with local AI). However, it is connected to cloud infrastructure so that a system could do profiling etc. with the data of many webcam locations.

Because the data of a person name or car number plate is very much reduced compared to a video stream to be analyzed in the cloud, those AIoT devices with local recognition capabilities can be deployed in higher numbers and much more remote locations because of very limited data bandwidth needs.

Bringing AI and computation power into the IoT devices with local data processing unlocks a whole range of benefits:

• Reduced communication bandwith needs lead to a significant reduction in communication costs and enable the deployment of devices in otherwise inaccessible locations, e.g., through LoRa, a low-bandwidth, low-cost radio.
• The AIoT solution has improved responsiveness and performance. Just imagine if a Tesla car had to upload its image data to the cloud for processing to enable autopilot driving. That would never work.
• Data privacy, compliance, and security benefits: Sensitive data, such as images, will not leave the AIoT device. Image analysis and AI recognition is performed locally within the device. Only anonymized, condensed information packets should be uploaded to the cloud.
• Overall a significant cost reduction, increased deployment reach for a better performing AIoT solution.

These AIoT benefits greatly support some existing and promising new IoT use cases, such as predictive quality, because otherwise, the business case would be unfavorable.

These AIoT devices are often in close proximity to human beings and are supported by the increasing availability of inexpensive AI accelerator chips inside the devices, such as Google’s tiny Coral Tensor Processing Units (TPUs). By the way, the praised new Gemini 3 AI model was completely trained on cloud version TPUs, and not on NVIDIA GPUs!

In this article, we will not examine the promising AIoT use case of predictive quality, but rather consider what AIoT could mean for people.

By merging the connectivity of IoT with the cognitive power of Artificial Intelligence, we are creating devices that don’t just send data; they think, learn, memorize, and act.

Although tech giants promise us an utopia of efficiency and convenience, a darker reality lurks beneath the surface. As we rush to embrace these smart machines, we should ask ourselves whether we are inviting helpful assistants into our lives or building a surveillance infrastructure that we cannot control or escape from.

The Scale of the AIoT Invasion

In order to understand the threat, it is important to understand the scale of it. This is not a niche technology.

Transforma Insights, a UK-based research firm, has forecast that the number of AIoT devices grow from 1.4 billion in 2023 to 9.1 billion by 2033, which is a more than 6-fold growth in 10 years, resulting in a compound annual growth rate (CAGR) of over 20%.

By that time, nearly a quarter of all Internet of Things (IoT) devices will have their own artificial intelligence (AI). These IoT devices are not just passive sensors; they are autonomous agents. They are embedded in our factories, cities, hospitals, and, most intimately, our homes. This integration is happening so quickly that regulatory frameworks and ethical considerations are struggling to keep pace. This leaves us vulnerable to a “move fast and break things” culture.

The Trojan Horse of AIoT Convenience

The most insidious aspect of AIoT is that it arrives disguised as a friend. AIoT offers us undeniable benefits:

• Who wouldn’t want a car like a Tesla Autopilot that uses radar sensors and deep neural networks to drive itself, potentially reducing accidents?
• Who wouldn’t appreciate the convenience of Amazon Go stores, where cameras track our movements so you can walk out without waiting in line to pay?
• In the industrial sector, robots like Boston Dynamics’ Spot traverse dangerous factory floors to keep humans safe.
• AIoT systems in cities like Hangzhou optimize traffic lights to shave minutes off commutes.

But this convenience is the bait. In exchange for these perks, we are surrendering vast amounts of intimate data. We are allowing private corporations to place sensors in our private sanctuaries like our kitchen fridge, normalizing a level of surveillance that would have been unimaginable a generation ago.

The Spy in Our Kitchen Fridge

Consider the seemingly harmless smart refrigerator utilizing AI. It seems helpful when it suggests recipes or tracks our groceries. However, in order to do so, it is equipped with cameras and sensors that constantly monitor our consumption habits. The refrigerator learns our dietary habits, guilty pleasures, and purchase frequency. Based on what we eat, it creates a profile of us.

Or consider the smart doorbell utilizing AI. It protects our package deliveries, yes. But it also records the faces and voices of everyone who visits us. It tracks the frequency and duration of their stays.

This data does not disappear. It is analyzed to create detailed “movement profiles” and behavioral models. In the wrong hands, or even in the hands of aggressive advertisers, our home becomes a market research lab where we are the lab rat. We are no longer the customer; we are the product source, harvested by the very machines we bought to serve us.

The AIoT “Black Box” Problem: A Crisis of Control

One of the most terrifying aspects of modern AI is that it often functions as a “black box.” We feed data in, and the machine spits a decision out, but we often cannot explain why or how it reached that conclusion.

In an AIoT world, this lack of transparency is dangerous:

• If a smart building locks its doors during a fire because its sensors misinterpreted heat patterns, who is responsible?
• If an self-driving car swerves into a crowd to avoid an obstacle, how do we audit that split-second ethical decision?
• If a smart city algorithm decides our neighborhood receives less waste management service than another based on “efficiency patterns,” do you have a way to appeal?

Users typically have no idea how these decision-making processes work or how their data is being used to train these algorithms. This opacity strips humans of agency. We are becoming subjects to the whims of algorithms that are difficult to verify and impossible to argue with.

The AIoT Security Nightmare: Hacking and Updating Reality

When a computer is hacked, you might lose files. When an AIoT system is hacked, you can lose physical control of our environment. The complexity of these systems, integrating cloud computing, edge devices, and massive datasets, creates a massive attack surface for malicious actors.

The threat ranges from the personal to the catastrophic. A hacker could compromise a smart home system to unlock doors or spy through cameras. On a larger scale, they could target the infrastructure of a Smart City. Imagine the chaos if the AI-driven traffic systems in a major metropolis were manipulated, or if the water level analysis in a city’s flood defense system was spoofed or the Internet and mobile phone connections are down.

These IoT devices are often designed with “low-performance hardware” and proprietary firmware to reduce costs, which makes AIoT devices difficult to patch and secure. This means we are effectively carpet bombing our world with billions of potential backdoors for cybercriminals and hostile foreign governments.

One of the major challenges of AIoT solutions is compressing and continuously updating AI models in a scattered and bandwidth-constrained environment with a fragmented landscape of low-end AIoT devices that have different AI chipsets.

The AIoT Path Forward: Governance or Chaos?

Is it possible to harness this AIoT technology without falling victim to it? In my own humble opinion, the only way to avoid a dystopian future is through rigorous data and AI governance and regulatory compliance.

We cannot rely on privately owned and profit oriented tech companies to self-regulate. We need:

1. Data Governance: Strict rules on how data is collected, ensuring it is anonymized at the source (locally within the AIoT device) so that personal information never reaches the cloud.
2. AI Governance: A framework to ensure algorithms are transparent, explainable, compliant and free from bias.
3. Regulatory Compliance: Adherence to laws like the EU GDPR and the new EU AI Act to force companies to prove their products are safe before they hit the market.

Living in the European Unition (EU), has following benefits:

• The EU has passed the AI Act Regulation (EU) 2024/1689, the first major AI regulation globally.
• It classifies AI systems by risk level and bans certain practices like social scoring.
• High-risk AI faces strict requirements (e.g., in healthcare, policing, infrastructure).
• Most rules take effect in 2026, with some high-risk obligations delayed to 2027.
• An EU AI Office and national authorities will oversee compliance and enforcement.
• Companies that violate the rules can face substantial penalties tied to global revenue.

Conclusion: The AIoT Sleepwalk into Surveillance?

The merger of AI and IoT is not just a technological upgrade; it is a fundamental shift in the power dynamic between humans and machines. We are building a world where our walls have eyes and ears and our appliances have agendas.

The potential of AIoT, cleaner cities, safer cars, efficient energy use, etc. are dazzling. But if we are blinded by the light, we risk missing the shadows lengthening around us. We are trading privacy for convenience and agency for automation.

As we move towards a world with 9 billion intelligent devices in 2033, the window to demand transparency and security is closing. We must wake up to the reality of what we are creating, or we may find that in making our things “smart”, we have foolishly signed away our freedom.

What can I do when I live in the EU? Here is my personal checklist to lower AIoT risks:

• Purchase AIoT devices and industrial AIoT solutions from companies that are headquartered in the EU and have strong EU references. The C-level management, company and majority of its owners should have no exposure to non-EU jurisdictions.
• Verify that the cloud platform used to connect the AIoT devices, as well as the iOS and Android apps, are fully hosted within the EU.
• For consumer-grade AIoT devices, double check that the device offers full functionality with a local open source based home assistant installation without requiring registration or login on any cloud platform and under no circumstances on cloud platforms located outside the EU.
• Support and utilize EU digital sovereignty.

AI and Catastrophic Risks: Should we listen more carefully to Yoshua Bengio?

Computer scientist Yoshua Bengio is considered one of the world’s leading AI researchers and an important founding father of the technology. Today, he believes AI is extremely dangerous. He warns that super-powerful AIs (“rogue AIs”) could pursue goals that threaten humanity, even unintentionally, due to a misalignment between human intentions and what the AI optimizes for.

Bengio describes three types of risk: malicious use by humans, unintentional harms from biased systems, and loss of control if an AI seeks self-preservation. This video is worth watching, as are many of the more than 700 comments:

To address this, he calls for global cooperation in the form of regulated, multilateral research into safe and defensive AIs. He argues that, if developed under democratic governance and shared safeguards, defensive AIs could counter potential rogue systems.

After reading my article and watching Yoshua Bengio’s BBC interview, I hope you will agree that AIoT could significantly accelerate the plausible risks Yoshua warns about. If the dangers of advanced AI that Yoshua describes were to materialize, their impact on people would be far greater in an AIoT-driven world, simply because intelligent systems would be embedded everywhere, interacting with us constantly and at scale.

For this and other reasons, I strongly support raising awareness of potential AI risks, as well as  implementing the EU AI Act regulation and EU digital sovereignty.

Comments are welcome

Constructive comments (via the comment function at the bottom of this page) are greatly appreciated and suitable changes and additions to this blogpost will be taken into account. All statements in this blog post reflect the personal opinion of the author, which may not always be accurate due to incomplete information and are not factual claims.

Please note that comments are subject to manual review to prevent spam, which may cause a delay in their display.