January 28, 2026
Advanced generative AI systems are susceptible to devastating hardware attacks, but Mizzou Engineering researchers have found an efficient, cost-effective way to defend them.
Generative artificial intelligence systems are revolutionizing everything from medical assistants to self-driving cars. As their capability grows, however, their hardware security vulnerabilities become more apparent.
But Mizzou Engineering researchers have now found a way to quickly and efficiently identify potentially catastrophic vulnerabilities and safeguard the next-generation systems that the world depends on.
GenAI models like DeepSeek, ChatGPT or image-understanding systems depend on enormous matrices of numbers — called weights — that determine how the model interprets input and generates answers. If even one of the critical bits stored in memory flips from a 0 to a 1, or vice versa, the model can collapse.
These bits are very susceptible to hardware-level attacks. Attackers sharing hardware with an AI system can carry out bit-flip attacks (BFAs) without ever accessing the system’s code or data and cause catastrophic performance failures.
The risk is real. In July 2025, Nvidia became aware of a BFA demonstrated against its graphics processing units (GPUs) and urged customers to enable system-level error correction codesas a defense.
Khaza Anuarul Hoque, an associate professor in the Department of Electrical Engineering and Computer Science, and doctoral candidate Khurram Khalil found that, in a model with more than 8 billion parameters, flipping as few as five bits can drop its accuracy from nearly 70% to almost zero.
“With increasing popularity of large language models in different applications, it’s important to understand their vulnerability to BFAs and find these critical bits to protect them, specifically when such applications are safety- or commercially-critical and considered for running on hardware accelerators,” Hoque said.
A smarter defense
In the recent past, researchers used naive techniques to find vulnerable bits in large generative AI models, but these were slow, specific to a fixed model type, or unable to handle today’s multi-billion parameter models
“Today’s approach to hardware protection is a bit like reinforcing every wall of a castle equally, regardless of whether it’s exposed to attack,” Hoque said. “This strategy is extremely expensive, so hardware designers often rely on limited testing and hope nothing goes wrong.”
Now, Hoque and Khalil have proposed a smarter approach that analyzes possible failure scenarios and pinpoints the few locations that truly matter. The method, which they call FlipLLM, uses a reinforcement learning agent, making it 2.5 times faster than previous reported techniques.
“Instead of protecting everything, FlipLLM tells designers exactly which memory locations are most critical and deserve strong protection,” Hoque said. “This makes it possible to build hardware that is both more secure and more efficient.”
Hoque and Khalil’s paper has been accepted for presentation/publication at the 2026 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), the premier global conference on hardware security.
The researchers plan to extend their method beyond the AI model’s parameters to the computation units and communication pathways that move data around. They also intend to release FlipLLM to the public.
“Ultimately, we envision FlipLLM becoming an automated security co-pilot for hardware design,” Hoque said. “A designer could describe a new AI accelerator, and our system would automatically identify the most critical vulnerabilities and insert targeted protections into the design.”
The work is another example of how Mizzou Engineering is tackling some of the most important real-world challenges. By developing tools that make AI hardware more dependable, Mizzou stakes its position as a leader in the emerging area of trustworthy AI systems.
“We’re not just developing new algorithms,” Hoque said. “We’re working to ensure that critical AI systems are safe, reliable and trustworthy.”
Want to build more secure and more efficient hardware? Choose Mizzou Engineering!