Eufy's New Local AI Agent Ships With a $450K Problem

Eufy's New Local AI Agent Ships With a $450K Problem

Anker says it has built the world's first local AI agent for home security. What it has not done is prove it.

On May 21, Anker unveiled EdgeAgent at its annual Anker Day event, describing it as a local AI agent that processes security events entirely on-device in as little as three seconds, with no monthly subscription fee. The company says the system keeps footage on the customer's property rather than routing it through the cloud. The pitch requires one thing Anker has not yet provided: a third-party security audit confirming the architecture works as described.

The gap matters because Anker has been here before. In January 2025, the New York Attorney General's office concluded a multi-year investigation into eufy and its distributors and secured a $450,000 settlement after finding that video streams from eufy cameras were transmitted without end-to-end encryption, accessible via unauthenticated URLs, and subject to no penetration testing or vulnerability management program. The companies admitted the failures. The settlement required documented reforms: third-party security testing, encryption of video in transit and at rest, and an ongoing vulnerability management process. (NY AG)

What makes EdgeAgent the test case is that it is the first major eufy security product announced after those requirements became public and binding. The architecture Anker is now selling — local-only processing with no cloud dependency — maps directly to what the settlement mandated: verifiable local processing, not cloud-adjacent claims dressed as privacy features. Whether EdgeAgent was built to fulfill those requirements, or simply arrived in the same product cycle, is the question Anker has not answered.

Independent verification does not yet exist. No security researcher has published an analysis of EdgeAgent's network behavior or design. To verify that a security camera system actually processes data locally rather than routing it through a vendor's servers, a researcher would need to inspect network traffic during normal operation, audit the firmware for cloud-adjacent code paths, and confirm that no thumbnails, event metadata, or authentication tokens leave the local network — a level of scrutiny eufy's cameras have never passed. Whether the penetration testing and vulnerability management programs the settlement required produced that kind of audit is not public.

That is the accountability question the launch creates. The settlement compliance records are public. EdgeAgent is not yet.

The Mozilla Foundation reviewed eufy's current hardware in March 2026 and found the company still sends thumbnail preview images to AWS servers when users enable push notification previews, even with cloud storage disabled. The review gave the product four out of ten on privacy grounds. (Mozilla Foundation)

The 2022 findings that launched the AG investigation are also relevant. Security researchers discovered that eufy cameras marketed as always-encrypted were producing unencrypted streams accessible via ordinary media players — a finding Anker initially denied before ultimately acknowledging in January 2023 after The Verge published the full exchange. (The Verge)

Eufy says EdgeAgent changes the picture. The Smart Security Shield uses a 180-degree dual-radar system and a proprietary DSKey technology, operating a three-stage framework of detection, analysis, and action entirely on local hardware, per Anker. (GlobeNewswire)

Anker Innovations is not a niche vendor. It serves more than 200 million consumers across 146 countries, and its eufy brand sits in a market where the distinction between local processing and cloud-adjacent processing is the entire value proposition. EdgeAgent is the first major new security product launched under that cloud.

If EdgeAgent ships with independently verified local-only architecture, it becomes the template the industry lacks for proving privacy claims rather than asserting them. If it does not — if the architecture turns out to be unchanged infrastructure with a new product wrapper — Anker faces a second enforcement action under the same consent order it is currently operating under, and its broader AI hardware positioning collapses. One sentence from Anker to a security researcher would answer the question. The company has not provided it.