The attack that will matter most in the next wave of AI-enabled cybercrime will not begin with a clever prompt or a stolen password. It will begin with a profile: a behavioral and location map of a person, assembled from data their own household devices leaked months earlier. The actual breach, when it comes, is the footnote.
This is the bet behind a new push to move AI defense out of the model layer and down into the silicon. A recent Semiconductor Engineering analysis of how AI-enabled "data fusion" is reshaping the threat landscape argues that the attack surface has migrated below the chatbot. The model is no longer the prize. The fused profile is.
"Data fusion" is the practice of combining many separate data streams, including phone telemetry, router traffic, wearable GPS, gray-market data brokers, and public posts, into one richer picture. The end product is sometimes called a "digital twin" of a person, a phrase that invites the wrong mental image. The point is not a metaverse avatar but a behavior-and-location model accurate enough to predict where someone will be, what devices they carry, and which accounts they use.
Mohit Arora, a vice president at Synaptics, frames the shift in plain terms: in the old model, an attacker needed raw streams to do damage. In the new model, corrupting the fused output is enough. The data fusion layer is the new battlefield, because a poisoned profile can misroute a person, mis-target an alert, or stage a social-engineering approach that lands because it already knows the target's habits.
The inputs are already there. Reed Hinkel, an engineer at Synopsys, describes the everyday pipeline: home routers, PCs, phones, wearables. Household members inadvertently leak data. Once the phone is compromised, every connected device in the home becomes a sensor. Each stream is low-value on its own. Fused, they describe a household.
The Semiconductor Engineering piece cites a historical case to make this concrete: wearable GPS data, harvested before any anonymization could run, was used to track soldiers on perimeter patrols. That is the threat pattern in miniature, with a single fitness watch, fused with shift schedules and base layouts, enough to map a unit.
The same fusion logic is now baked into automotive design. Rob Fisher of Imagination Technologies notes that zonal architectures, which consolidate sensors and software onto shared in-vehicle compute, are making data fusion standard for advanced driver assistance and autonomy. That consolidation also expands the attack surface. The de-risking pattern emerging across the industry is strict isolation of safety-critical workloads from non-safety ones. Whether any production vehicle has shipped that isolation in the way chip vendors describe is a separate question, one the public references to "zonal" architecture leave largely as forward-looking design commentary rather than confirmed deployed systems.
The defensive response is, by necessity, hardware-shaped. David Maidment, senior director of market strategy at Arm, lists the moving parts: strong roots of trust (hardware anchors that vouch for the identity of the chip and the software running on it), encryption and secure key storage, minimization of the personal and location data that ever leaves a device, authenticated inputs, and attributable AI outputs.
The phrase that ties all of this together is continuous integrity. Conventional compute runs best when it is fast and quiet. AI inference does not. It constantly reads from memory, writes back, and consumes bandwidth at worst-case loads. That runtime is itself a larger attack surface than older compute, and one that model-level alignment tools cannot see. A real defense, on this account, has to verify the chip, the inputs, the outputs, and the data that flows between them on every cycle. That is why the security story has moved into silicon.
Two honest limits are worth naming. The four experts quoted in the underlying piece, from Arm, Synopsys, Synaptics, and Imagination Technologies, are all IP and silicon vendors with a commercial interest in "security-by-design chip" framing. Their analysis is competent and worth taking seriously; it is also labeled commentary, not independent validation of where the threat actually stands. The piece also leans on a single historical anecdote, the wearable-tracking case, to anchor the threat pattern. The pattern is plausible; the case itself is illustrative, not a new disclosure.
What to watch next is whether any non-vendor security lab, academic group, or independent CISO publicly confirms the same shift. If they do, "the defense is in the silicon" stops being a chip-marketing frame and becomes consensus.
For now, the practical takeaway for any reader who owns a router, a phone, and a wearable is straightforward. Those three devices are no longer separate risk domains. They are one attack surface. Treating them as three is the old model.