This study addresses the system-level attack surface introduced by deploying large language model agents at the edge on IoT devices—a vulnerability absent in cloud-centric architectures—and its implications for data sovereignty and security. The authors construct a multi-device smart home testbed to comparatively evaluate the security characteristics of cloud-hosted, edge-local cluster, and hybrid deployment architectures. Their analysis reveals two novel failure modes: “coordinated state divergence” and “induced trust erosion.” Through localized MQTT communication, Android-based edge inference nodes, and system-level metrics—including data egress volume, failover windows, sovereignty boundaries, and provenance chain integrity—the study demonstrates that while edge deployment mitigates cloud-side data leakage, it implicitly compromises sovereignty boundaries during failover. Furthermore, provenance chains lacking cryptographic protection are easily bypassed, and failover windows can be exploited without authorization.

Edge deployment of LLM agents on IoT hardware introduces attack surfaces absent from cloud-hosted orchestration. We present an empirical security analysis of three architectures (cloud-hosted, edge-local swarm, and hybrid) using a multi-device home-automation testbed with local MQTT messaging and an Android smartphone as an edge inference node. We identify five systems-level attack surfaces, including two emergent failures observed during live testbed operation: coordination-state divergence and induced trust erosion. We frame core security properties as measurable systems metrics: data egress volume, failover window exposure, sovereignty boundary integrity, and provenance chain completeness. Our measurements show that edge-local deployments eliminate routine cloud data exposure but silently degrade sovereignty when fallback mechanisms trigger, with boundary crossings invisible at the application layer. Provenance chains remain complete under cooperative operation yet are trivially bypassed without cryptographic enforcement. Failover windows create transient blind spots exploitable for unauthorised actuation. These results demonstrate that deployment architecture, not just model or prompt design, is a primary determinant of security risk in agent-controlled IoT systems.