The convergence of Large Language Models (LLMs) and Internet of Things (IoT) systems has created a new class of intelligent applications across healthcare, industrial automation, smart cities, and connected homes. However, this integration introduces a complex and largely underexplored security landscape. LLMs deployed in IoT contexts face threats spanning both the AI and embedded systems domains, including prompt injection through sensor-driven inputs, model extraction from edge devices, data poisoning of IoT data streams, and privacy leakage through LLM-generated responses grounded in personal data. Simultaneously, LLMs are proving to be powerful tools for IoT security, with LLM-based intrusion detection systems achieving 95–99% accuracy on standard IoT datasets and LLM-driven threat intelligence outperforming traditional machine learning by significant margins. We systematically review 88 papers from IEEE, ACM, MDPI, and arXiv (2020–2025), providing: (1) a structured taxonomy of security threats targeting LLM-IoT systems, (2) a review of LLMs as security enablers for IoT, (3) an evaluation of privacy-preserving architectures including federated learning, differential privacy, homomorphic encryption, and trusted execution environments, (4) domain-specific security analysis across healthcare, industrial, smart home, smart grid, and vehicular IoT, and (5) a literature-based comparative analysis of LLM-based security systems. A central finding is the accuracy–efficiency–privacy trilemma: the model compression techniques needed to deploy LLMs on resource-constrained IoT devices can degrade security and even introduce new vulnerabilities. Our analysis provides researchers and practitioners with a structured understanding of both the risks and opportunities at the frontier of LLM-IoT security.
Joshi et al. (Thu,) studied this question.