Tiny Machine Learning (TinyML) enables machine learning inference on microcontrollers with kilobytes of memory and megahertz processors, two to three orders of magnitude more constrained than conventional edge devices. These extreme limitations render traditional security measures impractical, yet the security implications remain underexplored. Our systematic literature review reveals that fewer than 5% of TinyML publications address security concerns, with even fewer focusing on TinyML-specific vulnerabilities, a critical gap as these devices proliferate in safety-critical applications including healthcare monitoring, autonomous systems, and industrial control. This paper provides a comprehensive security survey specifically addressing TinyML’s resource constraints and unique threat landscape. We develop a resource-based device taxonomy distinguishing IoT, EdgeML, and TinyML security capabilities; formulate a TinyML-specific threat model identifying physical and remote attack vectors; systematically analyze eleven attack classes across hardware, software, and model layers; and assess threat severity using the Common Vulnerability Scoring System (CVSS). For each attack, we evaluate whether conventional countermeasures are feasible under TinyML constraints by assessing computational overhead, memory requirements, and practical deployability on representative platforms. Our analysis reveals critical gaps where existing defenses impose prohibitive overhead, requiring new lightweight solutions. We conclude by identifying open research challenges specific to securing resource-constrained machine learning systems, providing a roadmap for future work.
Huckelberry et al. (Sat,) studied this question.