Practical risk of MoE buffer-overflow attacks in deployed systems

Ascertain whether attacks on Mixture-of-Experts architectures that exploit finite per-expert buffer capacities and batch-dependent routing constitute a practical risk to deployed models.

Background

The attack described in the paper relies on finite expert buffer capacities and sequential, batch-order-dependent routing strategies, enabling an adversary to influence which experts process a victim’s tokens by filling specific expert buffers. The authors show a proof-of-concept on a modified Mixtral-8×7B setup, noting that the default implementation without buffer limits is not vulnerable in their tests.

Given operational realities of deployment—such as batching policies, routing strategies, and capacity choices—the authors explicitly state that it is unclear whether such attacks present a practical risk in real-world settings. Establishing this would require evaluating realistic system constraints, multi-tenant batching behavior, and the feasibility of adversarial control over batch composition and ordering.