Temperature Scaling Attack Disrupting Model Confidence in Federated Learning

Researchers have unveiled a novel cybersecurity threat titled the Temperature Scaling Attack (TSA) in a technical paper published on the arXiv preprint server in February 2025, revealing how malicious actors can systematically degrade the confidence calibration of machine learning models within federated learning environments. While traditional cyberattacks on decentralized artificial intelligence often focus on reducing overall accuracy or injecting hidden backdoors, this new method specifically targets the reliability of the model's self-assessment. By compromising the calibration during the training phase, an attacker can force a model to produce overconfident or underconfident predictions without necessarily changing the final classification output, thereby bypassing critical safety filters in sensitive industries. The implications of the TSA are particularly severe for mission-critical systems that rely on predictive confidence as a primary control signal for risk-aware logic. In sectors such as autonomous driving, medical diagnostics, and industrial automation, AI systems are programmed to trigger human escalation or conservative fallback protocols when their internal confidence scores drop below a certain threshold. By artificially inflating these confidence signals, the TSA prevents a system from recognizing its own uncertainty, potentially causing it to take high-risk actions in scenarios where it should have abstained or requested human intervention. Technically, the attack exploits the way federated learning aggregates updates from multiple distributed clients. Because the central server cannot inspect the raw data of individual users to preserve privacy, a malicious participant can introduce subtle gradients that shift the model's output distribution toward extreme values. This research highlights a significant blind spot in current federated defense mechanisms, which are often robust against accuracy-based deviations but remain vulnerable to these sophisticated calibration-based manipulations. The study underscores an urgent need for the development of calibration-aware verification techniques to ensure the safety of decentralized AI deployments.