QIF-T0085

critical

Eye tracking cognitive state inference (gaze pattern analysis for attention and intent profiling)

Tier 3 — Demonstrated (Lab-proven)

Legacy status: DEMONSTRATED

Eye tracking hardware is now standard in AR/VR headsets (Apple Vision Pro, Meta Quest Pro, PSVR2) and available as peripherals for laptops (Tobii). Gaze patterns reveal far more than where someone looks: pupil dilation indicates cognitive load and arousal, saccade patterns reveal reading comprehension and attention, fixation duration maps interest and engagement, and smooth pursuit movements indicate prediction and anticipation. Research has demonstrated extraction of: sexual orientation, political affiliation, cognitive disorders (ADHD, dyslexia, autism), emotional state, deception, and even personality traits from eye tracking data alone. In VR/AR headsets, eye tracking runs continuously for foveated rendering (a legitimate performance optimization), creating an always-on cognitive surveillance channel. The user consents to eye tracking for UI interaction, not for cognitive profiling. This is the closest consumer-sensor analog to neural eavesdropping without any BCI hardware.

Technique Details

Tactic: QIF-S.HV
Status: DEMONSTRATED
Bands: S1, S2, N3, N7

✚ Therapeutic Application

Eye tracking hardware in AR/VR headsets captures gaze patterns, pupil dilation, saccades, and fixations; ML models infer cognitive states, personality traits, and intent

Clinical Analog

Eye tracking for neurological assessment and cognitive rehabilitation

Treats

ADHD diagnosis (saccade pattern analysis)
autism spectrum screening (gaze pattern biomarkers)
traumatic brain injury assessment
Alzheimer's early detection (reading pattern changes)

Neural Impact

4 of 7 neural bands affected

S1 S2 N3 N7

Drag to rotate. Click a region to learn more.

Click or hover over a glowing region to see the attack techniques targeting it and their severity.

DSM-5-TR Diagnostic Mappings

Diagnostic category references for threat modeling, not diagnostic claims.

F82 Developmental Coordination Disorder F84 Pervasive developmental disorders F20 Schizophrenia Spectrum F32 Major Depressive Disorder F90 ADHD F42 OCD F30 Manic episode F41.1 Generalized Anxiety Disorder F01 Vascular dementia F43 PTSD / Trauma F80 Communication Disorders F60 Personality Disorders F63 Impulse-Control Disorders F98.4 Stereotyped movement disorders

Pathway: N7 (PFC/M1) → executive function; N3 (cerebellar cortex/deep cerebellar nuclei) → motor coordination

Following Poldrack (2006), brain region disruption does not uniquely predict psychiatric outcomes.

Scoring

NISS v1.1 NISS:1.1/BI:N/CR:H/CD:H/CV:I/RV:F/NP:N

CVSS v4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

3.4Low

Governance

Neurorights at Risk

This technique threatens 4 of the 4 proposed neurorights (Ienca & Andorno, 2017).

MP Mental Privacy CL Cognitive Liberty MI Mental Integrity DI DI

Consent Complexity

1.80 / 4.0

FDORA §3305 Compliance

Non-Cyber Device (missing: software)

Regulatory Coverage

0.4 / 1.0

524B Requirements

TM VA SA PM

Regulatory Gaps

! CVSS cannot express neural-specific impacts
! No FDA pathway for consumer sensor exploitation

Population Vulnerability

CRB vulnerability adjustment (γ=0.30) accounts for age, diagnosis severity, consent capacity, and device dependency.

Population	NISS Base	Adjusted	Severity	Delta
Adult (Default)	3.4	3.4	Low	-
Child (10yr) + ADHD	3.4	4.0	Low	+0.60
Adult with ALS	3.4	3.9	Low	+0.55

Validation Status

Theoretical / Not yet validated. This technique has not been independently tested. See the validation dashboard for what has been tested.

Qinnovate Neural Security Atlas Edit this on GitHub