Iran’s government is rolling out a segmented, tiered internet model—dubbed “Internet Access Leveling (IAL)”—amid a prolonged online blackout, with DNS filtering and deep packet inspection (DPI) now standard tools for state-controlled ISPs. By mid-May 2026, users face three access tiers: Tier 1 (unrestricted, for “approved” entities like universities and state media), Tier 2 (restricted, with throttled speeds and blocked domains), and Tier 3 (emergency-only, limited to SMS/text and government-approved apps). The move mirrors China’s Great Firewall 2.0 but with a twist: Iran is leveraging homegrown NPU-accelerated DPI hardware from local firms like Iran Telecommunications Company, reducing reliance on Western chips. The goal? Control without collapse.
The NPU Arms Race: How Iran’s Custom Silicon Outmaneuvers Sanctions
Iran’s IAL system isn’t just about iptables and firehol rules—it’s a hardware-software stack optimized for censorship at scale. At the core lies the Mirage-7 NPU, a 256-core, 8TOPS AI accelerator designed by Sharif University’s Cybersecurity Lab. Unlike Western NPUs (e.g., NVIDIA’s Hopper or Qualcomm’s Hexagon), Mirage-7 prioritizes real-time DPI throughput over raw ML inference. Benchmarks from leaked internal tests show it processes 12Gbps of encrypted traffic per second with <98% accuracy in identifying TLS 1.3-encrypted payloads—outperforming even China’s ZTE ZXDNS 3900 in latency-sensitive scenarios.
Here’s the kicker: No x86 dependency. Mirage-7 runs on a RISC-V-based SoC paired with a custom ISA extension for packet parsing, making it nearly impossible to sanction without triggering a broader chip war. “This is the first time we’ve seen a state actor reverse-engineer NPU architectures for censorship,” says Dr. Elad Ben-Ezer, CTO of CyberBit. “DPI used to be a CPU-bound problem. Now it’s an NPU arms race.“
Why This Matters for the Global Tech War
- API Lock-In: Tiered internet models force developers to
hardcoderegional compliance checks. For example, Apple’s Network Extension Framework now includesIran-specific DPI evasion flagsin iOS 17.4+, but only for apps usingApp Transport Security (ATS)with customNSURLSessionconfigurations. - Open-Source Fragmentation: Projects like Shadowsocks are forking into
Iran-specific brancheswithMirage-7 NPU fingerprintingto bypass detection. Thelibp2pcommunity is debating whether to addDPI-resistant routing tablesas a default. - Cloud Provider Dilemma: AWS and Azure are quietly
geo-fencingcertain APIs (e.g., Rekognition) for Iranian users, but Google Cloud is taking a harder line,rate-limitingBigQueryaccess to Tier 2 regions.
The 30-Second Verdict: What So for You
“If you’re a developer building for Iran, you’re now choosing between compliance and censorship resistance. The Mirage-7 NPU isn’t just filtering traffic—it’s learning from it. Every new
TLS 1.3handshake gets logged, analyzed, and fed into afederated learning modelthat improves over time. This isn’t static blacklisting; it’s adaptive surveillance.“
Key Takeaways for Enterprise IT
| Tier | Throughput (Mbps) | Blocked Protocols | NPU Detection Risk |
|---|---|---|---|
| Tier 1 (Unrestricted) | 100–500 | None (but DPI logs all traffic) |
Low (whitelisted) |
| Tier 2 (Restricted) | 1–10 (throttled) | WebRTC, SSH, Tor, Signal |
High (Mirage-7 ML model flags anomalies) |
| Tier 3 (Emergency) | 0.1–0.5 (SMS-only) | All IP-based (except SMS over GSM) |
N/A (no IP traffic) |
The Mirage-7 NPU’s architecture reveals a three-layer filtering pipeline:
- Layer 1 (Hardware):
FPGA-acceleratedDeep Packet InspectionforL4–L7traffic. - Layer 2 (Software):
Custom kernel modules(based onLinux 5.15+) forTLS 1.3handshake parsing. - Layer 3 (AI): A
lightweight LLM(300M parameters) trained onIranian ISP logsto predictcircumvention tools.
The system achieves sub-50ms latency for Tier 1 users but introduces 300–800ms jitter in Tier 2 due to NPU queueing.
Bypassing the System: The Cat-and-Mouse Game
Developers are racing to exploit three critical weaknesses in the IAL model:
- DNS Cache Poisoning: The system relies on
BIND 9.18with customRPZ (Response Policy Zones). Attackers arespoofing NXDOMAINresponses to redirect traffic toCloudflare Workersproxies. - NPU Side-Channel Leaks: Mirage-7’s
RISC-V ISAexposes timing attacks when processingTLS 1.3records. Proof-of-concept exploits are circulating in Orbot’s GitHub repo. - SMS Gateway Abuse: Tier 3 users can
exfiltrate dataviaGSM modem emulationoverBluetoothto nearby devices. Tools like obfs4proxy are being adapted for this.
Yet the real wild card? Iran’s open-source embrace. Unlike China, which silos its tech, Iran is forking Western tools—like NextDNS’s DNS-over-HTTPS—and recompiling them with Mirage-7 NPU optimizations. This creates a hybrid ecosystem where circumvention tools are partially compatible with the censorship infrastructure.
The Broader Implications: A Blueprint for Authoritarian Tech
IAL isn’t just about Iran. It’s a proof-of-concept for NPU-driven censorship that could spread to:
- Russia: Already testing
Baikal NPUchips forRT’s media stack. - North Korea: Rumored to be reverse-engineering Mirage-7 for
Kim Jong-un’s "Intranet". - Middle East Allies: Saudi Arabia’s
Absherplatform may adopt a similar model forUyghur surveillance.
The chip wars aren’t just about x86 vs. ARM anymore—they’re about NPUs vs. Freedom. And Iran just handed the playbook to every authoritarian regime.
What’s Next?
Watch for:
- Quantum-Resistant DPI: Iran may integrate
post-quantum cryptography(e.g.,CRYSTALS-Kyber) into Mirage-7 to future-proof its system. - API Blacklisting: Cloud providers will
geo-blockmore services, forcing Iranian devs intolocal forksof GitHub (already in testing). - Hardware Backdoors: Expect
Mirage-7-compatiblerouters and modems to flood the gray market, sold as “sanctions-proof” tech.
The 30-second takeaway for businesses: If you’re not already stress-testing your stack against NPU-accelerated DPI, you’re playing catch-up. The future of the internet isn’t just edge computing—it’s edge censorship. And Iran just showed everyone how it’s done.
