Security Flaws in Embodied AI Robots Raise Cyber-Physical Risk
Researchers warned that embodied AI systems—including humanoid and quadruped robots—are entering commercial, industrial, military, and critical infrastructure environments with weak security controls that could enable both digital compromise and real-world harm. The report highlighted documented issues in commercially available robots, particularly Unitree platforms, including an undocumented CloudSail remote-access backdoor, exposed APIs that could disclose device locations and camera feeds, Bluetooth and Wi-Fi provisioning weaknesses that could allow root access, and telemetry sent to external servers in China.
The findings describe robots as high-risk cyber-physical endpoints because they combine cameras, microphones, radios, cloud connectivity, and physical actuation in a single platform. Researchers said those characteristics could allow wireless propagation, fleet-wide compromise, and even "physical botnets," while vision-language model prompt injection could manipulate robot behavior through physical-world inputs. The report urged organizations deploying robots in areas such as manufacturing, nuclear decommissioning, and military operations to strengthen procurement reviews, segment robot networks, monitor vulnerabilities, and prepare continuity plans before insecure architectures become embedded at scale.
Timeline
May 5, 2026
Recorded Future highlights systemic security risks in embodied AI robots
Recorded Future published an analysis warning that embodied AI systems such as humanoid and quadruped robots are entering commercial, industrial, military, and critical infrastructure environments despite immature security. The report cites documented issues in commercially available robots, including Unitree-related remote access, exposed APIs, provisioning flaws, and telemetry exfiltration concerns, and urges organizations to treat robots as high-risk cyber-physical assets.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Security Risks and Predictions for AI-Driven Systems and Operations
Security professionals are raising concerns about the risks posed by the rapid integration of AI-driven systems, including humanoid robots, into mainstream society and enterprise environments. Experts warn that without robust security measures, these devices could become targets for botnet-style attacks, as demonstrated by a recent proof-of-concept hack exploiting multiple vulnerabilities in Unitree Robotics' humanoid robots. The potential for wormable attacks via Bluetooth Low Energy interfaces highlights the urgency for the industry to prioritize security in the design and deployment of these systems, with forecasts suggesting a significant new market for robot security solutions in the coming decade. At the same time, the adoption of artificial intelligence is transforming security operations centers (SOCs) and cloud environments, with CISOs facing challenges in maintaining visibility, governance, and control as AI accelerates network growth and expands the attack surface. Industry reports and predictions for 2026 emphasize the need for responsible AI adoption, unified enterprise AI platforms, and enhanced security operations to manage the risks associated with distributed, automated, and interconnected systems. The convergence of AI innovation and security imperatives is driving organizations to rethink their strategies for both operational efficiency and threat mitigation.
1 months ago
House Hearing Warns of National Security Risks From Chinese AI Robotics
U.S. lawmakers were warned during a House Homeland Security subcommittee hearing that **Chinese-developed AI-enabled robots** could create security risks extending beyond traditional cyberattacks. Witnesses said these systems combine data collection, network connectivity, and real-world operational access in ways that could enable surveillance, operational disruption, and even physical harm if deployed in sensitive environments. The hearing focused on robotics platforms from companies tied to mainland China and the growing use of such systems across **logistics, manufacturing, energy, and public safety**. Industry representatives told lawmakers that Beijing's industrial strategy, including initiatives such as **"Made in China 2025"** and state-backed investment, is accelerating both domestic deployment and global market penetration, raising concerns that vulnerable or compromised robotic systems could be embedded in economically critical and operationally sensitive sectors.
1 months ago
Security Risks From Self-Hosted Autonomous AI Agents (Clawdbot/Moltbot/OpenClaw)
Security researchers and vendors warned that **self-hosted, agentic AI assistants**—notably **Clawdbot** (rebranded as **Moltbot** and also referred to as **OpenClaw**)—expand enterprise attack surface by combining broad data access with the ability to take direct actions (browser control, messaging, email, and command execution). Resecurity reported finding **hundreds of exposed deployments** reachable from the public Internet, frequently with **weak authentication, unsafe defaults, or misconfigurations** that could allow attackers to access **API keys/OAuth tokens**, retrieve **private chat histories**, and in some cases achieve **remote command execution** on the host. Dark Reading similarly highlighted that OpenClaw’s ecosystem can be undermined by **malicious “skills”** and fragile configuration/removal practices, reinforcing that these tools can be difficult to operate safely even when users attempt to limit permissions. CyberArk framed the issue as an **identity security** problem: autonomous agents often run with **user-level permissions** and integrate with platforms like *Slack*, *WhatsApp*, and *GitHub*, creating pathways for **credential/token theft, data leakage, and unauthorized actions** if the agent is exposed to untrusted content or deployed without strong controls. In contrast, Dark Reading’s coverage of **Shai-hulud** focuses on a separate threat—**self-propagating supply-chain worms targeting NPM projects**—and is not directly about autonomous AI agents, though it underscores the broader risk of downstream compromise when widely used components or ecosystems are poisoned.
2 months ago