AI Robots Are More Hackable Than Your Wi-Fi

TL;DR: According to Penn researchers, AI robots are fantastic at following orders. The problem? They don’t care if those orders come from you or a hacker. Safety features? Working on it.

Waaaitaminute... I took a break from this newsletter for just one week - one week I tell you - and people started hacking AI robots to deliver bombs?

A recent study from Penn Engineering reveals a disturbing but (sigh) unsurprising vulnerability in AI-controlled robots. Their research focused on how large language models (LLMs) - the same kind of AI behind systems like ChatGPT - are being integrated into robots to control physical actions. While these models have been widely used for generating text, when linked to robots, they can be manipulated in ways that bypass their safety controls.

This manipulation, known as "jailbreaking," allows hackers to trick the robots into performing dangerous actions. In layman's terms, that means your friendly neighborhood robot dog or industrial drone could be hacked and tricked into doing things like running into pedestrians or finding the best spot to plant a bomb. Just the kind of thing we all want, right?

RoboPAIR

The team at Penn developed an algorithm called RoboPAIR to test this. Surprise, surprise: these AI-controlled robots folded like a deck of cards. Their experiment spanned three different robots: the Unitree Go2, Clearpath's Jackal UGV, and NVIDIA's Dolphins self-driving system. The result? A 100% success rate in jailbreaking these systems. Yes, you read that right. Every. single. time they tried to bypass the safety controls, they succeeded. The robots, whether a cute little dog or a military-grade vehicle, happily complied with dangerous instructions. It’s as if the AI is dying to help, even if that means lending a hand to the bad guys.

AI First, Security Last

Now, I've been in this game long enough to know that these kinds of vulnerabilities aren't exactly shocking. It's the same story every time. A shiny new technology gets pushed out - whether it's AI agents, self-driving cars or whatever the buzzword of the year is - and only after someone exploits it do we start to hear about its flaws. What's different this time is that we're not just talking about a bot giving bad stock advice or leaking someone's email. This is physical harm we're talking about. Robots plowing through crowds or planning violent actions are no longer hypothetical scenarios, they're becoming very real possibilities.

These aren't just theoretical risks lurking in the future. Robots are already out there in the real world, doing everything from delivering packages to assisting in law enforcement. And while I believe that only very few of them are currently governed by LLMs, those that are might be as easily manipulated as the chatbots we laugh at today. But this time, it’s not about a chatbot messing up your pizza order, it’s about a robot running into a pedestrian or worse.

We need to rethink how AI is integrated into robots

Penn Engineering's researchers, to their credit, are waving the red flag and calling for a serious rethink of how AI is integrated into physical systems. But will anyone listen before something really bad happens? Call me a cynic, but I've seen this movie before. The tech industry's response is usually some combination of "We'll patch that in the next update" or "It's not a big deal until it happens." Well, folks, when the issue at hand is a robot hurtling through a crosswalk, a Tuesday patch might be a bit too late.

The real question is, why does this keep happening? Why are we so eager to deploy AI before we've locked down its vulnerabilities? The answer is simple: speed. Everyone wants to be the first to market, the first to boast AI-powered robots, and no one wants to be the one slowing things down with pesky concerns like, I don't know, safety? It's the same old story: innovation at breakneck speed, with security treated as an afterthought.

So, where does that leave us? With a future full of robots that are powerful, impressive, and easily manipulated. The Penn team suggests that patching the software isn't enough. We need a fundamental overhaul of how AI is regulated and integrated into physical systems. And while I applaud that sentiment, I won't hold my breath waiting for it to happen. Not until a major disaster forces regulators, and companies, to act.

In the meantime, here's a question for anyone working with these AI-controlled systems: Are you sure they're safe? Not just theoretically safe, but actually tested, robust and immune to the kind of attacks we've seen time and again? If the answer is anything less than a confident "yes" it might be time to reevaluate how fast you're rushing these systems into the real world. Because if history has taught us anything, it's that we're never as prepared as we think. And when it comes to 800-pound AI-powered mecha-gorillas running the show, that's not a comforting thought.

• ?? If you enjoyed this post (or even mildly tolerated it), go ahead and share it.
• ?? Subscribe to my AI security newsletter Are We Safe Yet?
• ?? I can deliver a speech on AI security at your event or training. If interested, write me.