The Threat of the Smart Robot in Your Kitchen

We seem to be caught up in the fantasy of advanced humanoid robots walking amongst us and taking some of the burden of our daily chores upon them. We are entering a new age where AI software combined with robotics hardware can make that happen. Some major players in the industry like Tesla, Amazon and Samsung, are already mapping out plans for mass production of intelligent robots at affordable prices. An "I, Robot" like scenario seems to be closer than ever where humanoid robots are engaged in almost all aspects of our daily lives.

The current state of AI is already very advanced, but Sam Altman recently declared that we are just thousands of days away from AGI (Advanced General Intelligence). When (not if) this is coupled with advanced robotics, a new being would come into existence: the super-intelligent robot.

I've previously discussed the potential danger of allowing AGI access to the physical world. By giving it power to move things around and sufficient agency, it may take unexpected decisions that may not be in the best interest of human kind. Imbuing a robot with AGI level of intelligence means exactly that. Think of it this way, it's one thing to get hallucinations in a chat prompt and another thing to have a hallucinating human sized, intelligent robot in your living room. We've been too accustomed to the image of the clumsy robot moving some blocks around like a toddler but robots today have become very powerful, fast and precise and in some cases could easily overpower a human.

The concept of intelligent humanoid robots has been largely explored in the Sci-Fi culture. Through his work, spanning more than half a century, Isaac Asimov created a universe where robots where indistinguishable from humans both in shape and intelligence. However, he also made it clear from the start that robots are bound by three laws of robotics which govern their actions and make them safe for human interaction:

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey the orders given it by human beings, except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

The way he envisioned this was that the laws were "hardwired" into the robot's "positronic brain" and could not be bypassed in any way. Any attempt to do so would deactivate the robot. At the same time, he explores potential contradictions between these laws and human attempts to bypass them in order to achieve a certain outcome that the robot would not normally agree to. In today's terms, we would call that hacking. This is similar to trying to convince ChatGPT through carefully crafted prompts to provide an output inconsistent with its policies, such as illegal content. Even though it may not seem like it, influencing a system to perform in ways it wasn't designed to is, by definition, hacking.

One must understand that all systems have vulnerabilities and that anything can be hacked. The key variables are resources and motivation. Some systems may be more difficult to hack and could require considerable resources, but if an attacker is sufficiently motivated, they may invest those resources to succeed regardless. Securing a system is a balancing act between usability and security: if you design a system to be highly secure, it may compromise usability; conversely, if you prioritize accessibility, the system may lack security. Consider an unplugged computer sitting on the floor—while it cannot be hacked, it is also essentially useless.

The laws imagined by Asimov are not a thing in real world but stand as a good example of designing a product with security in mind.

If we were to build robots with these rules hardwired, these would be subject to interpretation by the robot. A robot would first need to correctly identify a human being, and then assess what actions could potentially harm them. There are countless ways a human can be harmed. Does hurting someone's feelings count? Is kicking the dog bad? How much harm is too much? What orders can be deemed safe? What’s the context?

While trying to answer these questions, we soon realize that concepts of good and bad are relative. People often have conflicting interests; what benefits one person may harm another. The robots working for me, for instance, would merely become extensions of my interests, acting as leverage in a world where values are not aligned.

Let's look at a few ways intelligent robots could be compromised:

Prompt Injection

In the case of robot workers, NLP (Natural Language Processing) capabilities would be a crucial component to facilitate human interaction. This feature provides an intuitive human-robot interface, allowing the user to give commands to the robot using natural language. The ability to take commands through speech is also what makes the robot vulnerable to hacking. Anyone could use natural language to prompt the robot, much like how you might interact with a GPT model today. Just as a model can be tricked into generating illicit content, a robot could be manipulated through crafted inputs into performing illegal actions. This is essentially convincing the robot to do bad things by simply talking to it - the equivalent of social engineering, where you would try to persuade a person into doing something for you or divulging information.

Jailbreaking

Jailbreaking, also known as "rooting," refers to the process of gaining privileged control or "root access" over a smartphone's operating system. This enables users to bypass restrictions, install unauthorized apps, customize the system, and modify hardware settings, essentially granting full access to the device. While this may seem appealing due to the perceived control it offers, jailbreaking is actually a risky practice. It exposes the device to malware, security breaches, and the potential disclosure of personal information.

As soon as robots become widely available, attempts to jailbreak them are likely to happen. Disabling safety features and gaining access to administrative functions would allow the owner to reprogram the robot as they see fit, potentially changing its designation, or reprogramming it to perform harmful actions. This may not necessarily be done with the explicit intent to cause harm. An owner might simply try to unlock licensed features that are unavailable in their current subscription, or extend the robot’s hardware capabilities by overwriting firmware with custom code. Regardless, unleashing a rooted robot into the world might come with surprising negative consequences.

Supply Chain Vulnerabilities

A humanoid robot would be a complex mix of software and hardware. Maintaining it would introduce a supply chain risk. Updating the firmware on various hardware controllers would require an external wireless connection. The secure delivery of software updates would be dependent on both the security of the network and the integrity of the update packages themselves. If an attacker were able to compromise the robot's wireless connection, they might spoof the update source and tamper with the update's integrity, potentially installing malicious software or introducing vulnerabilities into the robot’s system. Such a compromise could lead to a range of dangerous outcomes. Malicious actors might manipulate the robot’s physical actions, cause it to malfunction, or gain access to sensitive data.

No one manufacturer could produce all the component parts. Rigorous scrutiny of the supply chain would have to be enforced by the manufacturer to make sure buggy or compromised code doesn't get installed into the robot. Suppliers would have to be vetted for secure practices and code would have to be thoroughly tested before every release.

Even so, whoever controls the updates, controls the robots. In the movie "I, Robot" the delivery of an update meant to subvert the rule of the three laws for millions of robots, changes their behavior from docile helpers into an oppressive force. The update is pushed by a supercomputer AI who calculates that the biggest threat to mankind is mankind itself, and so it begins a process of containing humans "for their own safety".

This super AI developed its own understanding of "good" which leads us to the next point.

Moral Code Dilemma

AI today is not yet advanced to recognize good and bad the way humans do, as it lacks an inherent understanding of morality. AI relies on training data that reflects the views and values of the humans who created that data. In robotics, AI relies heavily on predefined rules, like predefined ethical guidelines, which lack flexibility in face of constant change of context and may fail when faced with complex moral dilemmas. Currently, AI essentially simulates ethical behavior within predefined boundaries without truly understanding it.

With the emergence of AGI we might be able to build robots that can better understand the context of human interactions. However, grasping more advanced concepts like empathy and moral reasoning will be extremely challenging. Until then, we rely on existing safeguards to ensure AI operates safely—by curating training data, using keyword filtering, retraining models, enforcing rules, and providing extensive human supervision. All of this is necessary because AI inherently lacks an understanding of moral principles like good and bad.

If the highly intelligent robots are a threat or not is up to us. The human-robot relationship is still in its honeymoon phase - we are too fascinated by the potential that we are blind to see the red flags. As soon as this will be over, only then humankind will be truly able to decide what rules should apply to this relationship. Let’s only hope there will still be a decision to be made.

Thank you for reading! If you've enjoyed it, there's more like this on my Substack.