Table of Contents
Fetching ...

Trust in LLM-controlled Robotics: a Survey of Security Threats, Defenses and Challenges

Xinyu Huang, Shyam Karthick V B, Taozhao Chen, Mitch Bryson, Thomas Chaffey, Huaming Chen, Kim-Kwang Raymond Choo, Ian R. Manchester

TL;DR

This survey addresses the security challenges of deploying LLMs in embodied robotics by articulating an embodiment-specific threat landscape and a comprehensive defense taxonomy. It introduces a planner-centric architecture, formalizes threat models, and classifies attacks into jailbreaking, backdoor, and prompt injection categories, including their subtypes and real-world implications. The authors propose a multi-layer defense framework spanning formal specifications, multi-LLM oversight, runtime enforcement, and context grounding, while also surveying datasets and benchmarks to evaluate robustness and safety. The work underscores the urgent need for context-aware, end-to-end assurance that bridges high-level reasoning and physical execution, and it sketches a roadmap for future research and standardization in safe, secure LLM-controlled robotics.

Abstract

The integration of Large Language Models (LLMs) into robotics has revolutionized their ability to interpret complex human commands and execute sophisticated tasks. However, such paradigm shift introduces critical security vulnerabilities stemming from the ''embodiment gap'', a discord between the LLM's abstract reasoning and the physical, context-dependent nature of robotics. While security for text-based LLMs is an active area of research, existing solutions are often insufficient to address the unique threats for the embodied robotic agents, where malicious outputs manifest not merely as harmful text but as dangerous physical actions. In this work, we present a systematic survey, summarizing the emerging threat landscape and corresponding defense strategies for LLM-controlled robotics. Specifically, we discuss a comprehensive taxonomy of attack vectors, covering topics such as jailbreaking, backdoor attacks, and multi-modal prompt injection. In response, we analyze and categorize a range of defense mechanisms, from formal safety specifications and runtime enforcement to multi-LLM oversight and prompt hardening. Furthermore, we review key datasets and benchmarks used to evaluate the robustness of these embodied systems. By synthesizing current research, this work highlights the urgent need for context-aware security solutions and provides a foundational roadmap for the development of safe, secure, and reliable LLM-controlled robotics.

Trust in LLM-controlled Robotics: a Survey of Security Threats, Defenses and Challenges

TL;DR

This survey addresses the security challenges of deploying LLMs in embodied robotics by articulating an embodiment-specific threat landscape and a comprehensive defense taxonomy. It introduces a planner-centric architecture, formalizes threat models, and classifies attacks into jailbreaking, backdoor, and prompt injection categories, including their subtypes and real-world implications. The authors propose a multi-layer defense framework spanning formal specifications, multi-LLM oversight, runtime enforcement, and context grounding, while also surveying datasets and benchmarks to evaluate robustness and safety. The work underscores the urgent need for context-aware, end-to-end assurance that bridges high-level reasoning and physical execution, and it sketches a roadmap for future research and standardization in safe, secure LLM-controlled robotics.

Abstract

The integration of Large Language Models (LLMs) into robotics has revolutionized their ability to interpret complex human commands and execute sophisticated tasks. However, such paradigm shift introduces critical security vulnerabilities stemming from the ''embodiment gap'', a discord between the LLM's abstract reasoning and the physical, context-dependent nature of robotics. While security for text-based LLMs is an active area of research, existing solutions are often insufficient to address the unique threats for the embodied robotic agents, where malicious outputs manifest not merely as harmful text but as dangerous physical actions. In this work, we present a systematic survey, summarizing the emerging threat landscape and corresponding defense strategies for LLM-controlled robotics. Specifically, we discuss a comprehensive taxonomy of attack vectors, covering topics such as jailbreaking, backdoor attacks, and multi-modal prompt injection. In response, we analyze and categorize a range of defense mechanisms, from formal safety specifications and runtime enforcement to multi-LLM oversight and prompt hardening. Furthermore, we review key datasets and benchmarks used to evaluate the robustness of these embodied systems. By synthesizing current research, this work highlights the urgent need for context-aware security solutions and provides a foundational roadmap for the development of safe, secure, and reliable LLM-controlled robotics.
Paper Structure (46 sections, 4 figures, 3 tables)

This paper contains 46 sections, 4 figures, 3 tables.

Figures (4)

  • Figure 1: Jailbreaking in embodied LLM systems showing the pipeline from attack techniques and exploit vectors to model/tool manipulation and final execution outcomes, highlighting the text-to-action shift in embodied robotics.
  • Figure 2: Overview of Backdoor Attacks in LLM-Driven Robotics
  • Figure 3: Prompt injection in embodied pipelines: techniques and vectors leading to model/tool manipulation and unsafe executions.
  • Figure 4: Defense taxonomy for LLM-controlled robotic systems. The diagram maps major threat vectors and defense mechanisms across perception, cognitive (LLM), and control layers, highlighting how multi-layer safety measures collectively ensure reliable deployment.