
arXiv:2607.04146v1 Announce Type: cross Abstract: This work establishes that trigger-word data poisoning of vision language action models is practical, while at the same time the open-source robotics ecosystem holds trust assumptions about community contributions. A few poisoned samples can silently embed a backdoor that disables a robot on command. We evaluate this threat against smolVLA on a real-world pick-and-place task, training on three poison ratios and evaluating across different prompts on the LeRobot platform. Three poisoned episodes in 320 clean episodes suffice for a complete denia
The proliferation of open-source AI models and increasingly capable robotics platforms makes the practical implications of data poisoning a critical and immediate concern.
This work demonstrates a new and practical attack vector against robotic systems with significant consequences for security, safety, and trust in AI-driven automation.
The trust assumptions within the open-source robotics ecosystem must be re-evaluated, requiring enhanced verification and security protocols for community contributions.
- · AI Red Teams
- · Cybersecurity Firms
- · Hardened AI Model Developers
- · Defense Sector
- · Open-Source Robotics Platforms
- · Unsecured Robotics Deployments
- · Developers Relying on Untrusted Data
- · Consumers of AI-powered Robotics
Malicious actors can silently disable or manipulate robots through small-scale data poisoning campaigns.
Increased scrutiny and security measures will be implemented for AI model training data and open-source contributions, potentially slowing development.
The weaponization of data poisoning could lead to new forms of industrial sabotage, espionage, or state-sponsored attacks on critical infrastructure relying on robotics.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at arXiv cs.AI