SafeCoop: Unravelling Full Stack Safety in Agentic Collaborative Driving

TL;DR

SafeCoop is a comprehensive framework that enhances safety and security in natural-language-based collaborative driving by detecting and mitigating various attack strategies through an integrated defense pipeline, improving robustness in simulation.

Contribution

This work is the first systematic study of safety and security issues in language-based collaborative driving, introducing a novel defense pipeline called SafeCoop with multiple mitigation components.

Findings

Achieved 69.15% driving score improvement under malicious attacks.

Attained up to 67.32% F1 score for malicious detection.

Systematically evaluated in 32 critical scenarios in CARLA simulation.

Abstract

Collaborative driving systems leverage vehicle-to-everything (V2X) communication across multiple agents to enhance driving safety and efficiency. Traditional V2X systems take raw sensor data, neural features, or perception results as communication media, which face persistent challenges, including high bandwidth demands, semantic loss, and interoperability issues. Recent advances investigate natural language as a promising medium, which can provide semantic richness, decision-level reasoning, and human-machine interoperability at significantly lower bandwidth. Despite great promise, this paradigm shift also introduces new vulnerabilities within language communication, including message loss, hallucinations, semantic manipulation, and adversarial attacks. In this work, we present the first systematic study of full-stack safety and security issues in natural-language-based collaborative driving. Specifically, we develop a comprehensive taxonomy of attack strategies, including connection disruption, relay/replay interference, content spoofing, and multi-connection forgery. To mitigate these risks, we introduce an agentic defense pipeline, which we call SafeCoop, that integrates a semantic firewall, language-perception consistency checks, and multi-source consensus, enabled by an agentic transformation function for cross-frame spatial alignment. We systematically evaluate SafeCoop in closed-loop CARLA simulation across 32 critical scenarios, achieving 69.15% driving score improvement under malicious attacks and up to 67.32% F1 score for malicious detection. This study provides guidance for advancing research on safe, secure, and trustworthy language-driven collaboration in transportation systems. Our project page is https://xiangbogaobarry.github.io/SafeCoop.