Trust in LLM-controlled Robotics: a Survey of Security Threats, Defenses and Challenges

TL;DR

This survey reviews security threats and defense strategies for LLM-controlled robotics, emphasizing the unique challenges posed by physical embodiment and the need for context-aware security solutions.

Contribution

It provides a comprehensive taxonomy of attack vectors and defense mechanisms specific to embodied robotic systems controlled by LLMs, highlighting research gaps and future directions.

Findings

Identifies attack types like jailbreaking and backdoor attacks in robotics.

Categorizes defense strategies including formal safety and multi-LLM oversight.

Reviews datasets and benchmarks for robustness evaluation.

Abstract

The integration of Large Language Models (LLMs) into robotics has revolutionized their ability to interpret complex human commands and execute sophisticated tasks. However, such paradigm shift introduces critical security vulnerabilities stemming from the ''embodiment gap'', a discord between the LLM's abstract reasoning and the physical, context-dependent nature of robotics. While security for text-based LLMs is an active area of research, existing solutions are often insufficient to address the unique threats for the embodied robotic agents, where malicious outputs manifest not merely as harmful text but as dangerous physical actions. In this work, we present a systematic survey, summarizing the emerging threat landscape and corresponding defense strategies for LLM-controlled robotics. Specifically, we discuss a comprehensive taxonomy of attack vectors, covering topics such as jailbreaking, backdoor attacks, and multi-modal prompt injection. In response, we analyze and categorize a range of defense mechanisms, from formal safety specifications and runtime enforcement to multi-LLM oversight and prompt hardening. Furthermore, we review key datasets and benchmarks used to evaluate the robustness of these embodied systems. By synthesizing current research, this work highlights the urgent need for context-aware security solutions and provides a foundational roadmap for the development of safe, secure, and reliable LLM-controlled robotics.