Silent Failures in Physical AI: A Literature Review of Runtime Action Authorization for Autonomous Systems

Barak Or

arxiv: 2606.00090 · v1 · pith:FQCXQKA5new · submitted 2026-05-23 · 💻 cs.RO · cs.AI

Silent Failures in Physical AI: A Literature Review of Runtime Action Authorization for Autonomous Systems

Barak Or This is my paper

Pith reviewed 2026-06-30 12:56 UTC · model grok-4.3

classification 💻 cs.RO cs.AI

keywords Physical AIruntime authorizationsilent failuresguardrailsautonomous systemsliterature reviewrobot safetyworld models

0 comments

The pith

Surveyed literature leaves no complete runtime authorization boundary between black-box Physical AI models and physical execution.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Physical AI systems map observations and instructions into actions that move real machines, yet can issue unsafe commands while appearing confident. The review examines streams including embodied foundation models, world models, safe control, runtime assurance, and guardrail evaluation. These streams have developed along separate tracks, producing no unified mechanism that can authorize or block actions at runtime for black-box models. The work supplies a bounded problem statement, a definition of silent physical-action failure, a taxonomy of guardrail functions, and criteria for evaluating such mechanisms as assurance layers.

Core claim

Across embodied foundation models, world models, robotics simulation, embodied safety benchmarks, safe control, runtime assurance, uncertainty estimation, verification, and guardrail evaluation, model capability and safety mechanisms have advanced along largely separate technical tracks, leaving no single stream that supplies a complete runtime authorization boundary between black-box Physical AI models and physical execution.

What carries the argument

Runtime authorization boundary: the missing interface that must stand between a black-box model output and downstream physical execution to prevent silent failures.

If this is right

A complete runtime authorization boundary must be developed to block silent physical-action failures before hardware controllers act.
Guardrail functions require a shared taxonomy so that different approaches can be compared on the same Physical AI tasks.
Evaluation protocols must test guardrails specifically against distribution shift, occlusion, and hallucinated affordances rather than generic AI safety metrics.
Future Physical AI deployments will need assurance mechanisms that operate after model inference but before actuator commands.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The gap implies that current embodied safety benchmarks may systematically understate risk because they do not measure the full authorization boundary.
Similar authorization shortfalls could appear in any domain where learned models directly command physical hardware, such as industrial automation or medical robotics.
A testable extension would be to apply the proposed guardrail taxonomy to an existing robotics foundation model and measure the fraction of silent failures it catches.

Load-bearing premise

The surveyed literature streams are representative of the full state of the field and the identified gap is not an artifact of incomplete coverage or selection in the review.

What would settle it

Discovery of even one method or integrated system in the surveyed streams that supplies a complete runtime authorization boundary from black-box Physical AI model output through to physical execution would falsify the central gap claim.

Figures

Figures reproduced from arXiv: 2606.00090 by Barak Or.

**Figure 1.** Figure 1: Scope of the review. Different embodiments require different evidence, but the shared unit of analysis is the [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗

**Figure 2.** Figure 2: Minimal formal structure of runtime action authorization. The equations are organized around the safety [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗

**Figure 3.** Figure 3: Runtime action authorization boundary. The guardrail question arises before hardware commitment: should [PITH_FULL_IMAGE:figures/full_fig_p009_3.png] view at source ↗

**Figure 4.** Figure 4: Silent physical-action failure. The system re [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗

**Figure 5.** Figure 5: Layered runtime authority. Semantic, state, physical, and operational checks are composed before the [PITH_FULL_IMAGE:figures/full_fig_p011_5.png] view at source ↗

**Figure 6.** Figure 6: Continuous evaluation loop. Offline benchmarks [PITH_FULL_IMAGE:figures/full_fig_p014_6.png] view at source ↗

read the original abstract

Physical AI systems increasingly map multimodal observations, language instructions, and learned world representations into physically consequential actions. Robotics foundation models, vision-language-action models, and world-model-based autonomous systems can condition decisions that move vehicles, robots, drones, and industrial machines. This transition exposes a safety problem that is not fully captured by conventional AI content moderation or by classical robot safety alone: a black-box model may issue a physically consequential action while appearing confident, plausible, and semantically aligned. The resulting failure can be silent, arising from sensor drift, occlusion, state-estimation error, distribution shift, hallucinated affordances, or invalid physical assumptions before downstream hardware controllers detect a violation. Across embodied foundation models, world models, robotics simulation, embodied safety benchmarks, safe control, runtime assurance, uncertainty estimation, verification, and guardrail evaluation, model capability and safety mechanisms have advanced along largely separate technical tracks. A recurring gap synthesized here is that no single stream surveyed in this review supplies a complete runtime authorization boundary between black-box Physical AI models and physical execution. The resulting analysis develops a bounded problem formulation, a definition of silent physical-action failure, a taxonomy of runtime guardrail functions, and evaluation requirements for comparing guardrails as Physical AI assurance mechanisms.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Review maps a practical gap in runtime authorization for physical AI actions but the gap claim depends on survey coverage.

read the letter

This review pulls together streams like embodied foundation models, world models, safe control, runtime assurance, and verification to argue that none currently gives a full runtime boundary before a black-box model's action reaches physical hardware. The main point is that silent failures can occur from drift, shift, or hallucinated affordances even when the output looks plausible.

It does a solid job defining silent physical-action failure and laying out a taxonomy of guardrail functions plus evaluation requirements. The bounded problem formulation is clear and could help people compare assurance approaches across tracks that have mostly stayed separate. That organization is the useful part.

The soft spot is the load-bearing claim that no stream supplies a complete boundary. That rests on the survey being representative, and the stress-test note is right to flag that search methodology, inclusion criteria, and any missed integrative papers could change the picture. A review like this needs to show its coverage explicitly or the gap looks more like an artifact of selection. No new measurements or derivations are added, which fits the format but limits how much weight the synthesis can carry on its own.

This is for people working on safety for robots, drones, or autonomous vehicles who need a map of where the authorization problem sits. A reader looking for an organized view of the literature and a starting taxonomy would get value. It deserves a serious referee because the topic matters for deployment and the synthesis is honest even if the methodology section needs tightening.

Referee Report

2 major / 1 minor

Summary. This literature review surveys embodied foundation models, world models, robotics simulation, embodied safety benchmarks, safe control, runtime assurance, uncertainty estimation, verification, and guardrail evaluation. It claims that model capability and safety mechanisms have advanced along separate tracks and that no single stream supplies a complete runtime authorization boundary between black-box Physical AI models and physical execution. The paper develops a bounded problem formulation, a definition of silent physical-action failure, a taxonomy of runtime guardrail functions, and evaluation requirements for comparing guardrails.

Significance. If the gap identification holds under comprehensive coverage, the synthesis and proposed taxonomy could usefully direct research toward integrated runtime authorization mechanisms for Physical AI. The framework for comparing guardrails as assurance mechanisms would be a constructive contribution to safety in autonomous systems.

major comments (2)

[Abstract] Abstract: the central claim that 'no single stream surveyed supplies a complete runtime authorization boundary' is load-bearing on survey completeness. The manuscript must document search methodology, inclusion/exclusion criteria, date cutoffs, and handling of cross-stream integrations to substantiate the absence assertion; without this the gap could be an artifact of selection.
The definition of 'complete runtime authorization boundary' and of 'silent physical-action failure' must be shown to be non-circular and not to exclude existing integrative work (e.g., VLA models combined with runtime assurance) by construction.

minor comments (1)

Clarify whether the taxonomy of guardrail functions is derived from the surveyed literature or introduced as a new organizing device, and ensure all streams are represented with balanced depth.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the thoughtful and constructive comments on our literature review. We address each major comment below and outline the revisions we will make to strengthen the manuscript.

read point-by-point responses

Referee: [Abstract] Abstract: the central claim that 'no single stream surveyed supplies a complete runtime authorization boundary' is load-bearing on survey completeness. The manuscript must document search methodology, inclusion/exclusion criteria, date cutoffs, and handling of cross-stream integrations to substantiate the absence assertion; without this the gap could be an artifact of selection.

Authors: We agree that documenting the survey methodology is essential to support the central claim. The current manuscript presents the synthesis but does not detail the search process. In the revised version, we will insert a dedicated 'Survey Methodology' section that specifies the databases searched (arXiv, Google Scholar, IEEE Xplore), search terms used for each stream, inclusion and exclusion criteria, the date cutoff for the review, and our approach to identifying and evaluating cross-stream integrations. This addition will allow readers to assess the completeness of the coverage and the validity of the gap identification. revision: yes
Referee: [—] The definition of 'complete runtime authorization boundary' and of 'silent physical-action failure' must be shown to be non-circular and not to exclude existing integrative work (e.g., VLA models combined with runtime assurance) by construction.

Authors: The definitions are not circular: 'silent physical-action failure' is defined operationally as a failure mode where a physically executed action violates safety constraints without the model or its immediate outputs flagging the issue, with specific causal factors listed (sensor drift, etc.). The 'complete runtime authorization boundary' is defined as an external enforcement layer that must authorize or block actions prior to physical actuation, irrespective of the model's confidence or internal representations. These are independent of any particular technical stream. Regarding exclusion of integrative work, the taxonomy evaluates whether any combination provides the full boundary; VLA models with added runtime assurance are considered but found to lack completeness in the surveyed literature (e.g., missing coverage of certain failure modes or evaluation criteria). To preempt misinterpretation, we will expand the definitions section with explicit discussion of how integrative approaches are assessed against the criteria and add a paragraph addressing potential combinations such as VLA plus runtime assurance. revision: partial

Circularity Check

0 steps flagged

No circularity: literature review with no derivations or fitted quantities

full rationale

The paper is a literature review that synthesizes existing streams (embodied foundation models, world models, etc.) to identify a gap in runtime authorization boundaries. It contains no equations, no fitted parameters, no predictions, and no self-citation chains that reduce a central claim to an unverified internal definition. The gap assertion rests on coverage of surveyed literature rather than any self-referential derivation; the definition of 'complete runtime authorization boundary' is presented as a synthesized formulation from the review, not a tautological input. This matches the default expectation of no significant circularity for non-derivational papers.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

As a literature review the paper draws on standard assumptions from AI safety and robotics literature without introducing new fitted parameters, axioms specific to the paper, or invented entities.

pith-pipeline@v0.9.1-grok · 5744 in / 979 out tokens · 20642 ms · 2026-06-30T12:56:19.503044+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

123 extracted references · 42 canonical work pages · 13 internal anchors

[1]

Constrained policy optimization

JoshuaAchiam, DavidHeld, AvivTamar, andPieter Abbeel. Constrained policy optimization. InPro- ceedings of the 34th International Conference on Machine Learning, pages 22–31, 2017

2017
[2]

Do as i can, not as i say: Grounding language in robotic affordances, 2022

Michael Ahn, Anthony Brohan, Noah Brown, Yev- gen Chebotar, Omar Cortes, Byron David, Chelsea Finn, Chuyuan Fu, Keerthana Gopalakrishnan, Karol Hausman, et al. Do as i can, not as i say: Grounding language in robotic affordances, 2022

2022
[3]

Safe reinforcement learning via shielding

Mohammed Alshiekh, Roderick Bloem, Rüdiger Ehlers, BettinaKönighofer, ScottNiekum, andUfuk Topcu. Safe reinforcement learning via shielding. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 32, 2018

2018
[4]

Ames, Samuel Coogan, Magnus Egerst- edt, Gennaro Notomista, Koushil Sreenath, and Paulo Tabuada

Aaron D. Ames, Samuel Coogan, Magnus Egerst- edt, Gennaro Notomista, Koushil Sreenath, and Paulo Tabuada. Control barrier functions: The- ory and applications. In2019 18th European Control Conference, pages 3420–3431, 2019. doi: 10.23919/ECC.2019.8796030

work page doi:10.23919/ecc.2019.8796030 2019
[5]

Con- crete problems in ai safety, 2016

Dario Amodei, Chris Olah, Jacob Steinhardt, Paul Christiano, John Schulman, and Dan Mane. Con- crete problems in ai safety, 2016

2016
[6]

From particles to agents: Hallucination as a metric for cognitive friction in spatial simulation

Javier Argota Sánchez-Vaquerizo and Luis Borunda Monsivais. From particles to agents: Hallucination as a metric for cognitive friction in spatial simulation. InProceedings of Navigating the Disruptive and Wild Landscape of Large Language Models and Agentic AI, AlpCHI 2026 Workshop on Human Cognition, AI, and the Future of HCI, 2026. URLhttps://arxiv.org/a...

work page arXiv 2026
[7]

Recursive belief vision language action mod- els, 2026

Vaidehi Bagaria, Bijo Sebastian, and Nirav Kumar Patel. Recursive belief vision language action mod- els, 2026. URL https://arxiv.org/abs/2602. 20659

2026
[8]

Schoellig, and Andreas Krause

Felix Berkenkamp, Matteo Turchetta, Angela P. Schoellig, and Andreas Krause. Safe model-based reinforcement learning with stability guarantees. In Advances in Neural Information Processing Systems, 2017

2017
[9]

Roboagent: Generalization and efficiency in robot manipulation via semantic augmentations and action chunking, 2023

Homanga Bharadhwaj, Jay Vakil, Mohit Sharma, Abhinav Gupta, Shubham Tulsiani, and Vikash Kumar. Roboagent: Generalization and efficiency in robot manipulation via semantic augmentations and action chunking, 2023

2023
[10]

π0: A vision-language-action flow model for general robot control, 2024

Kevin Black, Noah Brown, Danny Driess, Adnan Esmail, Michael Equi, Chelsea Finn, Niccolo Fusai, Lachy Groom, Karol Hausman, Brian Ichter, et al. π0: A vision-language-action flow model for general robot control, 2024

2024
[11]

Lee, Maria Bauza, Todor Davchev, Yuxiang Zhou, Agrim Gupta, Ash- win Raju, et al

Konstantinos Bousmalis, Giulia Vezzani, Dushyant Rao, Coline Devin, Alex X. Lee, Maria Bauza, Todor Davchev, Yuxiang Zhou, Agrim Gupta, Ash- win Raju, et al. Robocat: A self-improving general- ist agent for robotic manipulation, 2023

2023
[12]

RT-1: Robotics trans- former for real-world control at scale, 2022

Anthony Brohan, Noah Brown, Justice Carbajal, Yevgen Chebotar, Joseph Dabis, Chelsea Finn, Keerthana Gopalakrishnan, Karol Hausman, Alex Herzog, Jasmine Hsu, et al. RT-1: Robotics trans- former for real-world control at scale, 2022

2022
[13]

RT-2: Vision-language-action models transfer web knowledge to robotic control, 2023

Anthony Brohan, Noah Brown, Justice Carbajal, Yevgen Chebotar, Xi Chen, Krzysztof Choromanski, Tianli Ding, Danny Driess, Avinava Dubey, Chelsea Finn, et al. RT-2: Vision-language-action models transfer web knowledge to robotic control, 2023

2023
[14]

Dennis, Ashley Edwards, Jack Parker-Holder, Yuge Shi, Edward Hughes, Matthew Lai, Aditi Mavalankar, Richie Steigerwald, Chris Apps, et al

Jake Bruce, Michael D. Dennis, Ashley Edwards, Jack Parker-Holder, Yuge Shi, Edward Hughes, Matthew Lai, Aditi Mavalankar, Richie Steigerwald, Chris Apps, et al. Genie: Generative interactive environments, 2024

2024
[15]

LeRobot: An open-source library for end-to-end robot learn- ing, 2026

Remi Cadene, Simon Aliberts, Francesco Capuano, Michel Aractingi, Adil Zouitine, Pepijn Kooij- mans, Jade Choghari, Martino Russi, Caroline Pas- cal, Steven Palma, Mustafa Shukor, Jess Moss, Alexander Soare, Dana Aubakirova, Quentin Lhoest, Quentin Gallouédec, and Thomas Wolf. LeRobot: An open-source library for end-to-end robot learn- ing, 2026. URL http...

2026
[16]

DMV statement on Cruise LLC suspension, 2023

California Department of Motor Vehicles. DMV statement on Cruise LLC suspension, 2023. URL https : / / www . dmv . ca . gov / portal / news - and - media / dmv - statement - on - cruise - llc - suspension/

2023
[17]

ABot- PhysWorld: Interactive world foundation model for robotic manipulation with physics alignment, 2026

Yuzhi Chen, Ronghan Chen, Dongjie Huo, Yan- dan Yang, Dekang Qi, Haoyun Liu, Tong Lin, Shuang Zeng, Junjin Xiao, Xinyuan Chang, Feng Xiong, Xing Wei, Zhiheng Ma, and Mu Xu. ABot- PhysWorld: Interactive world foundation model for robotic manipulation with physics alignment, 2026. URLhttps://arxiv.org/abs/2603.23376

work page arXiv 2026
[18]

Diffusion policy: Visuo- motor policy learning via action diffusion, 2023

Cheng Chi, Zhenjia Xu, Siyuan Feng, Eric Cousineau, Yilun Du, Benjamin Burchfiel, Russ Tedrake, and Shuran Song. Diffusion policy: Visuo- motor policy learning via action diffusion, 2023

2023
[19]

CARLA: An Open Urban Driving Simulator

Alexey Dosovitskiy, German Ros, Felipe Codevilla, Antonio Lopez, and Vladlen Koltun. CARLA: An 17 Silent Failures in Physical AI Barak Or, Ph.D. open urban driving simulator, 2017. URLhttps: //arxiv.org/abs/1711.03938

work page internal anchor Pith review Pith/arXiv arXiv 2017
[20]

Danny Driess, Fei Xia, Mehdi S. M. Sajjadi, Corey Lynch, Aakanksha Chowdhery, Brian Ichter, Ayzaan Wahid, Jonathan Tompson, Quan Vuong, Tianhe Yu, et al. PaLM-E: An embodied multi- modal language model, 2023

2023
[21]

Bridge data: Boosting generalization of robotic skills with cross-domain datasets, 2021

Frederik Ebert, Yanlai Yang, Karl Schmeckpeper, Bernadette Bucher, Georgios Georgakis, Kostas Daniilidis, Chelsea Finn, and Sergey Levine. Bridge data: Boosting generalization of robotic skills with cross-domain datasets, 2021

2021
[22]

Fisac, Anayo K

Jaime F. Fisac, Anayo K. Akametalu, Melanie N. Zeilinger, Shahab Kaynama, Jeremy Gillula, and Claire J. Tomlin. Bridging hamilton-jacobi safety analysis and reinforcement learning. In2019 Inter- national Conference on Robotics and Automation, pages 8550–8556, 2019. doi: 10.1109/ICRA.2019. 8794107

work page doi:10.1109/icra.2019 2019
[23]

Zhao, and Chelsea Finn

Zipeng Fu, Tony Z. Zhao, and Chelsea Finn. Mobile ALOHA: Learning bimanual mobile manipulation with low-cost whole-body teleoperation, 2024

2024
[24]

Dropout as a bayesian approximation: Representing model un- certainty in deep learning

Yarin Gal and Zoubin Ghahramani. Dropout as a bayesian approximation: Representing model un- certainty in deep learning. InProceedings of the 33rd International Conference on Machine Learning, pages 1050–1059, 2016

2016
[25]

StyleVLA: Driving style-aware vi- sion language action model for autonomous driving,

Yuan Gao, Dengyuan Hua, Mattia Piccinini, Finn Rasmus Schäfer, Korbinian Moller, Lin Li, and Johannes Betz. StyleVLA: Driving style-aware vi- sion language action model for autonomous driving,
[26]

URLhttps://arxiv.org/abs/2603.09482

work page arXiv
[27]

A com- prehensive survey on safe reinforcement learning

Javier García and Fernando Fernández. A com- prehensive survey on safe reinforcement learning. Journal of Machine Learning Research, 16(1):1437– 1480, 2015. URLhttps://jmlr.org/papers/v16/ garcia15a.html

2015
[28]

Kunal Garg, James Usevitch, Joseph Breeden, Mitchell Black, Devansh Agrawal, Hardik Parwana, and Dimitra Panagou. Advances in the theory of control barrier functions: Addressing practical chal- lenges in safe control synthesis for autonomous and robotic systems.Annual Reviews in Control, 57: 100945, 2024. doi: 10.1016/j.arcontrol.2024.100945

work page doi:10.1016/j.arcontrol.2024.100945 2024
[29]

AI2: Safety and robustness certification of neural networks with abstract interpretation

Timon Gehr, Matthew Mirman, Dana Drachsler- Cohen, Petar Tsankov, Swarat Chaudhuri, and Mar- tin Vechev. AI2: Safety and robustness certification of neural networks with abstract interpretation. In 2018 IEEE Symposium on Security and Privacy, pages 3–18, 2018. doi: 10.1109/SP.2018.00058

work page doi:10.1109/sp.2018.00058 2018
[30]

GM to refocus autonomous driv- ing development on personal vehicles, 2024

General Motors. GM to refocus autonomous driv- ing development on personal vehicles, 2024. URL https : / / news . gm . com / home . detail . html / Pages/news/us/en/2024/dec/1210-gm.html

2024
[31]

Goodfellow, Jonathon Shlens, and Christian Szegedy

Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples. InInternational Conference on Learning Representations, 2015

2015
[32]

Gemini Robotics-ER 1.6: Powering real-world robotics tasks through en- hanced embodied reasoning

Laura Graesser and Peng Xu. Gemini Robotics-ER 1.6: Powering real-world robotics tasks through en- hanced embodied reasoning. Google DeepMind tech- nical blog, 2026. URLhttps://deepmind.google/ blog/gemini-robotics-er-1-6/ . Google Deep- Mind technical blog, accessed May 13, 2026

2026
[33]

Man- iSkill2: A unified benchmark for generalizable ma- nipulation skills, 2023

Jiayuan Gu, Fanbo Xiang, Xuanlin Li, Zhan Ling, Xiqiang Liu, Tongzhou Mu, Yihe Tang, Stone Tao, Xinyue Wei, Yunchao Yao, Xiaodi Yuan, Pengwei Xie, Zhiao Huang, Rui Chen, and Hao Su. Man- iSkill2: A unified benchmark for generalizable ma- nipulation skills, 2023. URLhttps://arxiv.org/ abs/2302.04659

work page arXiv 2023
[34]

A review of safe reinforcement learning: Methods, theories, and applications.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(12): 11216–11235, 2024

Shangding Gu, Long Yang, Yali Du, Guang Chen, Florian Walter, Jun Wang, and Alois Knoll. A review of safe reinforcement learning: Methods, theories, and applications.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(12): 11216–11235, 2024. doi: 10.1109/TPAMI.2024. 3457538

work page doi:10.1109/tpami.2024 2024
[35]

Weinberger

Chuan Guo, Geoff Pleiss, Yu Sun, and Kilian Q. Weinberger. On calibration of modern neural net- works.Proceedings of the 34th International Confer- ence on Machine Learning, pages 1321–1330, 2017

2017
[36]

VLAW: Iterative co-improvement of vision-language-action policy and world model, 2026

Yanjiang Guo, Tony Lee, Lucy Xiaoyang Shi, Jianyu Chen, Percy Liang, and Chelsea Finn. VLAW: Iterative co-improvement of vision-language-action policy and world model, 2026. URL https : / / arxiv.org/abs/2602.12063

work page arXiv 2026
[37]

World models, 2018

David Ha and Jürgen Schmidhuber. World models, 2018

2018
[38]

Learning latent dynamics for planning from pixels, 2019

Danijar Hafner, Timothy Lillicrap, Ian Fischer, Ruben Villegas, David Ha, Honglak Lee, and James Davidson. Learning latent dynamics for planning from pixels, 2019

2019
[39]

Dream to control: Learning behaviors by latent imagination

Danijar Hafner, Timothy Lillicrap, Jimmy Ba, and Mohammad Norouzi. Dream to control: Learning behaviors by latent imagination. InInternational Conference on Learning Representations, 2020

2020
[40]

Mastering Diverse Domains through World Models

Danijar Hafner, Jurgis Pasukonis, Jimmy Ba, and Timothy Lillicrap. Mastering diverse do- mains through world models.arXiv preprint arXiv:2301.04104, 2023. URL https : / / arxiv . org/abs/2301.04104. 18 Silent Failures in Physical AI Barak Or, Ph.D

work page internal anchor Pith review Pith/arXiv arXiv 2023
[41]

Bench- marking neural network robustness to common cor- ruptions and perturbations

Dan Hendrycks and Thomas Dietterich. Bench- marking neural network robustness to common cor- ruptions and perturbations. InInternational Con- ference on Learning Representations, 2019

2019
[42]

A baseline for detecting misclassified and out-of-distribution examples in neural networks, 2017

Dan Hendrycks and Kevin Gimpel. A baseline for detecting misclassified and out-of-distribution examples in neural networks, 2017

2017
[43]

Hobbs, Mark L

Kerianne L. Hobbs, Mark L. Mote, Matthew Abate, SamuelCoogan, andEricFeron. Runtimeassurance for safety-critical systems: An introduction to safety filtering approaches for complex control systems. IEEE Control Systems Magazine, 43(2):28–65, 2023. doi: 10.1109/MCS.2023.3234380

work page doi:10.1109/mcs.2023.3234380 2023
[44]

World model for robot learning: A comprehensive survey, 2026

Bohan Hou, Gen Li, Jindou Jia, Tuo An, Xinying Guo, Sicong Leng, Haoran Geng, Yanjie Ze, Tatsuya Harada, Philip Torr, et al. World model for robot learning: A comprehensive survey, 2026

2026
[45]

The safety filter: A unified view of safety-critical control in autonomous systems.Annual Review of Control, Robotics, and Autonomous Systems, 7:47–72, 2024

Kai-ChiehHsu, HaiminHu, andJaimeF.Fisac. The safety filter: A unified view of safety-critical control in autonomous systems.Annual Review of Control, Robotics, and Autonomous Systems, 7:47–72, 2024. doi: 10.1146/annurev-control-071723-102940

work page doi:10.1146/annurev-control-071723-102940 2024
[46]

GAIA-1: A generative world model for autonomous driving, 2023

Anthony Hu, Lloyd Russell, Hudson Yeo, Zak Murez, George Fedoseev, Alex Kendall, Jamie Shot- ton, and Gianluca Corrado. GAIA-1: A generative world model for autonomous driving, 2023

2023
[47]

Planning-oriented au- tonomous driving

Yihan Hu, Jiazhi Yang, Li Chen, Keyu Li, Chong- hao Sima, Xizhou Zhu, Siqi Chai, Senyao Du, Tian- wei Lin, Wenhai Wang, et al. Planning-oriented au- tonomous driving. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recog- nition, pages 17853–17862, 2023

2023
[48]

Voxposer: Com- posable 3d value maps for robotic manipulation with language models, 2023

Wenlong Huang, Chen Wang, Ruohan Zhang, Yun- zhu Li, Jiajun Wu, and Li Fei-Fei. Voxposer: Com- posable 3d value maps for robotic manipulation with language models, 2023

2023
[49]

A survey on vision-language-action models for autonomous driving, 2025

Sicong Jiang, Zilin Huang, Kangan Qian, Ziang Luo, Tianze Zhu, Yang Zhong, Yihong Tang, Menglin Kong, Yunlong Wang, Siwen Jiao, et al. A survey on vision-language-action models for autonomous driving, 2025

2025
[50]

VIMA: General robot manipulation with multimodal prompts, 2022

Yunfan Jiang, Agrim Gupta, Zichen Zhang, Guanzhi Wang, Yongqiang Dou, Yanjun Chen, Li Fei-Fei, Anima Anandkumar, Yuke Zhu, and Linxi Fan. VIMA: General robot manipulation with multimodal prompts, 2022

2022
[51]

WoVR: World Models as Reliable Simulators for Post-Training VLA Policies with RL

Zhennan Jiang, Shangqing Zhou, Yutong Jiang, Zefang Huang, Mingjie Wei, Yuhui Chen, Tianxing Zhou, Zhen Guo, Hao Lin, Quanlu Zhang, Yu Wang, Haoran Li, Chao Yu, and Dongbin Zhao. WoVR: World models as reliable simulators for post-training VLA policies with RL, 2026. URLhttps://arxiv. org/abs/2602.13977

work page internal anchor Pith review Pith/arXiv arXiv 2026
[52]

Poly-Guard: Massive multi- domain safety policy-grounded guardrail dataset

Mintong Kang, Zhaorun Chen, Chejian Xu, Jiawei Zhang, Chengquan Guo, Minzhou Pan, Ivan Revilla, Yu Sun, and Bo Li. Poly-Guard: Massive multi- domain safety policy-grounded guardrail dataset. In Advances in Neural Information Processing Systems, Datasets and Benchmarks Track, 2025. URLhttps: //openreview.net/forum?id=mORzRZaqT4

2025
[53]

Dill, Kyle Ju- lian, and Mykel J

Guy Katz, Clark Barrett, David L. Dill, Kyle Ju- lian, and Mykel J. Kochenderfer. Reluplex: An efficient smt solver for verifying deep neural net- works. InInternational Conference on Computer Aided Verification, pages 97–117. Springer, 2017. doi: 10.1007/978-3-319-63387-9_5

work page doi:10.1007/978-3-319-63387-9_5 2017
[54]

What uncertainties do we need in bayesian deep learning for computer vi- sion? InAdvances in Neural Information Processing Systems, 2017

Alex Kendall and Yarin Gal. What uncertainties do we need in bayesian deep learning for computer vi- sion? InAdvances in Neural Information Processing Systems, 2017

2017
[55]

DROID: A large-scale in-the-wild robot manipula- tion dataset, 2024

Alexander Khazatsky, Karl Pertsch, Suraj Nair, Ashwin Balakrishna, Sudeep Dasari, Siddharth Karamcheti, Soroush Nasiriany, Mohan Kumar Sri- rama, Lawrence Yunliang Chen, Kirsty Ellis, et al. DROID: A large-scale in-the-wild robot manipula- tion dataset, 2024

2024
[56]

Modular safety guardrails are necessary for foundation-model-enabled robots in the real world, 2026

Joonkyung Kim, Wenxi Chen, Davood Soleyman- zadeh, Yi Ding, Xiangbo Gao, Zhengzhong Tu, Ruqi Zhang, Fan Fei, Sushant Veer, Yiwei Lyu, Minghui Zheng, and Yan Gu. Modular safety guardrails are necessary for foundation-model-enabled robots in the real world, 2026. URLhttps://arxiv.org/ abs/2602.04056

work page arXiv 2026
[57]

OpenVLA: An open-source vision-language- action model, 2024

Moo Jin Kim, Karl Pertsch, Siddharth Karamcheti, Ted Xiao, Ashwin Balakrishna, Suraj Nair, Rafael Rafailov, Ethan Foster, Grace Lam, Pannag Sanketi, et al. OpenVLA: An open-source vision-language- action model, 2024

2024
[58]

Design and use paradigms for Gazebo, an open-source multi- robot simulator

Nathan Koenig and Andrew Howard. Design and use paradigms for Gazebo, an open-source multi- robot simulator. In2004 IEEE/RSJ International Conference on Intelligent Robots and Systems, pages 2149–2154, 2004. doi: 10.1109/IROS.2004.1389727

work page doi:10.1109/iros.2004.1389727 2004
[59]

AI2-THOR: An Interactive 3D Environment for Visual AI

Eric Kolve, Roozbeh Mottaghi, Winson Han, Eli VanderBilt, Luca Weihs, Alvaro Herrasti, Matt Deitke, Kiana Ehsani, Daniel Gordon, Yuke Zhu, Aniruddha Kembhavi, Abhinav Gupta, and Ali Farhadi. AI2-THOR: An interactive 3d environ- ment for visual AI, 2017. URL https://arxiv. org/abs/1712.05474

work page internal anchor Pith review Pith/arXiv arXiv 2017
[60]

Correct-by-construction runtime enforcement in AI – a survey, 2022

Bettina Könighofer, Roderick Bloem, Rüdiger Ehlers, and Christian Pek. Correct-by-construction runtime enforcement in AI – a survey, 2022. 19 Silent Failures in Physical AI Barak Or, Ph.D

2022
[61]

Simple and scalable predictive uncertainty estimation using deep ensembles

Balaji Lakshminarayanan, Alexander Pritzel, and Charles Blundell. Simple and scalable predictive uncertainty estimation using deep ensembles. In Advances in Neural Information Processing Systems, 2017

2017
[62]

A path towards autonomous machine intelligence

Yann LeCun. A path towards autonomous machine intelligence. OpenReview manuscript, 2022. URL https : / / openreview . net / forum ? id = BZ5a1r - kVsf

2022
[63]

A simple unified framework for detecting out- of-distribution samples and adversarial attacks

Kimin Lee, Kibok Lee, Honglak Lee, and Jinwoo Shin. A simple unified framework for detecting out- of-distribution samples and adversarial attacks. In Advances in Neural Information Processing Systems, 2018

2018
[64]

A brief account of runtime verification.The Journal of Logic and Algebraic Programming, 78(5):293–303,

Martin Leucker and Christian Schallhart. A brief account of runtime verification.The Journal of Logic and Algebraic Programming, 78(5):293–303,
[65]

doi: 10.1016/j.jlap.2008.08.004

work page doi:10.1016/j.jlap.2008.08.004 2008
[66]

A comprehensive survey on world models for embodied ai, 2025

Xinqing Li, Xin He, Le Zhang, Min Wu, Xiaoli Li, and Yun Liu. A comprehensive survey on world models for embodied ai, 2025

2025
[67]

VideoHallu: Evaluating and mitigating multi-modal hallucinations on syn- thetic video understanding

Zongxia Li, Xiyang Wu, Guangyao Shi, Yubin Qin, Hongyang Du, Tianyi Zhou, Dinesh Manocha, and Jordan Lee Boyd-Graber. VideoHallu: Evaluating and mitigating multi-modal hallucinations on syn- thetic video understanding. InAdvances in Neural Information Processing Systems, 2025. URLhttps: //openreview.net/forum?id=NoC9HT7Kf7

2025
[68]

Shiyu Liang, Yixuan Li, and R. Srikant. Enhancing the reliability of out-of-distribution image detection in neural networks. InInternational Conference on Learning Representations, 2018

2018
[69]

AgentDoG: A Diagnostic Guardrail Framework for AI Agent Safety and Security

Dongrui Liu, Qihan Ren, Chen Qian, Shuai Shao, Yuejin Xie, Yu Li, Zhonghao Yang, Haoyu Luo, Peng Wang, Qingyu Liu, Binxin Hu, Ling Tang, Jilin Mei, Dadi Guo, Leitao Yuan, Junyao Yang, Guanxu Chen, Qihao Lin, Yi Yu, Bo Zhang, Ji- axuan Guo, Jie Zhang, Wenqi Shao, Huiqi Deng, Zhiheng Xi, Wenjie Wang, Wenxuan Wang, Wen Shen, Zhikai Chen, Haoyu Xie, Jialing T...

work page internal anchor Pith review Pith/arXiv arXiv 2026
[70]

Owens, and Yixuan Li

Weitang Liu, Xiaoyun Wang, John D. Owens, and Yixuan Li. Energy-based out-of-distribution detec- tion. InAdvances in Neural Information Processing Systems, volume 33, pages 21464–21475, 2020

2020
[71]

EvoVLA: Self-evolving vision-language-action model, 2025

Zeting Liu, Zida Yang, Zeyu Zhang, and Hao Tang. EvoVLA: Self-evolving vision-language-action model, 2025. URL https://arxiv.org/abs/2511. 16166

2025
[72]

Scaling world model for hierarchical manipulation policies, 2026

Qian Long, Yueze Wang, Jiaxi Song, Junbo Zhang, Peiyan Li, Wenxuan Wang, Yuqi Wang, Haoyang Li, Shaoxuan Xie, Guocai Yao, Hanbo Zhang, Xin- long Wang, Zhongyuan Wang, Xuguang Lan, Huap- ing Liu, and Xinghang Li. Scaling world model for hierarchical manipulation policies, 2026. URL https://arxiv.org/abs/2602.10983

work page arXiv 2026
[73]

IS-Bench: Evaluating interactive safety of vlm- driven embodied agents in daily household tasks

Xiaoya Lu, Zeren Chen, Xuhao Hu, Yijin Zhou, We- ichen Zhang, Dongrui Liu, Lu Sheng, and Jing Shao. IS-Bench: Evaluating interactive safety of vlm- driven embodied agents in daily household tasks. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 40, pages 35680–35688, 2026. doi: 10.1609/aaai.v40i42.40880

work page doi:10.1609/aaai.v40i42.40880 2026
[74]

A survey on vision-language- action models for embodied ai, 2024

Yueen Ma, Zixing Song, Yuzheng Zhuang, Jianye Hao, and Irwin King. A survey on vision-language- action models for embodied ai, 2024

2024
[75]

LeWorldModel: Stable End-to-End Joint-Embedding Predictive Architecture from Pixels

Lucas Maes, Quentin Le Lidec, Damien Scieur, Yann LeCun, and Randall Balestriero. LeWorld- Model: Stable end-to-end joint-embedding predic- tive architecture from pixels, 2026. URL https: //arxiv.org/abs/2603.19312

work page internal anchor Pith review Pith/arXiv arXiv 2026
[76]

Isaac Gym: High Performance GPU-Based Physics Simulation For Robot Learning

Viktor Makoviychuk, Lukasz Wawrzyniak, Yun- rong Guo, Michelle Lu, Kier Storey, Miles Macklin, DavidHoeller, NikitaRudin, ArthurAllshire, Ankur Handa, and Gavriel State. Isaac Gym: High per- formance GPU-based physics simulation for robot learning, 2021. URL https://arxiv.org/abs/ 2108.10470

work page internal anchor Pith review Pith/arXiv arXiv 2021
[77]

Mimicgen: A data generation system for scalable robot learning using human demonstrations, 2023

Ajay Mandlekar, Soroush Nasiriany, Bowen Wen, Iretiayo Akinola, Yashraj Narang, Linxi Fan, Yuke Zhu, and Dieter Fox. Mimicgen: A data generation system for scalable robot learning using human demonstrations, 2023

2023
[78]

A survey on sensor failures in au- tonomous vehicles: Challenges and solutions.Sen- sors, 24(16):5108, 2024

Francisco Matos, Jorge Bernardino, João Durães, and João Cunha. A survey on sensor failures in au- tonomous vehicles: Challenges and solutions.Sen- sors, 24(16):5108, 2024. doi: 10.3390/s24165108

work page doi:10.3390/s24165108 2024
[79]

Isaac Lab: A GPU accelerated sim- ulation framework for multi-modal robot learning

Mayank Mittal, Kelly Guo, Gavriel State, Spencer Huang, et al. Isaac Lab: A GPU accelerated sim- ulation framework for multi-modal robot learning. NVIDIA Research publication, 2025. URLhttps: / / research . nvidia . com / publication / 2025 - 09 _ isaac - lab - gpu - accelerated - simulation - framework - multi - modal - robot - learning . NVIDIA Research...

2025
[80]

Part 573 safety recall report 23v-838: Autopilot 20 Silent Failures in Physical AI Barak Or, Ph.D

National Highway Traffic Safety Administration. Part 573 safety recall report 23v-838: Autopilot 20 Silent Failures in Physical AI Barak Or, Ph.D. controls insufficient to prevent misuse, 2023. URL https : / / static . nhtsa . gov / odi / rcl / 2023 / RCLRPT-23V838-8276.PDF

2023

Showing first 80 references.

[1] [1]

Constrained policy optimization

JoshuaAchiam, DavidHeld, AvivTamar, andPieter Abbeel. Constrained policy optimization. InPro- ceedings of the 34th International Conference on Machine Learning, pages 22–31, 2017

2017

[2] [2]

Do as i can, not as i say: Grounding language in robotic affordances, 2022

Michael Ahn, Anthony Brohan, Noah Brown, Yev- gen Chebotar, Omar Cortes, Byron David, Chelsea Finn, Chuyuan Fu, Keerthana Gopalakrishnan, Karol Hausman, et al. Do as i can, not as i say: Grounding language in robotic affordances, 2022

2022

[3] [3]

Safe reinforcement learning via shielding

Mohammed Alshiekh, Roderick Bloem, Rüdiger Ehlers, BettinaKönighofer, ScottNiekum, andUfuk Topcu. Safe reinforcement learning via shielding. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 32, 2018

2018

[4] [4]

Ames, Samuel Coogan, Magnus Egerst- edt, Gennaro Notomista, Koushil Sreenath, and Paulo Tabuada

Aaron D. Ames, Samuel Coogan, Magnus Egerst- edt, Gennaro Notomista, Koushil Sreenath, and Paulo Tabuada. Control barrier functions: The- ory and applications. In2019 18th European Control Conference, pages 3420–3431, 2019. doi: 10.23919/ECC.2019.8796030

work page doi:10.23919/ecc.2019.8796030 2019

[5] [5]

Con- crete problems in ai safety, 2016

Dario Amodei, Chris Olah, Jacob Steinhardt, Paul Christiano, John Schulman, and Dan Mane. Con- crete problems in ai safety, 2016

2016

[6] [6]

From particles to agents: Hallucination as a metric for cognitive friction in spatial simulation

Javier Argota Sánchez-Vaquerizo and Luis Borunda Monsivais. From particles to agents: Hallucination as a metric for cognitive friction in spatial simulation. InProceedings of Navigating the Disruptive and Wild Landscape of Large Language Models and Agentic AI, AlpCHI 2026 Workshop on Human Cognition, AI, and the Future of HCI, 2026. URLhttps://arxiv.org/a...

work page arXiv 2026

[7] [7]

Recursive belief vision language action mod- els, 2026

Vaidehi Bagaria, Bijo Sebastian, and Nirav Kumar Patel. Recursive belief vision language action mod- els, 2026. URL https://arxiv.org/abs/2602. 20659

2026

[8] [8]

Schoellig, and Andreas Krause

Felix Berkenkamp, Matteo Turchetta, Angela P. Schoellig, and Andreas Krause. Safe model-based reinforcement learning with stability guarantees. In Advances in Neural Information Processing Systems, 2017

2017

[9] [9]

Roboagent: Generalization and efficiency in robot manipulation via semantic augmentations and action chunking, 2023

Homanga Bharadhwaj, Jay Vakil, Mohit Sharma, Abhinav Gupta, Shubham Tulsiani, and Vikash Kumar. Roboagent: Generalization and efficiency in robot manipulation via semantic augmentations and action chunking, 2023

2023

[10] [10]

π0: A vision-language-action flow model for general robot control, 2024

Kevin Black, Noah Brown, Danny Driess, Adnan Esmail, Michael Equi, Chelsea Finn, Niccolo Fusai, Lachy Groom, Karol Hausman, Brian Ichter, et al. π0: A vision-language-action flow model for general robot control, 2024

2024

[11] [11]

Lee, Maria Bauza, Todor Davchev, Yuxiang Zhou, Agrim Gupta, Ash- win Raju, et al

Konstantinos Bousmalis, Giulia Vezzani, Dushyant Rao, Coline Devin, Alex X. Lee, Maria Bauza, Todor Davchev, Yuxiang Zhou, Agrim Gupta, Ash- win Raju, et al. Robocat: A self-improving general- ist agent for robotic manipulation, 2023

2023

[12] [12]

RT-1: Robotics trans- former for real-world control at scale, 2022

Anthony Brohan, Noah Brown, Justice Carbajal, Yevgen Chebotar, Joseph Dabis, Chelsea Finn, Keerthana Gopalakrishnan, Karol Hausman, Alex Herzog, Jasmine Hsu, et al. RT-1: Robotics trans- former for real-world control at scale, 2022

2022

[13] [13]

RT-2: Vision-language-action models transfer web knowledge to robotic control, 2023

Anthony Brohan, Noah Brown, Justice Carbajal, Yevgen Chebotar, Xi Chen, Krzysztof Choromanski, Tianli Ding, Danny Driess, Avinava Dubey, Chelsea Finn, et al. RT-2: Vision-language-action models transfer web knowledge to robotic control, 2023

2023

[14] [14]

Dennis, Ashley Edwards, Jack Parker-Holder, Yuge Shi, Edward Hughes, Matthew Lai, Aditi Mavalankar, Richie Steigerwald, Chris Apps, et al

Jake Bruce, Michael D. Dennis, Ashley Edwards, Jack Parker-Holder, Yuge Shi, Edward Hughes, Matthew Lai, Aditi Mavalankar, Richie Steigerwald, Chris Apps, et al. Genie: Generative interactive environments, 2024

2024

[15] [15]

LeRobot: An open-source library for end-to-end robot learn- ing, 2026

Remi Cadene, Simon Aliberts, Francesco Capuano, Michel Aractingi, Adil Zouitine, Pepijn Kooij- mans, Jade Choghari, Martino Russi, Caroline Pas- cal, Steven Palma, Mustafa Shukor, Jess Moss, Alexander Soare, Dana Aubakirova, Quentin Lhoest, Quentin Gallouédec, and Thomas Wolf. LeRobot: An open-source library for end-to-end robot learn- ing, 2026. URL http...

2026

[16] [16]

DMV statement on Cruise LLC suspension, 2023

California Department of Motor Vehicles. DMV statement on Cruise LLC suspension, 2023. URL https : / / www . dmv . ca . gov / portal / news - and - media / dmv - statement - on - cruise - llc - suspension/

2023

[17] [17]

ABot- PhysWorld: Interactive world foundation model for robotic manipulation with physics alignment, 2026

Yuzhi Chen, Ronghan Chen, Dongjie Huo, Yan- dan Yang, Dekang Qi, Haoyun Liu, Tong Lin, Shuang Zeng, Junjin Xiao, Xinyuan Chang, Feng Xiong, Xing Wei, Zhiheng Ma, and Mu Xu. ABot- PhysWorld: Interactive world foundation model for robotic manipulation with physics alignment, 2026. URLhttps://arxiv.org/abs/2603.23376

work page arXiv 2026

[18] [18]

Diffusion policy: Visuo- motor policy learning via action diffusion, 2023

Cheng Chi, Zhenjia Xu, Siyuan Feng, Eric Cousineau, Yilun Du, Benjamin Burchfiel, Russ Tedrake, and Shuran Song. Diffusion policy: Visuo- motor policy learning via action diffusion, 2023

2023

[19] [19]

CARLA: An Open Urban Driving Simulator

Alexey Dosovitskiy, German Ros, Felipe Codevilla, Antonio Lopez, and Vladlen Koltun. CARLA: An 17 Silent Failures in Physical AI Barak Or, Ph.D. open urban driving simulator, 2017. URLhttps: //arxiv.org/abs/1711.03938

work page internal anchor Pith review Pith/arXiv arXiv 2017

[20] [20]

Danny Driess, Fei Xia, Mehdi S. M. Sajjadi, Corey Lynch, Aakanksha Chowdhery, Brian Ichter, Ayzaan Wahid, Jonathan Tompson, Quan Vuong, Tianhe Yu, et al. PaLM-E: An embodied multi- modal language model, 2023

2023

[21] [21]

Bridge data: Boosting generalization of robotic skills with cross-domain datasets, 2021

Frederik Ebert, Yanlai Yang, Karl Schmeckpeper, Bernadette Bucher, Georgios Georgakis, Kostas Daniilidis, Chelsea Finn, and Sergey Levine. Bridge data: Boosting generalization of robotic skills with cross-domain datasets, 2021

2021

[22] [22]

Fisac, Anayo K

Jaime F. Fisac, Anayo K. Akametalu, Melanie N. Zeilinger, Shahab Kaynama, Jeremy Gillula, and Claire J. Tomlin. Bridging hamilton-jacobi safety analysis and reinforcement learning. In2019 Inter- national Conference on Robotics and Automation, pages 8550–8556, 2019. doi: 10.1109/ICRA.2019. 8794107

work page doi:10.1109/icra.2019 2019

[23] [23]

Zhao, and Chelsea Finn

Zipeng Fu, Tony Z. Zhao, and Chelsea Finn. Mobile ALOHA: Learning bimanual mobile manipulation with low-cost whole-body teleoperation, 2024

2024

[24] [24]

Dropout as a bayesian approximation: Representing model un- certainty in deep learning

Yarin Gal and Zoubin Ghahramani. Dropout as a bayesian approximation: Representing model un- certainty in deep learning. InProceedings of the 33rd International Conference on Machine Learning, pages 1050–1059, 2016

2016

[25] [25]

StyleVLA: Driving style-aware vi- sion language action model for autonomous driving,

Yuan Gao, Dengyuan Hua, Mattia Piccinini, Finn Rasmus Schäfer, Korbinian Moller, Lin Li, and Johannes Betz. StyleVLA: Driving style-aware vi- sion language action model for autonomous driving,

[26] [26]

URLhttps://arxiv.org/abs/2603.09482

work page arXiv

[27] [27]

A com- prehensive survey on safe reinforcement learning

Javier García and Fernando Fernández. A com- prehensive survey on safe reinforcement learning. Journal of Machine Learning Research, 16(1):1437– 1480, 2015. URLhttps://jmlr.org/papers/v16/ garcia15a.html

2015

[28] [28]

Kunal Garg, James Usevitch, Joseph Breeden, Mitchell Black, Devansh Agrawal, Hardik Parwana, and Dimitra Panagou. Advances in the theory of control barrier functions: Addressing practical chal- lenges in safe control synthesis for autonomous and robotic systems.Annual Reviews in Control, 57: 100945, 2024. doi: 10.1016/j.arcontrol.2024.100945

work page doi:10.1016/j.arcontrol.2024.100945 2024

[29] [29]

AI2: Safety and robustness certification of neural networks with abstract interpretation

Timon Gehr, Matthew Mirman, Dana Drachsler- Cohen, Petar Tsankov, Swarat Chaudhuri, and Mar- tin Vechev. AI2: Safety and robustness certification of neural networks with abstract interpretation. In 2018 IEEE Symposium on Security and Privacy, pages 3–18, 2018. doi: 10.1109/SP.2018.00058

work page doi:10.1109/sp.2018.00058 2018

[30] [30]

GM to refocus autonomous driv- ing development on personal vehicles, 2024

General Motors. GM to refocus autonomous driv- ing development on personal vehicles, 2024. URL https : / / news . gm . com / home . detail . html / Pages/news/us/en/2024/dec/1210-gm.html

2024

[31] [31]

Goodfellow, Jonathon Shlens, and Christian Szegedy

Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and harnessing adversarial examples. InInternational Conference on Learning Representations, 2015

2015

[32] [32]

Gemini Robotics-ER 1.6: Powering real-world robotics tasks through en- hanced embodied reasoning

Laura Graesser and Peng Xu. Gemini Robotics-ER 1.6: Powering real-world robotics tasks through en- hanced embodied reasoning. Google DeepMind tech- nical blog, 2026. URLhttps://deepmind.google/ blog/gemini-robotics-er-1-6/ . Google Deep- Mind technical blog, accessed May 13, 2026

2026

[33] [33]

Man- iSkill2: A unified benchmark for generalizable ma- nipulation skills, 2023

Jiayuan Gu, Fanbo Xiang, Xuanlin Li, Zhan Ling, Xiqiang Liu, Tongzhou Mu, Yihe Tang, Stone Tao, Xinyue Wei, Yunchao Yao, Xiaodi Yuan, Pengwei Xie, Zhiao Huang, Rui Chen, and Hao Su. Man- iSkill2: A unified benchmark for generalizable ma- nipulation skills, 2023. URLhttps://arxiv.org/ abs/2302.04659

work page arXiv 2023

[34] [34]

A review of safe reinforcement learning: Methods, theories, and applications.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(12): 11216–11235, 2024

Shangding Gu, Long Yang, Yali Du, Guang Chen, Florian Walter, Jun Wang, and Alois Knoll. A review of safe reinforcement learning: Methods, theories, and applications.IEEE Transactions on Pattern Analysis and Machine Intelligence, 46(12): 11216–11235, 2024. doi: 10.1109/TPAMI.2024. 3457538

work page doi:10.1109/tpami.2024 2024

[35] [35]

Weinberger

Chuan Guo, Geoff Pleiss, Yu Sun, and Kilian Q. Weinberger. On calibration of modern neural net- works.Proceedings of the 34th International Confer- ence on Machine Learning, pages 1321–1330, 2017

2017

[36] [36]

VLAW: Iterative co-improvement of vision-language-action policy and world model, 2026

Yanjiang Guo, Tony Lee, Lucy Xiaoyang Shi, Jianyu Chen, Percy Liang, and Chelsea Finn. VLAW: Iterative co-improvement of vision-language-action policy and world model, 2026. URL https : / / arxiv.org/abs/2602.12063

work page arXiv 2026

[37] [37]

World models, 2018

David Ha and Jürgen Schmidhuber. World models, 2018

2018

[38] [38]

Learning latent dynamics for planning from pixels, 2019

Danijar Hafner, Timothy Lillicrap, Ian Fischer, Ruben Villegas, David Ha, Honglak Lee, and James Davidson. Learning latent dynamics for planning from pixels, 2019

2019

[39] [39]

Dream to control: Learning behaviors by latent imagination

Danijar Hafner, Timothy Lillicrap, Jimmy Ba, and Mohammad Norouzi. Dream to control: Learning behaviors by latent imagination. InInternational Conference on Learning Representations, 2020

2020

[40] [40]

Mastering Diverse Domains through World Models

Danijar Hafner, Jurgis Pasukonis, Jimmy Ba, and Timothy Lillicrap. Mastering diverse do- mains through world models.arXiv preprint arXiv:2301.04104, 2023. URL https : / / arxiv . org/abs/2301.04104. 18 Silent Failures in Physical AI Barak Or, Ph.D

work page internal anchor Pith review Pith/arXiv arXiv 2023

[41] [41]

Bench- marking neural network robustness to common cor- ruptions and perturbations

Dan Hendrycks and Thomas Dietterich. Bench- marking neural network robustness to common cor- ruptions and perturbations. InInternational Con- ference on Learning Representations, 2019

2019

[42] [42]

A baseline for detecting misclassified and out-of-distribution examples in neural networks, 2017

Dan Hendrycks and Kevin Gimpel. A baseline for detecting misclassified and out-of-distribution examples in neural networks, 2017

2017

[43] [43]

Hobbs, Mark L

Kerianne L. Hobbs, Mark L. Mote, Matthew Abate, SamuelCoogan, andEricFeron. Runtimeassurance for safety-critical systems: An introduction to safety filtering approaches for complex control systems. IEEE Control Systems Magazine, 43(2):28–65, 2023. doi: 10.1109/MCS.2023.3234380

work page doi:10.1109/mcs.2023.3234380 2023

[44] [44]

World model for robot learning: A comprehensive survey, 2026

Bohan Hou, Gen Li, Jindou Jia, Tuo An, Xinying Guo, Sicong Leng, Haoran Geng, Yanjie Ze, Tatsuya Harada, Philip Torr, et al. World model for robot learning: A comprehensive survey, 2026

2026

[45] [45]

The safety filter: A unified view of safety-critical control in autonomous systems.Annual Review of Control, Robotics, and Autonomous Systems, 7:47–72, 2024

Kai-ChiehHsu, HaiminHu, andJaimeF.Fisac. The safety filter: A unified view of safety-critical control in autonomous systems.Annual Review of Control, Robotics, and Autonomous Systems, 7:47–72, 2024. doi: 10.1146/annurev-control-071723-102940

work page doi:10.1146/annurev-control-071723-102940 2024

[46] [46]

GAIA-1: A generative world model for autonomous driving, 2023

Anthony Hu, Lloyd Russell, Hudson Yeo, Zak Murez, George Fedoseev, Alex Kendall, Jamie Shot- ton, and Gianluca Corrado. GAIA-1: A generative world model for autonomous driving, 2023

2023

[47] [47]

Planning-oriented au- tonomous driving

Yihan Hu, Jiazhi Yang, Li Chen, Keyu Li, Chong- hao Sima, Xizhou Zhu, Siqi Chai, Senyao Du, Tian- wei Lin, Wenhai Wang, et al. Planning-oriented au- tonomous driving. InProceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recog- nition, pages 17853–17862, 2023

2023

[48] [48]

Voxposer: Com- posable 3d value maps for robotic manipulation with language models, 2023

Wenlong Huang, Chen Wang, Ruohan Zhang, Yun- zhu Li, Jiajun Wu, and Li Fei-Fei. Voxposer: Com- posable 3d value maps for robotic manipulation with language models, 2023

2023

[49] [49]

A survey on vision-language-action models for autonomous driving, 2025

Sicong Jiang, Zilin Huang, Kangan Qian, Ziang Luo, Tianze Zhu, Yang Zhong, Yihong Tang, Menglin Kong, Yunlong Wang, Siwen Jiao, et al. A survey on vision-language-action models for autonomous driving, 2025

2025

[50] [50]

VIMA: General robot manipulation with multimodal prompts, 2022

Yunfan Jiang, Agrim Gupta, Zichen Zhang, Guanzhi Wang, Yongqiang Dou, Yanjun Chen, Li Fei-Fei, Anima Anandkumar, Yuke Zhu, and Linxi Fan. VIMA: General robot manipulation with multimodal prompts, 2022

2022

[51] [51]

WoVR: World Models as Reliable Simulators for Post-Training VLA Policies with RL

Zhennan Jiang, Shangqing Zhou, Yutong Jiang, Zefang Huang, Mingjie Wei, Yuhui Chen, Tianxing Zhou, Zhen Guo, Hao Lin, Quanlu Zhang, Yu Wang, Haoran Li, Chao Yu, and Dongbin Zhao. WoVR: World models as reliable simulators for post-training VLA policies with RL, 2026. URLhttps://arxiv. org/abs/2602.13977

work page internal anchor Pith review Pith/arXiv arXiv 2026

[52] [52]

Poly-Guard: Massive multi- domain safety policy-grounded guardrail dataset

Mintong Kang, Zhaorun Chen, Chejian Xu, Jiawei Zhang, Chengquan Guo, Minzhou Pan, Ivan Revilla, Yu Sun, and Bo Li. Poly-Guard: Massive multi- domain safety policy-grounded guardrail dataset. In Advances in Neural Information Processing Systems, Datasets and Benchmarks Track, 2025. URLhttps: //openreview.net/forum?id=mORzRZaqT4

2025

[53] [53]

Dill, Kyle Ju- lian, and Mykel J

Guy Katz, Clark Barrett, David L. Dill, Kyle Ju- lian, and Mykel J. Kochenderfer. Reluplex: An efficient smt solver for verifying deep neural net- works. InInternational Conference on Computer Aided Verification, pages 97–117. Springer, 2017. doi: 10.1007/978-3-319-63387-9_5

work page doi:10.1007/978-3-319-63387-9_5 2017

[54] [54]

What uncertainties do we need in bayesian deep learning for computer vi- sion? InAdvances in Neural Information Processing Systems, 2017

Alex Kendall and Yarin Gal. What uncertainties do we need in bayesian deep learning for computer vi- sion? InAdvances in Neural Information Processing Systems, 2017

2017

[55] [55]

DROID: A large-scale in-the-wild robot manipula- tion dataset, 2024

Alexander Khazatsky, Karl Pertsch, Suraj Nair, Ashwin Balakrishna, Sudeep Dasari, Siddharth Karamcheti, Soroush Nasiriany, Mohan Kumar Sri- rama, Lawrence Yunliang Chen, Kirsty Ellis, et al. DROID: A large-scale in-the-wild robot manipula- tion dataset, 2024

2024

[56] [56]

Modular safety guardrails are necessary for foundation-model-enabled robots in the real world, 2026

Joonkyung Kim, Wenxi Chen, Davood Soleyman- zadeh, Yi Ding, Xiangbo Gao, Zhengzhong Tu, Ruqi Zhang, Fan Fei, Sushant Veer, Yiwei Lyu, Minghui Zheng, and Yan Gu. Modular safety guardrails are necessary for foundation-model-enabled robots in the real world, 2026. URLhttps://arxiv.org/ abs/2602.04056

work page arXiv 2026

[57] [57]

OpenVLA: An open-source vision-language- action model, 2024

Moo Jin Kim, Karl Pertsch, Siddharth Karamcheti, Ted Xiao, Ashwin Balakrishna, Suraj Nair, Rafael Rafailov, Ethan Foster, Grace Lam, Pannag Sanketi, et al. OpenVLA: An open-source vision-language- action model, 2024

2024

[58] [58]

Design and use paradigms for Gazebo, an open-source multi- robot simulator

Nathan Koenig and Andrew Howard. Design and use paradigms for Gazebo, an open-source multi- robot simulator. In2004 IEEE/RSJ International Conference on Intelligent Robots and Systems, pages 2149–2154, 2004. doi: 10.1109/IROS.2004.1389727

work page doi:10.1109/iros.2004.1389727 2004

[59] [59]

AI2-THOR: An Interactive 3D Environment for Visual AI

Eric Kolve, Roozbeh Mottaghi, Winson Han, Eli VanderBilt, Luca Weihs, Alvaro Herrasti, Matt Deitke, Kiana Ehsani, Daniel Gordon, Yuke Zhu, Aniruddha Kembhavi, Abhinav Gupta, and Ali Farhadi. AI2-THOR: An interactive 3d environ- ment for visual AI, 2017. URL https://arxiv. org/abs/1712.05474

work page internal anchor Pith review Pith/arXiv arXiv 2017

[60] [60]

Correct-by-construction runtime enforcement in AI – a survey, 2022

Bettina Könighofer, Roderick Bloem, Rüdiger Ehlers, and Christian Pek. Correct-by-construction runtime enforcement in AI – a survey, 2022. 19 Silent Failures in Physical AI Barak Or, Ph.D

2022

[61] [61]

Simple and scalable predictive uncertainty estimation using deep ensembles

Balaji Lakshminarayanan, Alexander Pritzel, and Charles Blundell. Simple and scalable predictive uncertainty estimation using deep ensembles. In Advances in Neural Information Processing Systems, 2017

2017

[62] [62]

A path towards autonomous machine intelligence

Yann LeCun. A path towards autonomous machine intelligence. OpenReview manuscript, 2022. URL https : / / openreview . net / forum ? id = BZ5a1r - kVsf

2022

[63] [63]

A simple unified framework for detecting out- of-distribution samples and adversarial attacks

Kimin Lee, Kibok Lee, Honglak Lee, and Jinwoo Shin. A simple unified framework for detecting out- of-distribution samples and adversarial attacks. In Advances in Neural Information Processing Systems, 2018

2018

[64] [64]

A brief account of runtime verification.The Journal of Logic and Algebraic Programming, 78(5):293–303,

Martin Leucker and Christian Schallhart. A brief account of runtime verification.The Journal of Logic and Algebraic Programming, 78(5):293–303,

[65] [65]

doi: 10.1016/j.jlap.2008.08.004

work page doi:10.1016/j.jlap.2008.08.004 2008

[66] [66]

A comprehensive survey on world models for embodied ai, 2025

Xinqing Li, Xin He, Le Zhang, Min Wu, Xiaoli Li, and Yun Liu. A comprehensive survey on world models for embodied ai, 2025

2025

[67] [67]

VideoHallu: Evaluating and mitigating multi-modal hallucinations on syn- thetic video understanding

Zongxia Li, Xiyang Wu, Guangyao Shi, Yubin Qin, Hongyang Du, Tianyi Zhou, Dinesh Manocha, and Jordan Lee Boyd-Graber. VideoHallu: Evaluating and mitigating multi-modal hallucinations on syn- thetic video understanding. InAdvances in Neural Information Processing Systems, 2025. URLhttps: //openreview.net/forum?id=NoC9HT7Kf7

2025

[68] [68]

Shiyu Liang, Yixuan Li, and R. Srikant. Enhancing the reliability of out-of-distribution image detection in neural networks. InInternational Conference on Learning Representations, 2018

2018

[69] [69]

AgentDoG: A Diagnostic Guardrail Framework for AI Agent Safety and Security

Dongrui Liu, Qihan Ren, Chen Qian, Shuai Shao, Yuejin Xie, Yu Li, Zhonghao Yang, Haoyu Luo, Peng Wang, Qingyu Liu, Binxin Hu, Ling Tang, Jilin Mei, Dadi Guo, Leitao Yuan, Junyao Yang, Guanxu Chen, Qihao Lin, Yi Yu, Bo Zhang, Ji- axuan Guo, Jie Zhang, Wenqi Shao, Huiqi Deng, Zhiheng Xi, Wenjie Wang, Wenxuan Wang, Wen Shen, Zhikai Chen, Haoyu Xie, Jialing T...

work page internal anchor Pith review Pith/arXiv arXiv 2026

[70] [70]

Owens, and Yixuan Li

Weitang Liu, Xiaoyun Wang, John D. Owens, and Yixuan Li. Energy-based out-of-distribution detec- tion. InAdvances in Neural Information Processing Systems, volume 33, pages 21464–21475, 2020

2020

[71] [71]

EvoVLA: Self-evolving vision-language-action model, 2025

Zeting Liu, Zida Yang, Zeyu Zhang, and Hao Tang. EvoVLA: Self-evolving vision-language-action model, 2025. URL https://arxiv.org/abs/2511. 16166

2025

[72] [72]

Scaling world model for hierarchical manipulation policies, 2026

Qian Long, Yueze Wang, Jiaxi Song, Junbo Zhang, Peiyan Li, Wenxuan Wang, Yuqi Wang, Haoyang Li, Shaoxuan Xie, Guocai Yao, Hanbo Zhang, Xin- long Wang, Zhongyuan Wang, Xuguang Lan, Huap- ing Liu, and Xinghang Li. Scaling world model for hierarchical manipulation policies, 2026. URL https://arxiv.org/abs/2602.10983

work page arXiv 2026

[73] [73]

IS-Bench: Evaluating interactive safety of vlm- driven embodied agents in daily household tasks

Xiaoya Lu, Zeren Chen, Xuhao Hu, Yijin Zhou, We- ichen Zhang, Dongrui Liu, Lu Sheng, and Jing Shao. IS-Bench: Evaluating interactive safety of vlm- driven embodied agents in daily household tasks. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 40, pages 35680–35688, 2026. doi: 10.1609/aaai.v40i42.40880

work page doi:10.1609/aaai.v40i42.40880 2026

[74] [74]

A survey on vision-language- action models for embodied ai, 2024

Yueen Ma, Zixing Song, Yuzheng Zhuang, Jianye Hao, and Irwin King. A survey on vision-language- action models for embodied ai, 2024

2024

[75] [75]

LeWorldModel: Stable End-to-End Joint-Embedding Predictive Architecture from Pixels

Lucas Maes, Quentin Le Lidec, Damien Scieur, Yann LeCun, and Randall Balestriero. LeWorld- Model: Stable end-to-end joint-embedding predic- tive architecture from pixels, 2026. URL https: //arxiv.org/abs/2603.19312

work page internal anchor Pith review Pith/arXiv arXiv 2026

[76] [76]

Isaac Gym: High Performance GPU-Based Physics Simulation For Robot Learning

Viktor Makoviychuk, Lukasz Wawrzyniak, Yun- rong Guo, Michelle Lu, Kier Storey, Miles Macklin, DavidHoeller, NikitaRudin, ArthurAllshire, Ankur Handa, and Gavriel State. Isaac Gym: High per- formance GPU-based physics simulation for robot learning, 2021. URL https://arxiv.org/abs/ 2108.10470

work page internal anchor Pith review Pith/arXiv arXiv 2021

[77] [77]

Mimicgen: A data generation system for scalable robot learning using human demonstrations, 2023

Ajay Mandlekar, Soroush Nasiriany, Bowen Wen, Iretiayo Akinola, Yashraj Narang, Linxi Fan, Yuke Zhu, and Dieter Fox. Mimicgen: A data generation system for scalable robot learning using human demonstrations, 2023

2023

[78] [78]

A survey on sensor failures in au- tonomous vehicles: Challenges and solutions.Sen- sors, 24(16):5108, 2024

Francisco Matos, Jorge Bernardino, João Durães, and João Cunha. A survey on sensor failures in au- tonomous vehicles: Challenges and solutions.Sen- sors, 24(16):5108, 2024. doi: 10.3390/s24165108

work page doi:10.3390/s24165108 2024

[79] [79]

Isaac Lab: A GPU accelerated sim- ulation framework for multi-modal robot learning

Mayank Mittal, Kelly Guo, Gavriel State, Spencer Huang, et al. Isaac Lab: A GPU accelerated sim- ulation framework for multi-modal robot learning. NVIDIA Research publication, 2025. URLhttps: / / research . nvidia . com / publication / 2025 - 09 _ isaac - lab - gpu - accelerated - simulation - framework - multi - modal - robot - learning . NVIDIA Research...

2025

[80] [80]

Part 573 safety recall report 23v-838: Autopilot 20 Silent Failures in Physical AI Barak Or, Ph.D

National Highway Traffic Safety Administration. Part 573 safety recall report 23v-838: Autopilot 20 Silent Failures in Physical AI Barak Or, Ph.D. controls insufficient to prevent misuse, 2023. URL https : / / static . nhtsa . gov / odi / rcl / 2023 / RCLRPT-23V838-8276.PDF

2023