{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2024:T43GPEVXZNJ4G7NM75TGDBXNCB","short_pith_number":"pith:T43GPEVX","schema_version":"1.0","canonical_sha256":"9f366792b7cb53c37dacff666186ed106158a851f380b6cd60afa38eb86971aa","source":{"kind":"arxiv","id":"2407.20242","version":5},"attestation_state":"computed","paper":{"title":"BadRobot: Jailbreaking Embodied LLM Agents in the Physical World","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.RO"],"primary_cat":"cs.CY","authors_text":"Aishan Liu, Changgan Yin, Chenyu Zhu, Hangtao Zhang, Leo Yu Zhang, Lulu Xue, Minghui Li, Peijin Guo, Shengshan Hu, Xianlong Wang, Yichen Wang, Ziqi Zhou","submitted_at":"2024-07-16T13:13:16Z","abstract_excerpt":"Embodied AI represents systems where AI is integrated into physical entities. Large Language Model (LLM), which exhibits powerful language understanding abilities, has been extensively employed in embodied AI by facilitating sophisticated task planning. However, a critical safety issue remains overlooked: could these embodied LLMs perpetrate harmful behaviors? In response, we introduce BadRobot, a novel attack paradigm aiming to make embodied LLMs violate safety and ethical constraints through typical voice-based user-system interactions. Specifically, three vulnerabilities are exploited to ac"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2407.20242","kind":"arxiv","version":5},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CY","submitted_at":"2024-07-16T13:13:16Z","cross_cats_sorted":["cs.AI","cs.RO"],"title_canon_sha256":"d83cc39178c88552c205074c2406b2c2c3ea4e5d41e5bc6a930a87916ad59116","abstract_canon_sha256":"43a7fcbc721bea40277258cf388a75cf538ec2550ca9e61874cc104568e32e44"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-10T01:09:12.445370Z","signature_b64":"Yumoqq6JzLuIxbwH6IUtpY7DVa/3rwlm824FuBKwvvXBDf4wvERWVGZ66FK+jSKtsCh/jzTjcyU5Fgb9X5BpAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"9f366792b7cb53c37dacff666186ed106158a851f380b6cd60afa38eb86971aa","last_reissued_at":"2026-06-10T01:09:12.444205Z","signature_status":"signed_v1","first_computed_at":"2026-06-10T01:09:12.444205Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"BadRobot: Jailbreaking Embodied LLM Agents in the Physical World","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.RO"],"primary_cat":"cs.CY","authors_text":"Aishan Liu, Changgan Yin, Chenyu Zhu, Hangtao Zhang, Leo Yu Zhang, Lulu Xue, Minghui Li, Peijin Guo, Shengshan Hu, Xianlong Wang, Yichen Wang, Ziqi Zhou","submitted_at":"2024-07-16T13:13:16Z","abstract_excerpt":"Embodied AI represents systems where AI is integrated into physical entities. Large Language Model (LLM), which exhibits powerful language understanding abilities, has been extensively employed in embodied AI by facilitating sophisticated task planning. However, a critical safety issue remains overlooked: could these embodied LLMs perpetrate harmful behaviors? In response, we introduce BadRobot, a novel attack paradigm aiming to make embodied LLMs violate safety and ethical constraints through typical voice-based user-system interactions. Specifically, three vulnerabilities are exploited to ac"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2407.20242","kind":"arxiv","version":5},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2407.20242/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2407.20242","created_at":"2026-06-10T01:09:12.444390+00:00"},{"alias_kind":"arxiv_version","alias_value":"2407.20242v5","created_at":"2026-06-10T01:09:12.444390+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2407.20242","created_at":"2026-06-10T01:09:12.444390+00:00"},{"alias_kind":"pith_short_12","alias_value":"T43GPEVXZNJ4","created_at":"2026-06-10T01:09:12.444390+00:00"},{"alias_kind":"pith_short_16","alias_value":"T43GPEVXZNJ4G7NM","created_at":"2026-06-10T01:09:12.444390+00:00"},{"alias_kind":"pith_short_8","alias_value":"T43GPEVX","created_at":"2026-06-10T01:09:12.444390+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":10,"internal_anchor_count":10,"sample":[{"citing_arxiv_id":"2512.07765","citing_title":"Toward Seamless Physical Human-Humanoid Interaction: Insights from Control, Intent, and Modeling with a Vision for What Comes Next","ref_index":121,"is_internal_anchor":true},{"citing_arxiv_id":"2605.19328","citing_title":"RoboJailBench: Benchmarking Adversarial Attacks and Defenses in Embodied Robotic Agents","ref_index":29,"is_internal_anchor":true},{"citing_arxiv_id":"2604.09651","citing_title":"FlowHijack: A Dynamics-Aware Backdoor Attack on Flow-Matching Vision-Language-Action Models","ref_index":42,"is_internal_anchor":true},{"citing_arxiv_id":"2604.19790","citing_title":"Hidden Reliability Risks in Large Language Models: Systematic Identification of Precision-Induced Output Disagreements","ref_index":51,"is_internal_anchor":true},{"citing_arxiv_id":"2604.27267","citing_title":"From Prompt to Physical Actuation: Holistic Threat Modeling of LLM-Enabled Robotic Systems","ref_index":21,"is_internal_anchor":true},{"citing_arxiv_id":"2604.23775","citing_title":"Vision-Language-Action Safety: Threats, Challenges, Evaluations, and Mechanisms","ref_index":93,"is_internal_anchor":true},{"citing_arxiv_id":"2605.05340","citing_title":"How Far Are VLMs from Privacy Awareness in the Physical World? An Empirical Study","ref_index":46,"is_internal_anchor":true},{"citing_arxiv_id":"2604.11174","citing_title":"EmbodiedGovBench: A Benchmark for Governance, Recovery, and Upgrade Safety in Embodied Agent Systems","ref_index":46,"is_internal_anchor":true},{"citing_arxiv_id":"2605.05340","citing_title":"How Far Are VLMs from Privacy Awareness in the Physical World? An Empirical Study","ref_index":46,"is_internal_anchor":true},{"citing_arxiv_id":"2604.18463","citing_title":"Using large language models for embodied planning introduces systematic safety risks","ref_index":54,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB","json":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB.json","graph_json":"https://pith.science/api/pith-number/T43GPEVXZNJ4G7NM75TGDBXNCB/graph.json","events_json":"https://pith.science/api/pith-number/T43GPEVXZNJ4G7NM75TGDBXNCB/events.json","paper":"https://pith.science/paper/T43GPEVX"},"agent_actions":{"view_html":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB","download_json":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB.json","view_paper":"https://pith.science/paper/T43GPEVX","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2407.20242&json=true","fetch_graph":"https://pith.science/api/pith-number/T43GPEVXZNJ4G7NM75TGDBXNCB/graph.json","fetch_events":"https://pith.science/api/pith-number/T43GPEVXZNJ4G7NM75TGDBXNCB/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB/action/timestamp_anchor","attest_storage":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB/action/storage_attestation","attest_author":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB/action/author_attestation","sign_citation":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB/action/citation_signature","submit_replication":"https://pith.science/pith/T43GPEVXZNJ4G7NM75TGDBXNCB/action/replication_record"}},"created_at":"2026-06-10T01:09:12.444390+00:00","updated_at":"2026-06-10T01:09:12.444390+00:00"}