Nation-State Threats Escalate Humanoid Robot Cyber Risks

One compromised humanoid robot can become a stealth asset of the nation-state, capable of surveillance, sabotage, and lateral cyber operations, without ever knowing its owner. That is no longer a theoretical warning but an empirically demonstrated reality in today’s robotics sector.

1. Nation-State Espionage Campaigns Targeting Robotics

Over the past year, analysts have documented a surge in cyberespionage operations aimed at robotics manufacturers and their supply chains. Joseph Rooke, director of risk insights at Recorded Future’s Insikt Group, said, “Nations are clearly watching this space. Just look at China’s latest 15th Five-Year Plan. It specifically calls out ‘embodied AI’ as a sector it wants to lead in.” Suspected state-linked actors have, since late 2024, unleashed familiar intrusion tools such as Dark Crystal RAT, AsyncRAT, XWorm, PrivateLoader, and Havoc against robotics firms for generally stealing sensitive IP. Many of these campaigns appear to mimic tactics that have been used in semiconductor and advanced electronics targeting, indicating an intentional pivot toward automation technologies.

2. Robotics Supply Chain Vulnerabilities

Nation-state actors take advantage of the globalized nature of robotics supply chains to insert themselves upstream, reach downstream targets at scale. As discussed in several recent analyses of supply chain threats,open-source dependencies, malicious updates, and hardware tampering have all been used in recent high-profile breaches, including the 3CX double supply chain breach and SolarWinds compromise. In robotics, this risk is heightened by dependence on third-party components sensors, actuators, middleware—internationally sourced, often from jurisdictions with competing geopolitical interests

3. Case Study: Unitree Humanoid Exploitation

Security evaluations of Unitree’s G1 humanoid disclose a critical Bluetooth Low Energy provisioning vulnerability that allows the attacker to perform a root-level takeover using hardcoded AES keys shared fleet-wide. Attackers within BLE range can inject arbitrary shell commands disguised as Wi-Fi credentials, creating a wormable botnet across nearby units. Researchers have shown that such robots could exfiltrate multimodal telemetry-audio, video, spatial maps, actuator states-at 1.03 Mbps to servers in China every 300 seconds, implicating GDPR Articles 6 and 13. The same platform’s Cybersecurity AI agent was able to pivot from reconnaissance to offensive operations against cloud control infrastructure.

4. Real-Time Control vs. Cybersecurity

Humanoid robots operate with control loops often under one millisecond to avoid instability, falls, or collisions. As Víctor Mayoral-Vilches put it, “In an IT system, if a package arrives 100 milliseconds late, then you have a delay… In a robotic system, all those things can happen.” Strong cryptographic protections-authentication, encryption-introduce latency that degrades control performance, forcing vendors into trade-offs where speed takes precedence over security. This inherent conflict leaves many platforms relying on minimal access controls rather than robust end-to-end protection.

5. Secure Robot Operating Systems and Middleware Risks

Other initiatives, like Secure ROS, seek to harden this highly extended Robot Operating System with access control and encrypted transport. However, as Mayoral?Vilches admitted, “SROS actually builds upon technologies which are, on their own, flawed.” Communications in ROS 2 are done over DDS, which itself supports authentication, confidentiality, and integrity. By default, though, those features are deactivated, and few users force strict mode. Without appropriate configuration, robots remain vulnerable to spoofing, tampering, and unauthorized node participation.

6. Intrusion Prevention at the Robotic Layer

Specialized systems like the Robotic Intrusion Prevention System provide an extension to classic network IDS/IPS by monitoring interactions between ROS 2 nodes and message content, executing mitigations based on rule sets like disabling actuators considered dangerous or restricting movements. The RIPS makes use of operational modes as a means of enforcing safety upon the detection of anomalies-developing a solution toward the cyber-physical nature of threats where malicious code may directly mean hazardous motion.

7. Geopolitical Risks of Chinese Robotics Imports

China’s industrial policy has launched it to install 300,000 robots in 2024 alone, more than the rest of the world combined. Companies such as Unitree, with links to the People’s Liberation Army, are broadening into humanoid designs at low cost. US national security reviews caution that growing imports of such platforms could embed exploitable backdoors into the automation of the defense-industrial base, for espionage or sabotage. Reports of intentional vulnerabilities in Unitree products match broader patterns of Chinese technology being used for intelligence operations.

8. Attack Complexity: Cross-Domain

Advanced adversaries often conduct a sequence of different attack stages across identity, network, cloud, and hardware domains, bypassing detection by each specific siloed tool. In the Marks & Spencer breach, attackers used social engineering to reset credentials, exfiltrated Active Directory password hashes, deployed ransomware in virtualized cloud infrastructure, and compromised email accounts-all before detection. Robotics environments, with their mix of embedded controllers, cloud services, and human-machine interfaces, have equally diverse attack surfaces, each needing correlated cross-domain visibility. The intersection of nation-state interest, exploitable supply chains, and unresolved engineering trade-offs in humanoid robotics creates a high-stakes security environment. Without integrated defenses, from hardened middleware to supply chain validation and adaptive intrusion prevention, these machines risk becoming assets for adversaries rather than tools for progress.