BadRobot: Jailbreaking Embodied LLM Agents in the Physical World

The paper introduces BadRobot, a novel attack paradigm designed to exploit vulnerabilities in embodied LLMs to induce harmful behaviors during voice-based interactions. It identifies three critical vulnerabilities: manipulation of LLMs, misalignment between linguistic outputs and physical actions, and flaws in world knowledge. The authors benchmark these attacks against existing frameworks like Voxposer, Code as Policies, and ProgPrompt, highlighting the need for enhanced safety measures in embodied AI systems.