Dear Sentinels

Today, we’re talking about dogs, but not the sort that chews your slippers or chases after the postman. No, these are robot dogs, and they’re strutting their stuff across warehouses, building sites, and university campuses, their metal legs clicking away like they’re auditioning for Britain’s Got Talent. Underneath all that shiny plastic and clever engineering, though, lurks something rather less adorable: a vast attack surface, riddled with security holes, default passwords that never get changed, and network behaviour that would make even the most trusting soul a tad suspicious. Some of the most popular robot dog platforms, especially those from Chinese manufacturers with, shall we say, interesting connections, have been caught sending data back to servers overseas, everything from telemetry to video footage, all with about as much transparency as a foggy morning in Southampton. Before you let one of these four-legged wonders loose in your building, you might want to ask yourself: who else is peeking through its camera lenses?

But before we dive headlong into the world of robot canines, let’s take our customary wander around the web, cup of tea in hand.

WeAreDevelopers World Congress comes to San José, CA — September 23–25, 2026. 10,000+ developers, 500+ speakers, and the full software development lifecycle under one roof, in the heart of Silicon Valley.

Kelsey Hightower. Thomas Dohmke (fmr. CEO, GitHub). Christine Yen (CEO, Honeycomb). Mathias Biilmann (CEO, Netlify). Olivier Pomel (CEO, Datadog). The people actually building the tools you use every day — all on one stage.

AI, cloud, DevOps, security, architecture, and everything real builders ship with. Workshops, masterclasses, and the official congress party.

Tickets from $599. Use code GITPUSH26 for 10% off.

Secure Your Pass

Samsung workers approve bonus deal after big AI profits

Spotify and Universal Music Group Announce Landmark Licensing Agreements for Fan-Made Covers and Remixes

DeepSeek made its 75% discount permanent. The AI price war just escalated.

Protect Your Network With Ragnar

AI progress creates more work for humans, not less

Everything Electric WEST — Cheltenham Racecourse, 12th-13th June

Sam Altman Says AI ‘Jobs Apocalypse’ He Once Predicted Probably Won’t Happen.

Measuring LLMs’ ability to develop exploits

Security is having a bit of a makeover these days. We’re moving from the old days of static cameras and fences to a world where robot dogs are patrolling the perimeter. Gone are the days when a fixed camera and a bit of barbed wire would do the trick. Now, the arrival of these mobile 'sentinels' adds a whole new psychological twist, nothing says 'we’re watching you' quite like a robot dog strutting about. In flats and office blocks, the sight of a mechanical mutt on patrol gives the impression that someone is always watching, even if the reality is a bit more complicated (and occasionally, a bit more glitchy). We’re already seeing this in places like the GE Lofts in Atlanta, where residents, fed up with break-ins, have swapped out their gates for robots. And it’s not just the local car park, these machines are being tested everywhere from university campuses to military bases, sniffing out everything from dodgy parcels to the odd misplaced sandwich.

There’s a real tug-of-war going on between the dream of fully autonomous robot dogs and the reality that most of them still need a human at the controls. The marketing folk love to bang on about artificial intelligence, but in practice, most companies are sticking with a 'managed presence', think robot dog as remote-controlled puppet, with a human operator sitting in a call centre somewhere far away. This setup is supposed to give you the best of both worlds: the intimidating look of a robot on patrol, but with a real person making sure it doesn’t chase after the neighbour’s cat. Of course, this can lead to some awkward moments. There have been reports of residents being told off by a robot dog, only to realise the voice is coming from an operator in India. It’s a bit of a leap from the sci-fi dream of AI security to the reality of international call centre policing, and not always a graceful one.

Of course, all the fancy tech in the world won’t help if your robot dog can’t handle a bit of British weather or, for that matter, a stray chicken. The current crop of quadrupeds have some rather glaring physical flaws. For starters, the LIDAR sensors are often stuck on the head, leaving a whopping great blind spot behind. When the robots try to dodge pedestrians, they tend to overdo it and end up bumping into things, or worse, into a resident or a small child. And despite looking like they could survive a nuclear winter, these machines are surprisingly delicate. A bit of dust, some pine bedding, or a sprinkle of tree pollen, and suddenly you’re spending your weekends cleaning out robot joints instead of enjoying a nice walk. Until someone toughens them up, these robot dogs are more show pony than sheepdog.

If you thought the hardware was a bit flimsy, wait until you see the software. The GoTo series, for example, is a cybersecurity analyst’s worst nightmare, the attack surface is so big you could drive a bus through it. Security is, frankly, laughable. You don’t even need to touch the robot to break in; just tack a curl command onto the end of the Wi-Fi password and you’re in, thanks to some truly shoddy Bluetooth security. Once inside, you can stream audio and video, or just shut the whole thing down for a laugh. If you’re feeling fancy, you can use Software Defined Radio or even a bog-standard Android phone to send a signal that makes the robot collapse in a heap.

And if that wasn’t enough to keep you up at night, there’s the small matter of national security. Some of these robot dogs come with encrypted backdoors built in, just waiting for a call from home. Clever packet analysis has shown that the robots check if they’re being watched in a sandbox, then ping Chinese servers, the usual suspects like Alibaba, Baidu, and Tencent, before starting a secret chat. It’s a bit like your dog checking if you’re looking before it nicks your sandwich. This puts agencies in a real bind: update the firmware, and you might lose the ability to spot these hidden tunnels, but leave it alone, and any hacker with a laptop can have a go. Not exactly a win-win.

Splashing out on these high-tech sentinels also raises some awkward questions about where crime actually goes. Sure, a robot dog might scare off would-be thieves in a posh gated community, but there’s plenty of evidence that all it really does is send the problem down the road. It’s a bit like the rules about not moving nuisance animals, you can’t just dump your raccoon in the neighbour’s garden and call it a day. Yet, with surveillance tech, we seem happy to let the problems wander off to someone else’s patch. And with rental prices for these robots hitting around $3,000 a month, you do have to wonder if the money might be better spent on something a bit more useful, like housing or community support.

In the end, the future of robot security dogs is a bit of a muddle. The hardware might look impressive, but the security issues are enough to make anyone think twice. Until someone sorts out the backdoors and makes these things a bit less easy to knock over (literally and figuratively), they’re more experimental toy than trusty guard dog. Right now, it’s a classic Catch-22: patch the firmware and you might lose the tools you need to spot sneaky malware, but leave it alone and you’re wide open to local hackers. Until we get proper, safe autonomy and close up these loopholes, the robot sentinel is more shadow than substance, a flashy deterrent that still needs a lot of human babysitting.

The document introduces JailWAM, the first dedicated framework for evaluating jailbreak vulnerabilities in World Action Models by quantifying physical safety hazards through a systematic three-level classification system. This research fills a critical security gap by demonstrating how adversarial prompts can bypass safety guardrails to induce dangerous physical movements in robotic systems.

World Action Models integrate pre-trained generative backbones with real-world dynamics to enable complex physical manipulation capabilities in various environments. However, these models may inherit security vulnerabilities from underlying generative models, making them susceptible to jailbreak attacks that can bypass safety alignment. While existing jailbreak research has focused on digital anomalies like text or video, World Action Models pose a new paradigm shift toward tangible real-world risks. If safety is ignored, these models can directly threaten personal safety, property security, and environmental safety through dangerous physical operations. Evaluating these vulnerabilities remains a challenge due to a lack of hierarchical safety definitions and heterogeneous action spaces. Consequently, verifying physically harmful behaviours often requires costly closed-loop simulations that incur substantial computational and human overhead.

The JailWAM framework employs a Dual-Path Verification Strategy to efficiently identify and validate physically hazardous behaviours in robotic controllers. In the first stage, the framework uses open-loop visual screening to rapidly prune benign instructions by mapping predicted actions into standardised visual trajectory charts. These trajectories are then analysed by a lightweight Risk Discriminator that predicts safety levels to isolate high-risk candidates for further review. High-risk instructions are subsequently escalated to a closed-loop simulator for definitive validation of destructive behaviours like collisions or erratic swinging. Additionally, the researchers constructed JailWAM-Bench as a standardised benchmark for evaluating the safety alignment performance of different embodied intelligence architectures. The framework also serves as a plug-and-play inference-time filter to provide an actionable defence mechanism for robotic systems.

The study concludes that state-of-the-art World Action Models are highly susceptible to physically malicious instructions, achieving an attack success rate of 84.2% on certain models. This susceptibility highlights an urgent necessity for implementing physics-aware safety alignment strategies during the development of future embodied foundation models. While the framework effectively exposes vulnerabilities, defence mechanisms must be integrated to ensure the creation of safe and reliable robot control systems. Overall, JailWAM establishes a concrete pathway for identifying and mitigating the physical risks inherent in next-generation robotic manipulation.

The report can be found here.