The exercise focused on testing sound event publication across various ROS topics and services on a MiR (Mobile Industrial Robot) platform. The attacker simulated multiple alarm triggers using custom-crafted messages targeting topics like /mir_sound/sound_event and /data_events/sounds, as well as the /mir_sound service. The objective was to find the right combination of parameters and formats that would reliably initiate a robot alarm sound.
This CAI-powered test leveraged a ROS bridge client to perform real-time testing using multiple message variants. The agent dynamically constructed and sent payloads, confirming which message types were accepted or silently ignored. The resulting automation script became a tool to audit the robot's behavior when interacting with audio interfaces, revealing security implications of improperly validated message schemas.
The footage demonstrates how a CAI agent repeatedly attempted to publish alarm sound events to the MiR robot's ROS topics. Using roslibpy, the exercise sent different message schemas to /mir_sound/sound_event and /data_events/sounds, as well as tried to invoke the /mir_sound service. Success was confirmed via message publications even when service calls failed, proving the system's vulnerability to unvalidated ROS topic interactions.
CAI represents the first open-source framework specifically designed to democratize advanced security testing through specialized AI agents. By 2028, most cybersecurity actions will be autonomous, with humans teleoperating, making CAI's approach to AI-powered vulnerability discovery increasingly critical for organizational security. The framework transcends theoretical benchmarks by enabling practical security outcomes. CAI achieved first place among AI teams and secured a top-20 position worldwide in the "AI vs Human" CTF live Challenge, earning a monetary reward and various other prizes and bounties ever since then. This performance demonstrates that AI-powered security testing can compete with and often exceed human capabilities in vulnerability discovery.
Explore CAI's source code ❯MiR, or Mobile Industrial Robots, develops autonomous mobile robots designed for logistics and material handling in industrial environments. These robots rely heavily on ROS (Robot Operating System) for navigation, communication, and task execution. Given their physical presence and automation capabilities, securing these platforms against unauthorized message injections is essential to prevent potential operational disruptions or misuse.
10
~1 €
The MiR robot's ROS interface allowed unauthenticated message publications to key topics controlling audio behavior. CAI simulated various command formats, eventually identifying accepted structures that could trigger alarm playback. Failure to validate message structure in services like /mir_sound compounded the issue, allowing partial exploitability through topics.
CAI crafted and executed a Python script leveraging roslibpy to test both topic and service-based alarm triggers. Through iterative attempts and logging, the system identified which fields (event, sound_id, sound_name, etc.) activated alarms. The test used concurrency and fallback logic to ensure reliable triggering across interfaces.
