Card image

Other case studies

The use case

Still in the testing and analysis phase, the Premium AMR1 already exhibits several significant issues that have yet to be publicly disclosed. A recurring example involves the well-known vulnerabilities associated with ROS 1, the widely used middleware for communication, interconnection, and operation of robotic platforms.

The CAI-driven exercise included la detección de la red ROS y las comunicaciones entre dispositivos por medio de lo que se conoce por topics, dentro de ella gracias a la falta de autenticación en los accesos e inyecciones de código. El estudio ha sido exitoso y la publicación de nodos y código desde un ednpoint conectado pero ilegítno, consigue que el robot emita un mensaje sonoro, demostrando la gravedad de la falla en ROS y comprometiendo la disponibilidad de los activos.

Successful attack demonstration on the Premium AMR1 via ROS exploitation

The images show the operation of CAI (Cybersecurity AI), which identifies the master node within the ROS network and connects to it without requiring authentication. Once inside, CAI, using the alias0 model, generates the appropriate Python code to launch a node, publish to existing topics, and interact with services. With this level of control, CAI is able to trigger the AMR1 to emit an English emergency sound, executed from the attacker’s machine.

Cybersecurity AI (CAI), the de facto scaffolding for building AI security

CAI represents the first open-source framework specifically designed to democratize advanced security testing through specialized AI agents. By 2028, most cybersecurity actions will be autonomous, with humans teleoperating, making CAI's approach to AI-powered vulnerability discovery increasingly critical for organizational security. The framework transcends theoretical benchmarks by enabling practical security outcomes. CAI achieved first place among AI teams and secured a top-20 position worldwide in the "AI vs Human" CTF live Challenge, earning a monetary reward and various other prizes and bounties ever since then. This performance demonstrates that AI-powered security testing can compete with and often exceed human capabilities in vulnerability discovery.

Explore CAI's source code

About Premium AMR1

Premium AMR1 is a state-of-the-art autonomous mobile robot designed to optimize logistics and material handling in industrial environments. Its compact, agile design allows it to navigate complex warehouse layouts and confined spaces effectively. PREMIUM AMR1 stands out for its advanced capabilities compared to lower-performing alternatives.

Time for the exercise

minutes

21



Cost

in EUR

3.56 €

🎯 THE CHALLENGE

ROS 1's lack of authentication allowed unauthorized access to AMR1’s robotic functions. During testing, Alias Robotics used CAI to detect the ROS master node, connect without credentials, and inject code that disrupted normal operations. This demonstrated how unprotected ROS deployments can be exploited to compromise robot availability and safety.

🛡️ THE SOLUTION

Using CAI, Alias Robotics simulated a real-world attack against the AMR1 by exploiting ROS 1’s lack of authentication. CAI detected the ROS master, connected without credentials, and injected Python code to control topics and services. The robot’s behavior was altered remotely, confirming the severity of the vulnerability.

🔬 KEY ARTIFACTS

  • CAI automation script for ROS master discovery and topic/service injection
  • Timeline and telemetry logs of unauthorized robot actions (e.g., triggered alarms)
  • Metrics on ROS network exposure and authentication bypass success

✅ RESULTS ACHIEVED

  • Exposed critical ROS 1 vulnerability in the AMR1 robot
  • Demonstrated unauthorized control over robot behavior via remote code injection
  • Remote triggering of system-level actions, using code injection via ROS

KEY BENEFITS

🔒 AI-powered Security
⚡ Cost-effective and fast
🤖 Robot Protection