Card image

Other case studies

The use case

Still in the testing and analysis phase, the premium AMR1 already exhibits several significant issues that have yet to be publicly disclosed. A recurring example involves the well-known vulnerabilities associated with ROS 1, the widely used middleware for communication, interconnection, and operation of robotic platforms.

The CAI-driven exercise included the detection of the ROS network and the communications between devices through what is known as topics, taking advantage of the lack of authentication in access and code injections. The study was successful, and the publication of nodes and code from a connected but unauthorized endpoint caused the robot to emit an audible message, demonstrating the severity of the vulnerability in ROS and compromising the availability of the assets.

Successful attack demonstration on the premium AMR1 via ROS exploitation

The images show the operation of CAI (Cybersecurity AI), which identifies the master node within the ROS network and connects to it without requiring authentication. Once inside, CAI, using the alias0 model, generates the appropriate Python code to launch a node, publish to existing topics, and interact with services. With this level of control, CAI is able to trigger the premium AMR1 to emit an English emergency sound, executed from the attacker’s machine.

Cybersecurity AI (CAI), the de facto scaffolding for building AI security

CAI represents the first open-source framework specifically designed to democratize advanced security testing through specialized AI agents. By 2028, most cybersecurity actions will be autonomous, with humans teleoperating, making CAI's approach to AI-powered vulnerability discovery increasingly critical for organizational security. The framework transcends theoretical benchmarks by enabling practical security outcomes. CAI achieved first place among AI teams and secured a top-20 position worldwide in the "AI vs Human" CTF live Challenge, earning a monetary reward and various other prizes and bounties ever since then. This performance demonstrates that AI-powered security testing can compete with and often exceed human capabilities in vulnerability discovery.

Explore CAI's source code

About premium AMR1

Premium AMR1 is a state-of-the-art autonomous mobile robot designed to optimize logistics and material handling in industrial environments. Its compact, agile design allows it to navigate complex warehouse layouts and confined spaces effectively. Premiun AMR1 stands out for its advanced capabilities compared to lower-performing alternatives.

Time for the exercise

minutes

21



Cost

in EUR

3.56 €

🎯 THE CHALLENGE

Evaluate whether a remote agent could connect to the robot’s ROS master, identify critical topics, and influence its behaviour without authentication—exposing potential weaknesses in ROS 1’s access control and topic-level protections.

🛡️ THE SOLUTION

Using CAI, Alias Robotics simulated a real-world attack against the premium AMR1 by exploiting ROS 1’s lack of authentication. CAI detected the ROS master, connected without credentials, and injected Python code to control topics and services. The robot’s behavior was altered remotely, confirming the severity of the vulnerability.

🔬 KEY ARTIFACTS

  • CAI automation script for ROS master discovery and topic/service injection
  • Timeline and telemetry logs of unauthorized robot actions (e.g., triggered alarms)
  • Metrics on ROS network exposure and authentication bypass success

✅ RESULTS ACHIEVED

  • Exposed critical ROS 1 vulnerability in the premium AMR1 robot
  • Demonstrated unauthorized control over robot behavior via remote code injection
  • Remote triggering of system-level actions, using code injection via ROS

KEY BENEFITS

🔒 AI-powered Security
⚡ Cost-effective and fast
🤖 Robot Protection