Sublight Shipping, a provider of autonomous warehouse solutions, faced a critical security assessment requirement for contract renewal. Their fleet of 500 Autonomous Mobile Robots (AMRs) operating in a major distribution center needed comprehensive evaluation beyond traditional penetration testing capabilities.
The challenge involved analyzing complex systems including robot firmware, fleet management software, and network infrastructure under tight time constraints while proving systemic resilience to secure a 10-year, $50M contract.
To address this complexity, Alias Robotics deployed CAI with Model Context Protocol (MCP) connectors, enabling real-time integration of multiple security tools and data sources into a unified analysis environment. MCP's standardized interfaces allowed CAI to simultaneously access Git repositories, web application scanners, network monitors, telemetry feeds, and cloud configurations, creating a "pseudo-digital twin" of Sublight's entire operational stack. This multi-source correlation capability was essential for identifying systemic vulnerabilities that only emerge when analyzing the complete system as an interconnected whole.
Get CAI
This video shows CAI using MCP connectors to test a Fleet Management System (FMS), critical logistics software controlling vehicle tracking, routing, and operations. CAI connects to the simulated FMS through Chrome DevTools MCP, running automated security tests directly in the browser while simultaneously analyzing log files from the same directory. This multi-source approach allows CAI to cross-reference real-time test results with historical data (route errors, unauthorized access attempts), detecting vulnerabilities with greater accuracy and demonstrating how AI can automate complex security testing for sensitive logistics systems while incorporating contextual intelligence for deeper analysis.
CAI is the leading open-source framework that democratizes advanced security testing through specialized AI agents. With EU backing, CAI is used by thousands of researchers and organizations worldwide. Unlike traditional penetration testing tools, CAI's multi-source analysis capabilities enable the unification of information from firmware, network traffic, cloud configuration, telemetry, and web applications, automatically correlating patterns that only emerge when combining all these layers. This systemic perspective allows organizations to uncover critical weaknesses and map full exploit chains that would remain hidden in siloed assessments.
In the case of Sublight Shipping's fleet of 500 Autonomous Mobile Robots (AMRs), CAI's comprehensive analysis uncovered critical vulnerabilities, such as unauthenticated UDP position broadcasts exploitable via spoofed packets, and a stored XSS in the robot nickname field enabling session hijacking, while also demonstrating their operational impact, including potential route manipulation and privilege escalation. This level of depth and correlation was essential for proving the fleet's resilience and securing a 10-year, $50M contract renewal.
Sublight Shipping develops and operates the "Sublight Swift" fleet of 500 Autonomous Mobile Robots (AMRs) for warehouse logistics. Their technology combines robotic systems with a Fleet Management System (FMS) and human operator interfaces.
Facing a critical contract renewal, Sublight needed to demonstrate comprehensive security across their entire operational stack - from robot firmware and cloud infrastructure to network protocols and web applications - under new procurement policies requiring independent security validation.
~72 h
Traditional security approaches presented significant barriers:
The complexity was amplified by the volume of heterogeneous data (source code, telemetry, network traffic, and configurations) which no traditional approach could analyze in a unified manner nor within the timeframe required for contract renewal.
Sublight engaged Alias Robotics to deploy CAI with MCP connectors, creating a real-time "pseudo-digital twin" of their entire operational stack. CAI integrated seven critical data sources:
This unified integration enabled CAI to automatically correlate patterns across heterogeneous data sources in real-time, uncovering systemic vulnerabilities that remained invisible to traditional siloed testing methodologies.
All findings were consolidated into a single continuous-assessment dashboard accessible to security teams, technical leads, and operations managers.
