Robot Collapse: Supply Chain Backdoor Attacks Against VLM-based Robotic Manipulation

Abstract

Robotic manipulation policies are increasingly empowered by large language models (LLMs) and vision-language models (VLMs), leveraging their understanding and perception capabilities. Recently, inference-time attacks against robotic manipulation have been extensively studied, yet backdoor attacks targeting model supply chain security in robotic policies remain largely unexplored. To fill this gap, we propose TrojanRobot, a backdoor injection framework for model supply chain attack scenarios, which embeds a malicious module into modular robotic policies via backdoor relationships to manipulate the LLM-to-VLM pathway and compromise the system. Our vanilla design instantiates this module as a backdoor-finetuned VLM. To further enhance attack performance, we propose a prime scheme by introducing the concept of LVLM-as-a-backdoor, which leverages in-context instruction learning (ICIL) to steer large vision-language model (LVLM) behavior through backdoored system prompts. Moreover, we develop three types of prime attacks, permutation, stagnation, and intentional, achieving flexible backdoor attack effects. Extensive physical-world and simulator experiments on 18 real-world manipulation tasks and 4 VLMs verify the superiority of proposed TrojanRobot

0

Turn this paper into a full lesson

ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.

Discussion (0)

Sign in to join the discussion.

Loading comments…