Is robot cybersecurity broken by AI? Consumer robots -- from autonomous lawnmowers to powered exoskeletons and window cleaners -- are rapidly entering homes and workplaces, yet their security remains rooted in assumptions of specialized attacker expertise. This paper presents evidence that Generative AI has fundamentally disrupted robot cybersecurity: what historically required deep knowledge of ROS, ROS 2, and robotic system internals can now be automated by anyone with access to state-of-the-art GenAI tools spearheaded by the open source CAI (Cybersecurity AI). We provide empirical evidence through three case studies: (1) compromising a Hookii autonomous lawnmower robot, uncovering fleet-wide vulnerabilities and data protection violations affecting 267+ connected devices, (2) exploiting a Hypershell powered exoskeleton, demonstrating safety-critical motor control weaknesses and credential exposure including access to over 3,300 internal support emails, and (3) breaching a HOBOT S7 Pro window cleaning robot, achieving unauthenticated BLE command injection and OTA firmware exploitation. Across these platforms, CAI discovered in an automated manner 38 vulnerabilities that would have previously required months of specialized security research. Our findings reveal a stark asymmetry: while offensive capabilities have been democratized through AI, defensive measures often remain lagging behind. We argue that traditional defense-in-depth architectures like the Robot Immune System (RIS) must evolve toward GenAI-native defensive agents capable of matching the speed and adaptability of AI-powered attacks.

翻译：机器人网络安全是否已被人工智能攻破？消费级机器人——从自主割草机到动力外骨骼和擦窗机器人——正迅速进入家庭和工作场所，但其安全性仍建立在攻击者需具备专业知识的假设之上。本文通过实证表明，生成式人工智能已从根本上颠覆了机器人网络安全：历史上需要精通ROS、ROS 2及机器人系统内部原理的攻击手段，如今任何能接触尖端生成式AI工具（以开源CAI网络安全人工智能为首）的用户均可自动化实现。我们通过三个案例研究提供实证证据：(1) 入侵Hookii自主割草机器人，发现影响267台以上联网设备的全系列漏洞及数据保护违规问题；(2) 利用Hypershell动力外骨骼，揭示涉及安全关键电机控制的缺陷及凭证泄露风险，包括可访问超3300封内部支持邮件；(3) 攻破HOBOT S7 Pro擦窗机器人，实现未经认证的BLE命令注入及OTA固件利用。在这些平台上，CAI以自动化方式发现了38个以往需要数月专业安全研究才能发现的漏洞。我们的研究揭示了显著的不对称性：虽然攻击能力通过AI实现了民主化，但防御措施往往滞后。我们认为，传统纵深防御架构（如机器人免疫系统RIS）必须向生成式AI原生防御代理演进，以匹配AI驱动攻击的速度与适应性。