Embodied AI systems (e.g., autonomous vehicles, service robots, and LLM-driven interactive agents) are rapidly transitioning from controlled environments to safety critical real-world deployments. Unlike disembodied AI, failures in embodied intelligence lead to irreversible physical consequences, raising fundamental questions about security, safety, and reliability. While existing research predominantly analyzes embodied AI through the lenses of Large Language Model (LLM) vulnerabilities or classical Cyber-Physical System (CPS) failures, this survey argues that these perspectives are individually insufficient to explain many observed breakdowns in modern embodied systems. We posit that a significant class of failures arises from embodiment-induced system-level mismatches, rather than from isolated model flaws or traditional CPS attacks. Specifically, we identify four core insights that explain why embodied AI is fundamentally harder to secure: (i) semantic correctness does not imply physical safety, as language-level reasoning abstracts away geometry, dynamics, and contact constraints; (ii) identical actions can lead to drastically different outcomes across physical states due to nonlinear dynamics and state uncertainty; (iii) small errors propagate and amplify across tightly coupled perception-decision-action loops; and (iv) safety is not compositional across time or system layers, enabling locally safe decisions to accumulate into globally unsafe behavior. These insights suggest that securing embodied AI requires moving beyond component-level defenses toward system-level reasoning about physical risk, uncertainty, and failure propagation.

翻译：具身人工智能系统（例如自动驾驶汽车、服务机器人以及LLM驱动的交互式智能体）正迅速从受控环境转向安全关键的实际部署。与无实体AI不同，具身智能的失效会导致不可逆的物理后果，从而引发了关于安全性、可靠性与可靠性的根本性问题。尽管现有研究主要从大语言模型（LLM）漏洞或经典信息物理系统（CPS）失效的角度分析具身AI，但本综述认为，这些视角各自均不足以解释现代具身系统中观察到的诸多故障。我们提出，一类重要的失效源于具身化引发的系统级失配，而非孤立的模型缺陷或传统的CPS攻击。具体而言，我们提出了四个核心观点来解释为何具身AI本质上更难保障安全：（i）语义正确性并不保证物理安全性，因为语言层面的推理抽象掉了几何、动力学与接触约束；（ii）由于非线性动力学与状态不确定性，相同的行动在不同物理状态下可能导致截然不同的结果；（iii）微小误差在紧密耦合的感知-决策-行动回路中传播并放大；（iv）安全性在时间或系统层级上不具备组合性，使得局部安全的决策可能累积成全局不安全的行为。这些观点表明，保障具身AI安全需要超越组件级防御，转向对物理风险、不确定性及故障传播的系统级推理。