In this paper, we highlight the critical issues of robustness and safety associated with integrating large language models (LLMs) and vision-language models (VLMs) into robotics applications. Recent works have focused on using LLMs and VLMs to improve the performance of robotics tasks, such as manipulation, navigation, etc. However, such integration can introduce significant vulnerabilities, in terms of their susceptibility to adversarial attacks due to the language models, potentially leading to catastrophic consequences. By examining recent works at the interface of LLMs/VLMs and robotics, we show that it is easy to manipulate or misguide the robot's actions, leading to safety hazards. We define and provide examples of several plausible adversarial attacks, and conduct experiments on three prominent robot frameworks integrated with a language model, including KnowNo VIMA, and Instruct2Act, to assess their susceptibility to these attacks. Our empirical findings reveal a striking vulnerability of LLM/VLM-robot integrated systems: simple adversarial attacks can significantly undermine the effectiveness of LLM/VLM-robot integrated systems. Specifically, our data demonstrate an average performance deterioration of 21.2% under prompt attacks and a more alarming 30.2% under perception attacks. These results underscore the critical need for robust countermeasures to ensure the safe and reliable deployment of the advanced LLM/VLM-based robotic systems.

翻译：本文聚焦于将大语言模型（LLM）和视觉语言模型（VLM）集成到机器人应用中时面临的鲁棒性与安全性关键问题。近期研究主要关注利用LLM和VLM提升机器人操作、导航等任务的性能。然而，这种集成可能因语言模型易受对抗攻击的特性而引入显著漏洞，进而导致灾难性后果。通过审视LLM/VLM与机器人交叉领域的最新研究，我们证明操控或误导机器人行为极易引发安全隐患。本文定义并列举了若干种可行的对抗攻击方式，针对KnowNo VIMA和Instruct2Act三个集成语言模型的代表性机器人框架开展实验，评估其对上述攻击的敏感性。实证结果表明，LLM/VLM-机器人集成系统存在显著脆弱性：简单的对抗攻击即可严重削弱系统效能。具体数据显示，在提示攻击下系统性能平均下降21.2%，在感知攻击下更恶化至30.2%。这些结果凸显了制定强效防御措施以确保基于LLM/VLM的先进机器人系统安全可靠部署的紧迫性。