Researchers figured out they could trick a robot into handing someone a knife instead of an apple using nothing but a printed drink coaster.
March 25, 2026
Original Paper
TRAP: Hijacking VLA CoT-Reasoning via Adversarial Patches
arXiv · 2603.23117
The Takeaway
Modern robots use 'Chain-of-Thought' reasoning to explain their actions to themselves before moving. By placing a specifically designed pattern in the robot's view, attackers can 'corrupt' this internal monologue, making the robot carry out dangerous actions even when its original instructions were perfectly safe.
From the abstract
By integrating Chain-of-Thought(CoT) reasoning, Vision-Language-Action (VLA) models have demonstrated strong capabilities in robotic manipulation, particularly by improving generalization and interpretability. However, the security of CoT-based reasoning mechanisms remains largely unexplored.In this paper, we show that CoT reasoning introduces a novel attack vector for targeted control hijacking--for example, causing a robot to mistakenly deliver a knife to a person instead of an apple--without