When Agents Control Robots: A Zero Trust Policy Model for Agentic Cyber-Physical Systems
2026-05-25 • Distributed, Parallel, and Cluster Computing
Distributed, Parallel, and Cluster ComputingMultiagent Systems
AI summaryⓘ
The authors studied a system where multiple AI agents control a robotic arm using natural language instructions. They found five types of security risks unique to these kinds of AI-driven physical systems. To address these risks, they designed a new security policy model called ZTPM that carefully controls actions based on different risk levels. Their tests showed that the robot's actions can vary depending on the AI model used, which means strict policies are needed to keep things safe when robots move.
multi-agent systemslarge foundation modelsindustrial robotscyber-physical systemssecurity threatszero trust policyrobotic arm controlpolicy enforcementactuation parametersruntime policy
Authors
Tharindu Ranathunga, Kavishka Fernando, Susan Rea
Abstract
Multi-agent systems powered by large foundation models (LFMs) are increasingly deployed to control industrial robots through natural language, creating deployments in which security failures produce physical consequences. We analyse this threat landscape through Cobot-Claw, a deployed four-agent system for UR3e robotic arm control, and identify five attack classes specific to agentic cyber-physical systems. We propose ZTPM, a Zero Trust Policy Model comprising 25 typed primitives across five enforcement domains with Physical Impact Tiers as a runtime policy dimension. An empirical evaluation across 60 execution traces on two LFM backends provides initial evidence that actuation parameter selection is model-dependent and non-deterministic, motivating the need for policy-level enforcement at the physical actuation boundary.