As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
Dark ReadingArchived May 29, 2026✓ Full text saved
The future of cybersecurity is germinating, as nation states vie for dominance in the embodied AI market and its supply chain.
Full text archived locally
✦ AI Summary· Claude Sonnet
CYBER RISK
VULNERABILITIES & THREATS
CYBERSECURITY OPERATIONS
PHYSICAL SECURITY
NEWS
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
The future of cybersecurity is germinating, as nation states vie for dominance in the embodied AI market and its supply chain.
Nate Nelson,Contributing Writer
May 28, 2026
4 Min Read
SOURCE: OVER THERE PICS VIA ALAMY STOCK PHOTO
Forget formless large language models (LLMs) and artificial intelligence (AI) agents: global superpowers are already building a future around embodied AI, and using cyberattacks to gain an upper hand in it.
A new industrial revolution is fomenting, some experts say. It was manufacturing and steam power the first time around, railroads and electricity the second, and the Internet and telecommunications not so long ago. This time the change might be led by embodied AI systems — robots that move like people or animals.
As corporations and nation states battle for dominance in intelligent robotics, new cyber battlefields and risks have already started to take shape. At Infosecurity Europe next week, Recorded Future's Joseph Rooke will give a cybersecurity-leaning variant of a popular talk he's been carrying around about the power politics, supply chain threats, and cyberattack scenarios around embodied AI systems both today and in the future.
Related:Dutch Raid Fails to Dent Russian Bulletproof Host
"The race is on," he says, "and right now the security of a lot of these systems is deeply concerning."
Cyber-Risks in Embodied AI
As kinematics catches up with the rest of AI tech, experts are predicting an explosion of embodied systems. Last year, Morgan Stanley projected that China alone might have around 300 million of them by 2050, operating in industrial plants, army units, and anywhere else they might prove useful.
Investing in humanoids might be a proactive step to address population declines. It might also be a conspiracy to replace human workers with wageless machines. Either way, the movement is well underway. Humanoid robots have already featured heavily in Chinese Communist Party (CCP) initiatives, drones have played an exceptional role in the Russia-Ukraine war, and right now you can buy a robot dog for a few thousand bucks on the Web.
The potential risks in embodied AI systems are limited only to one's imagination. Robots that swing their arms or shoot things are obvious safety hazards to people around them. Robots that live in homes and factory floors can steal data through not just the Internet, but also their eyes and ears. They can be hacked through all of those same channels, too.
It doesn't help, then, that the robots built to date have proven so problematic. The few researchers focused on this space have already picked apart Unitree bots — the most popular humanoids on the market — nine ways to Sunday. They've proven that the machines send private user data to China without consent. They've found multiple backdoors enabling full, unauthorized control, and shown how they can be exploited in a minute's time, or worm wirelessly from bot to bot. "That really was terrifying — iRobot sort of stuff. A fleet could be compromised in this case," Rooke recalls.
Related:Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
Like large language models (LLMs) and agentic AI before it, companies are simply rushing embodied AI to market without totally accounting for the risks involved, Rooke says. "It's a real race, and I think things are being missed. And that is my concern now with the US robotics market: Will they miss things?"
Chinese Spying in the Mining Sector
Cybersecurity for intelligent robots involves far more than protecting the robots, too. The supply chains needed to build embodied AI systems are also maturing, expanding, and proving fertile ground for commercial and geopolitical cyberespionage.
For humanoid robots, there are many cyber threats to the AI models they're built with, the data centers they rely on, the semiconductors powering them, and the energy sources used at each step of the way. But Rooke highlights a growing universe of attacks against the worldwide mining industry.
Why mining? Because as the market for embodied AI and its components grows, rare earth elements and other critical minerals will be in huge demand. Whoever has control over those natural resources will possess immense power in the so-called fourth industrial revolution, and many rich deposits are located in legally ambiguous places like the Arctic and outer space.
Related:Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
Whether to glean insights into other countries' future plans, sabotage those plans, or steal their mining technologies, China's advanced persistent threat (APTs) groups in particular have been active in this space. Recorded Future has tracked a handful of mining-specific Chinese cyberespionage campaigns in the past half decade, and plenty more that may have been mining-adjacent in one way or another.
In 2021, APT15 (aka Nickel, Nylon Typhoon) targeted a Canadian mining company.
In 2025, right around the time China was entering into seabed exploration and mining partnerships with a trio of smaller nations, multiple Chinese APTs were found spying on an organization involved in monitoring and regulating the practice of seabed mining.
Between 2021 and 2026, Chinese threat actors targeted private and public sector entities in Indonesia, a country where China holds lots of contracts and interests around natural resources, particularly nickel.
In 2025, YoroTrooper (aka Silent Lynx) — which researchers believe is based in Kazakhstan — targeted Russia's energy, manufacturing, and mining sectors.
When a mining contract is up for grabs, "They might get inside of a ministerial network, or they'll figure out the reconnaissance phase: How can we undercut this bid? It's all about getting that advantage," Rooke says.
Luckily, he adds, "I wouldn't say any of it right now is destructive; this is more about espionage."
About the Author
Nate Nelson
Contributing Writer
Nate Nelson is a journalist and award-winning scriptwriter. In addition to Dark Reading he writes for Darknet Diaries, the most popular show in cybersecurity across all media.
He began his career as a freelancer, ghostwriting Forbes and CNBC op-eds for executives in tech and finance. Then he transitioned to journalism at Threatpost, where he covered cybersecurity news and trends. Throughout those years he co-created a cybersecurity podcast, Malicious Life, which in its day climbed into the Top 20 technology podcasts charts on Apple Podcasts and Spotify.
He holds degrees from New York University and Bard College. As a born and bred New Yorker, he enjoys a superiority complex, but is polite enough to keep it to himself.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
AI-Powered Credential Security: Intelligence Without Exposure
More Webinars
You May Also Like
CYBER RISK
How Can CISOs Respond to Ransomware Getting More Violent?
by James Doggett
JAN 28, 2026
CYBER RISK
US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity
by Alexander Culafi
JAN 05, 2026
CYBER RISK
Switching to Offense: US Makes Cyber Strategy Changes
by Robert Lemos, Contributing Writer
NOV 21, 2025
CYBER RISK
Microsoft Exchange 'Under Imminent Threat,' Act Now
by Arielle Waldman
NOV 12, 2025
Editor's Choice
CYBERSECURITY OPERATIONS
20 Leaders Who Built the CISO Era: 2 Decades of Change
byDark Reading Editorial Team
MAY 12, 2026
41 MIN READ
APPLICATION SECURITY
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
byJai Vijayan
MAY 12, 2026
5 MIN READ
CYBERATTACKS & DATA BREACHES
Instructure Breach Exposes Schools' Vendor Dependence
byAlexander Culafi
MAY 6, 2026
4 MIN READ
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
Webinars
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
TUESDAY, JUNE 23, 2026 1:00 PM EDT
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
THURS, JUNE 25, 2026, AT 1PM EST
Defending in the Shadow Era: When the CVE Feed Goes Dark
TUES, JUNE 16, 2026 AT 1PM EST
Building SecOps That Make the Most of Every Dollar
THURS, JULY 9, 2026 AT 1PM EST
AI-Powered Credential Security: Intelligence Without Exposure
WED, JUNE 17, 2026, AT 1PM EST
More Webinars
BLACK HAT USA | MANDALAY BAY, LAS VEGAS
The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.
GET YOUR PASS