Document Type
Conference Proceeding
Publication Date
2-3-2026
Department
Department of Electrical and Computer Engineering
Abstract
The integration of Large Language Models (LLMs) into robotic control systems is enabling a new generation of autonomous agents capable of complex reasoning and planning. While this paradigm shift accelerates progress, it also introduces novel security risks that remain largely unexplored. Current research into LLM backdoors has focused on attacks triggered by external stimuli, such as specific words, visual objects, or environmental states. These attacks, while potent, overlook a more insidious class of vulnerability where the trigger is internal to the agent’s own operational logic. This paper presents the first comprehensive study of history-based backdoor attacks on LLM-powered robotic systems. We demonstrate that an attacker can embed a stealthy backdoor into an LLM-based robot controller by manipulating its instructions. This back- door is triggered not by an external cue, but by a specific, rare sequence of the robot’s own past actions. It remains dormant during normal operation, preserving the robot’s utility, but can be activated to induce a malicious behavior, such as a complete stop or a collision. Our experiments, conducted in a simulated environment with a variety of robots and LLMs, show that this history-based attack is highly effective, achieving a near-perfect attack success rate while remaining exceptionally difficult to detect. These findings reveal a critical and previously unaddressed vulnerability in autonomous systems and underscore the urgent need for security measures that account for an agent’s internal state.
Publication Title
The 3rd EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles
Recommended Citation
Obidov, D.,
Akki, S.,
Chen, T.,
&
Yang, K.
(2026).
Silent Sabotage: Internal State Triggered Backdoor Attacks on LLM-Powered Robotic Systems.
The 3rd EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles.
Retrieved from: https://digitalcommons.mtu.edu/michigantech-p2/2358
Publisher's Statement
This paper was presented at the 3rd EAI International Conference on Security and Privacy in Cyber-Physical Systems and Smart Vehicles (EAI SmartSP 2025) and accepted for publication.