Research Analyzer
← Back ICRA 2026

Preventing Robotic Jailbreaking Via Multimodal Domain Adaptation

Francesco Marchiori, Rohan Sinha, Christopher George Agia, Alexander Robey, George J. Pappas, Mauro Conti, Marco Pavone

PDF

AI summary

Key figure (auto-extracted from paper)
J-DAPT detects robotic jailbreaks with near-perfect accuracy by adapting general-purpose safety data to robotics domains without requiring domain-specific attack examples.
robotic jailbreak detection vision-language models domain adaptation multimodal fusion AI safety autonomous systems

Problem

Data-driven jailbreak detectors fail in robotics due to scarce domain-specific adversarial data and distribution shifts between general-purpose text benchmarks and embodied environments.

Approach

J-DAPT fuses text and visual embeddings via cross-attention, then aligns general-purpose jailbreak datasets to target robotic domains using importance weighting and CORAL correlation alignment.

Key results

  • Mitigates 98.85% of jailbreak attacks across autonomous driving, maritime, and quadruped benchmarks
  • Achieves up to 100% detection accuracy in specific scenarios without domain-specific jailbreak training data
  • Runs 9.9× faster than the fastest comparable LLM-based detector
  • Outperforms existing classifier baselines, which perform near random guessing

Why it matters

Provides a practical, low-latency defense for securing VLM-enabled robots in safety-critical real-world deployments where adversarial data is scarce.

Abstract

Large Language Models (LLMs) and Vision-Language Models (VLMs) are increasingly deployed in robotic environments but remain vulnerable to jailbreaking attacks that bypass safety mechanisms and drive unsafe or physically harmful behaviors in the real world. Data-driven defenses such as jailbreak classifiers show promise, yet they struggle to generalize in domains where specialized datasets are scarce, limiting their effectiveness in robotics and other safety-critical contexts. To address this gap, we introduce J-DAPT, a lightweight framework for multimodal jailbreak detection through attention-based fusion and domain adaptation. J-DAPT integrates textual and visual embeddings to capture both semantic intent and environmental grounding, while aligning general-purpose jailbreak datasets with domain-specific reference data. Evaluations across autonomous driving, maritime robotics, and quadruped navigation show that J-DAPT boosts detection accuracy to very high levels (up to 100% in certain scenarios) under our evaluation protocol. These results demonstrate that J-DAPT provides a practical defense for securing VLMs in robotic applications. Additional materials are made available at: https://j-dapt.github.io.

Index terms

AI-Enabled Robotics Transfer Learning Robot Safety

Related papers

  1. 87 similarity
    When Attention Betrays: Erasing Backdoor Attacks in Robotic Policies by Reconstructing Visual Tokens AI summary
    Mengde Li, Jifeng Xuan∗and Miao Li,,∗
    PDF
  2. 87 similarity
    Leveraging Vision-Language Models for Open-Vocabulary Instance Segmentation and Tracking AI summary
    Bastian Pätzold, Jan Nogga, Sven Behnke
    PDF
  3. 86 similarity
    Privacy-Preserving Robotic Perception for Object Detection in Curious Cloud Robotics AI summary
    Michele Antonazzi, Matteo Alberti, Alex Bassot, Matteo Luperto, Nicola Basilico
    PDF
  4. 86 similarity
    Exploiting Vulnerabilities: Universal Adversarial Attacks on Vision-Language-Action Models in Robotics AI summary
    Songhua Yang, Ziyu Liu, Yuanwei Liu, Xuetao Li, Xuanye Fei, He Huang, Zheng WANG, Miao Li
    PDF
  5. 86 similarity
    LACY: A Vision-Language Model-Based Language-Action Cycle for Self-Improving Robotic Manipulation AI summary
    Youngjin Hong, Houjian Yu, Mingen Li, Changhyun Choi
    PDF
  6. 86 similarity
    KITE: Keyframe-Indexed Tokenized Evidence for VLM-Based Robot Failure Analysis AI summary
    in its failure explanation, the VLM references the BEV diagram to infer that the cup’s position remains unchanged.
    PDF
  7. 86 similarity
    PEEK: Guiding and Minimal Image Representations for Zero-Shot Generalization of Robot Manipulation Policies AI summary
    Jesse Zhang, Marius Memmel, Kevin Kim, Dieter Fox, Jesse Thomason, Fabio Ramos, Erdem Bıyık, Abhishek Gupta, Anqi Li
    PDF
  8. 85 similarity
    MolmoAct: Action Reasoning Models That Can Reason in Space AI summary
    Jason Lee, Jiafei Duan, Haoquan Fang, Yuquan Deng, Shuo Liu, Boyang Li, Bohan Fang, Jieyu Zhang, Yi Ru Wang, Sangho Lee, Winson Han, Wilbert Pumacay, Angelica Wu, Rose Hendrix, Karen Farley, Eli VanderBilt, Ali Farhadi, Dieter Fox, Ranjay Krishna
    PDF