When Agents Control Robots: A Zero Trust Policy Model for Agentic Cyber-Physical Systems
For developers and operators of agentic cyber-physical systems, this work addresses the critical security gap where LFM-controlled robots can cause physical harm, though the evaluation is preliminary.
The paper analyzes security threats in multi-agent systems controlling industrial robots via natural language, identifying five attack classes. It proposes ZTPM, a Zero Trust Policy Model with 25 primitives across five domains, and shows through 60 execution traces that actuation parameter selection is model-dependent and non-deterministic, motivating policy enforcement at the physical actuation boundary.
Multi-agent systems powered by large foundation models (LFMs) are increasingly deployed to control industrial robots through natural language, creating deployments in which security failures produce physical consequences. We analyse this threat landscape through Cobot-Claw, a deployed four-agent system for UR3e robotic arm control, and identify five attack classes specific to agentic cyber-physical systems. We propose ZTPM, a Zero Trust Policy Model comprising 25 typed primitives across five enforcement domains with Physical Impact Tiers as a runtime policy dimension. An empirical evaluation across 60 execution traces on two LFM backends provides initial evidence that actuation parameter selection is model-dependent and non-deterministic, motivating the need for policy-level enforcement at the physical actuation boundary.