Informa TechTarget | SearchSecurity Cybersecurity Dive InformationWeek Channel Dive Explore our brands Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources CYBER RISK VULNERABILITIES & THREATS CYBERSECURITY OPERATIONS PHYSICAL SECURITY NEWS As Global Powers Explore Humanoid Robots, Cyber-Risk Looms The future of cybersecurity is germinating, as nation states vie for dominance in the embodied AI market and its supply chain. Nate Nelson,Contributing Writer May 28, 2026 4 Min Read SOURCE: OVER THERE PICS VIA ALAMY STOCK PHOTO Forget formless large language models (LLMs) and artificial intelligence (AI) agents: global superpowers are already building a future around embodied AI, and using cyberattacks to gain an upper hand in it. A new industrial revolution is fomenting, some experts say. It was manufacturing and steam power the first time around, railroads and electricity the second, and the Internet and telecommunications not so long ago. This time the change might be led by embodied AI systems — robots that move like people or animals. As corporations and nation states battle for dominance in intelligent robotics, new cyber battlefields and risks have already started to take shape. At Infosecurity Europe next week, Recorded Future's Joseph Rooke will give a cybersecurity-leaning variant of a popular talk he's been carrying around about the power politics, supply chain threats, and cyberattack scenarios around embodied AI systems both today and in the future. Related:Dutch Raid Fails to Dent Russian Bulletproof Host "The race is on," he says, "and right now the security of a lot of these systems is deeply concerning." Cyber-Risks in Embodied AI As kinematics catches up with the rest of AI tech, experts are predicting an explosion of embodied systems. Last year, Morgan Stanley projected that China alone might have around 300 million of them by 2050, operating in industrial plants, army units, and anywhere else they might prove useful. LOADING... Investing in humanoids might be a proactive step to address population declines. It might also be a conspiracy to replace human workers with wageless machines. Either way, the movement is well underway. Humanoid robots have already featured heavily in Chinese Communist Party (CCP) initiatives, drones have played an exceptional role in the Russia-Ukraine war, and right now you can buy a robot dog for a few thousand bucks on the Web. The potential risks in embodied AI systems are limited only to one's imagination. Robots that swing their arms or shoot things are obvious safety hazards to people around them. Robots that live in homes and factory floors can steal data through not just the Internet, but also their eyes and ears. They can be hacked through all of those same channels, too. It doesn't help, then, that the robots built to date have proven so problematic. The few researchers focused on this space have already picked apart Unitree bots — the most popular humanoids on the market — nine ways to Sunday. They've proven that the machines send private user data to China without consent. They've found multiple backdoors enabling full, unauthorized control, and shown how they can be exploited in a minute's time, or worm wirelessly from bot to bot. "That really was terrifying — iRobot sort of stuff. A fleet could be compromised in this case," Rooke recalls. Related:Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security Like large language models (LLMs) and agentic AI before it, companies are simply rushing embodied AI to market without totally accounting for the risks involved, Rooke says. "It's a real race, and I think things are being missed. And that is my concern now with the US robotics market: Will they miss things?" Chinese Spying in the Mining Sector Cybersecurity for intelligent robots involves far more than protecting the robots, too. The supply chains needed to build embodied AI systems are also maturing, expanding, and proving fertile ground for commercial and geopolitical cyberespionage. For humanoid robots, there are many cyber threats to the AI models they're built with, the data centers they rely on, the semiconductors powering them, and the energy sources used at each step of the way. But Rooke highlights a growing universe of attacks against the worldwide mining industry. Why mining? Because as the market for embodied AI and its components grows, rare earth elements and other critical minerals will be in huge demand. Whoever has control over those natural resources will possess immense power in the so-called fourth industrial revolution, and many rich deposits are located in legally ambiguous places like the Arctic and outer space. Related:Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Whether to glean insights into other countries' future plans, sabotage those plans, or steal their mining technologies, China's advanced persistent threat (APTs) groups in particular have been active in this space. Recorded Future has tracked a handful of mining-specific Chinese cyberespionage campaigns in the past half decade, and plenty more that may have been mining-adjacent in one way or another. In 2021, APT15 (aka Nickel, Nylon Typhoon) targeted a Canadian mining company. In 2025, right around the time China was entering into seabed exploration and mining partnerships with a trio of smaller nations, multiple Chinese APTs were found spying on an organization involved in monitoring and regulating the practice of seabed mining. Between 2021 and 2026, Chinese threat actors targeted private and public sector entities in Indonesia, a country where China holds lots of contracts and interests around natural resources, particularly nickel. In 2025, YoroTrooper (aka Silent Lynx) — which researchers believe is based in Kazakhstan — targeted Russia's energy, manufacturing, and mining sectors. When a mining contract is up for grabs, "They might get inside of a ministerial network, or they'll figure out the reconnaissance phase: How can we undercut this bid? It's all about getting that advantage," Rooke says. Luckily, he adds, "I wouldn't say any of it right now is destructive; this is more about espionage." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and award-winning scriptwriter. In addition to Dark Reading he writes for Darknet Diaries, the most popular show in cybersecurity across all media. He began his career as a freelancer, ghostwriting Forbes and CNBC op-eds for executives in tech and finance. Then he transitioned to journalism at Threatpost, where he covered cybersecurity news and trends. Throughout those years he co-created a cybersecurity podcast, Malicious Life, which in its day climbed into the Top 20 technology podcasts charts on Apple Podcasts and Spotify. He holds degrees from New York University and Bard College. As a born and bred New Yorker, he enjoys a superiority complex, but is polite enough to keep it to himself. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Credential Security: Intelligence Without Exposure More Webinars You May Also Like CYBER RISK How Can CISOs Respond to Ransomware Getting More Violent? by James Doggett JAN 28, 2026 CYBER RISK US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity by Alexander Culafi JAN 05, 2026 CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... Webinars The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed TUESDAY, JUNE 23, 2026 1:00 PM EDT Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST AI-Powered Credential Security: Intelligence Without Exposure WED, JUNE 17, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, pa