learnrobotics.ai
Glossary← Back to feed
WORLD-MODELSCURRENT2026-06-17

Stealthy World Model Manipulation via Data Poisoning

Yibin Hu, Xiaolin Sun, Zizhan Zheng

This paper demonstrates that adversaries can poison a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Modern Robot LearningFine-tuningTaking a pretrained model and adapting it to a specific robot or task. data to corrupt its learned Modern Robot LearningWorld modelA model that predicts how the world will change after actions. while evading detection, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to execute low-reward behaviors without obvious signs of attack. If you're deploying model-based Imitation & Reinforcement LearningReinforcement Learning (RL)Teaching a robot through trial and error using rewards. agents in the real world, this shows you need defenses beyond standard anomaly detection during data collection and Robot LearningTrainingThe process of fitting a model using data or experience..

THE PROBLEM

This paper focuses on world models. This paper demonstrates that adversaries can poison a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Modern Robot LearningFine-tuningTaking a pretrained model and adapting it to a specific robot or task. data to corrupt its learned Modern Robot LearningWorld modelA model that predicts how the world will change after actions. while evading detection, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to execute low-reward behaviors without obvious signs of attack. If you're deploying model-based Imitation & Reinforcement LearningReinforcement Learning (RL)Teaching a robot through trial and error using rewards. agents in the real world, this shows you need defenses beyond standard anomaly detection during data collection and Robot LearningTrainingThe process of fitting a model using data or experience.. Read the paper by tracking the Core ConceptsTaskThe job the robot is supposed to complete, such as pick-and-place, navigation, or drawer opening. definition, the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. or data assumptions, and the evidence that supports the claimed improvement.

HOW IT WORKS

1

Task framing

The paper frames the work as world models. Start here because it defines what success means and which assumptions the rest of the method inherits.

2

Core method

This paper demonstrates that adversaries can poison a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Modern Robot LearningFine-tuningTaking a pretrained model and adapting it to a specific robot or task. data to corrupt its learned Modern Robot LearningWorld modelA model that predicts how the world will change after actions. while evading detection, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to execute low-reward behaviors without obvious signs of attack. If you're deploying model-based Imitation & Reinforcement LearningReinforcement Learning (RL)Teaching a robot through trial and error using rewards. agents in the real world, this shows you need defenses beyond standard anomaly detection during data collection and Robot LearningTrainingThe process of fitting a model using data or experience.. When reading the method section, identify the inputs, the learned or engineered representation, and the Core ConceptsActionA command the robot sends to its motors, controller, or low-level system. or prediction produced by the system.

3

Data and supervision

For robotics work, the data story is part of the method: check whether the system depends on Imitation & Reinforcement LearningTeleoperation (teleop)A human remotely controlling the robot, often to collect demonstrations., Simulation & Sim-to-RealSimulationA virtual environment where robots can be trained or tested., internet video, human labels, or Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. rollouts.

4

Evaluation evidence

The paper should be judged through its Simulation & Sim-to-RealEvaluationMeasuring how well a robot system performs. protocol: what data is used, what Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. or simulator is tested, and which Evaluation & ResearchBaselineA reference method used for comparison. comparisons support the claim. Look for the gap between the headline result and the Simulation & Sim-to-RealDeploymentPutting the trained system on a real robot. setting you would actually care about.

KEY RESULTS

Main contributionConceptual contribution

This paper demonstrates that adversaries can poison a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Modern Robot LearningFine-tuningTaking a pretrained model and adapting it to a specific robot or task. data to corrupt its learned Modern Robot LearningWorld modelA model that predicts how the world will change after actions. while evading detection, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to execute low-reward behaviors without obvious signs of attack. If you're deploying model-based Imitation & Reinforcement LearningReinforcement Learning (RL)Teaching a robot through trial and error using rewards. agents in the real world, this shows you need defenses beyond standard anomaly detection during data collection and Robot LearningTrainingThe process of fitting a model using data or experience..

WHY DEVELOPERS SHOULD CARE

This paper demonstrates that adversaries can poison a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Modern Robot LearningFine-tuningTaking a pretrained model and adapting it to a specific robot or task. data to corrupt its learned Modern Robot LearningWorld modelA model that predicts how the world will change after actions. while evading detection, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to execute low-reward behaviors without obvious signs of attack. If you're deploying model-based Imitation & Reinforcement LearningReinforcement Learning (RL)Teaching a robot through trial and error using rewards. agents in the real world, this shows you need defenses beyond standard anomaly detection during data collection and Robot LearningTrainingThe process of fitting a model using data or experience..

LIMITATIONS

The main limitation to check is whether the claimed behavior holds outside the paper's reported setup. That means testing across different Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. embodiments, scenes, objects, and data distributions.

WHAT COMES NEXT

The practical next step is independent reproduction with clear baselines, ablations, and stress tests. For a developer, the useful follow-up is to map the paper's world models assumptions onto a concrete Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. stack, then test the smallest version of the method that could run end to end.

Read on arxiv →HTML source →

RELATED PAPERS

COMPUTER-VISION

Diffusion Policy: Visuomotor Policy Learning via Action Diffusion

COMPUTER-VISION

RT-2: Vision-Language-Action Models Transfer Web Knowledge to Robotic Control

COMPUTER-VISION

Learning Fine-Grained Bimanual Manipulation with Low-Cost Hardware

LEARNING

Do As I Can, Not As I Say: Grounding Language in Robotic Affordances

IMITATION-LEARNING

Mobile ALOHA: Learning Bimanual Mobile Manipulation with Low-Cost Whole-Body Teleoperation

IMITATION-LEARNING

Octo: An Open-Source Generalist Robot Policy