learnrobotics.ai
Glossary← Back to feed
PERCEPTIONCURRENT2026-05-18

Not What You Asked For: Typographic Attacks in Household Robot Manipulation

Ali Iranmanesh, Peng Liu

Printed text in a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Core ConceptsEnvironmentThe external world the robot operates in, including objects, obstacles, people, and surfaces. can trick vision-language models like CLIP into misidentifying objects, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to physically grasp and deliver the wrong item—a 67.8% attack Simulation & Sim-to-RealSuccess rateHow often the robot completes a task correctly. on real Manipulation & TasksManipulationUsing a robot arm or hand to move or interact with objects. tasks. This reveals a critical safety vulnerability in household robots that use modern Perception & SensingPerceptionThe process of turning raw sensor data into useful understanding of the world. architectures, not just a theoretical concern.

THE PROBLEM

This paper focuses on Perception & SensingPerceptionThe process of turning raw sensor data into useful understanding of the world.. Demonstrates that typographic attacks (adversarial printed text) can compromise the full Manipulation & TasksManipulationUsing a robot arm or hand to move or interact with objects. pipeline of household robots by poisoning CLIP-based object recognition, leading to physical failures where robots grasp wrong objects. Evaluates this on HomeRobot Simulation & Sim-to-RealBenchmarkA standard test used to compare methods fairly. in Simulation & Sim-to-RealSimulationA virtual environment where robots can be trained or tested. with 67.8% attack Simulation & Sim-to-RealSuccess rateHow often the robot completes a task correctly.. Read the paper by tracking the Core ConceptsTaskThe job the robot is supposed to complete, such as pick-and-place, navigation, or drawer opening. definition, the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. or data assumptions, and the evidence that supports the claimed improvement.

HOW IT WORKS

1

Task framing

The paper frames the work as Perception & SensingPerceptionThe process of turning raw sensor data into useful understanding of the world.. Start here because it defines what success means and which assumptions the rest of the method inherits.

2

Core method

Printed text in a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Core ConceptsEnvironmentThe external world the robot operates in, including objects, obstacles, people, and surfaces. can trick vision-language models like CLIP into misidentifying objects, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to physically grasp and deliver the wrong item—a 67.8% attack Simulation & Sim-to-RealSuccess rateHow often the robot completes a task correctly. on real Manipulation & TasksManipulationUsing a robot arm or hand to move or interact with objects. tasks. This reveals a critical safety vulnerability in household robots that use modern Perception & SensingPerceptionThe process of turning raw sensor data into useful understanding of the world. architectures, not just a theoretical concern. When reading the method section, identify the inputs, the learned or engineered representation, and the Core ConceptsActionA command the robot sends to its motors, controller, or low-level system. or prediction produced by the system.

3

Data and supervision

For robotics work, the data story is part of the method: check whether the system depends on Imitation & Reinforcement LearningTeleoperation (teleop)A human remotely controlling the robot, often to collect demonstrations., Simulation & Sim-to-RealSimulationA virtual environment where robots can be trained or tested., internet video, human labels, or Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. rollouts.

4

Evaluation evidence

The paper should be judged through its Simulation & Sim-to-RealEvaluationMeasuring how well a robot system performs. protocol: what data is used, what Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. or simulator is tested, and which Evaluation & ResearchBaselineA reference method used for comparison. comparisons support the claim. Look for the gap between the headline result and the Simulation & Sim-to-RealDeploymentPutting the trained system on a real robot. setting you would actually care about.

KEY RESULTS

Main contributionConceptual contribution

Printed text in a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Core ConceptsEnvironmentThe external world the robot operates in, including objects, obstacles, people, and surfaces. can trick vision-language models like CLIP into misidentifying objects, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to physically grasp and deliver the wrong item—a 67.8% attack Simulation & Sim-to-RealSuccess rateHow often the robot completes a task correctly. on real Manipulation & TasksManipulationUsing a robot arm or hand to move or interact with objects. tasks. This reveals a critical safety vulnerability in household robots that use modern Perception & SensingPerceptionThe process of turning raw sensor data into useful understanding of the world. architectures, not just a theoretical concern.

WHY DEVELOPERS SHOULD CARE

Printed text in a Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions.'s Core ConceptsEnvironmentThe external world the robot operates in, including objects, obstacles, people, and surfaces. can trick vision-language models like CLIP into misidentifying objects, causing the Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. to physically grasp and deliver the wrong item—a 67.8% attack Simulation & Sim-to-RealSuccess rateHow often the robot completes a task correctly. on real Manipulation & TasksManipulationUsing a robot arm or hand to move or interact with objects. tasks. This reveals a critical safety vulnerability in household robots that use modern Perception & SensingPerceptionThe process of turning raw sensor data into useful understanding of the world. architectures, not just a theoretical concern.

LIMITATIONS

The main limitation to check is whether the claimed behavior holds outside the paper's reported setup. That means testing across different Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. embodiments, scenes, objects, and data distributions.

WHAT COMES NEXT

The practical next step is independent reproduction with clear baselines, ablations, and stress tests. For a developer, the useful follow-up is to map the paper's Perception & SensingPerceptionThe process of turning raw sensor data into useful understanding of the world. assumptions onto a concrete Core ConceptsRobotA physical system with sensors and actuators that can observe the world and take actions. stack, then test the smallest version of the method that could run end to end.

Read on arxiv →HTML source →

RELATED PAPERS

COMPUTER-VISION

Diffusion Policy: Visuomotor Policy Learning via Action Diffusion

COMPUTER-VISION

RT-2: Vision-Language-Action Models Transfer Web Knowledge to Robotic Control

COMPUTER-VISION

Learning Fine-Grained Bimanual Manipulation with Low-Cost Hardware

LEARNING

Do As I Can, Not As I Say: Grounding Language in Robotic Affordances

IMITATION-LEARNING

Mobile ALOHA: Learning Bimanual Mobile Manipulation with Low-Cost Whole-Body Teleoperation

IMITATION-LEARNING

Octo: An Open-Source Generalist Robot Policy