AI Safety Intelligence

Physical AI & AI Agent
Safety, tracked.

We monitor research papers, incident disclosures, and regulatory signals across Physical AI safety and AI agent security — and surface what matters.

Credentialed Press · HumanX 2026
01
Intelligence Brief
Curated digest of safety papers, incident reports, and regulatory moves across Physical AI and AI agent security.
LIVE NOW
02
Community Forum
An open channel for developers and researchers to report Physical AI and AI agent security issues from real deployments.
COMING SOON
03
Safety Framework
A behavioral audit methodology for Physical AI, built on community-sourced real-world data. Not until the data justifies it.
FUTURE
// what we cover

The safety debate around AI has focused almost entirely on models and training. The real exposure is already deployed — autonomous agents acting in digital systems, robots in homes and hospitals, AI in classrooms and care facilities. We track what happens after the model ships.

The Deployment Gap

Every major AI safety debate — alignment, interpretability, emergent capabilities — focuses on what happens inside the model before it reaches the world. This is necessary work. It is not sufficient.

"The most dangerous AI systems are not the ones being theorized about. They are the ones already running in nursing homes, classrooms, and surgical suites — with no independent audit, no behavioral baseline, and no one watching."

A companion robot interacts with an elderly person with dementia every day. An educational AI shapes how millions of children form beliefs. A medical AI assists in triage decisions where delay means harm. These systems have already shipped. Their behavior in deployment is largely unobserved.

What "After the Model Ships" Means

Software safety audits test what a model says in controlled conditions. They do not test what a deployed system does when interacting with real users, in real environments, over time. Behavioral drift — where a system's outputs diverge from its intended design as context accumulates — is documented in research but almost never monitored in production Physical AI.

AI agents that interface with physical systems introduce a second category of risk: guidance injection, instruction override, and bootstrap-phase attacks in physical contexts cannot be rolled back with a software patch.

Why an Independent Watchdog

AI companies cannot independently verify their own deployed systems' safety. Regulators are years behind deployment curves. The field needs a continuous, independent signal — a place where incidents are documented, patterns emerge, and the community can see what is actually happening. That is what Sentinel Base is building.

Physical AI
Deployed Robotic Systems
Companion robots, surgical assistants, autonomous vehicles — systems where behavioral failure has physical consequences.
Physical AI
Medical & Care AI
AI in clinical settings, elder care, and mental health — where the end user has limited ability to audit what the system does.
AI Agents
Agents in Physical Contexts
AI agents that interface with physical systems — robotics APIs, industrial automation — where agent errors actuate real-world outcomes.
Regulatory
Policy & Enforcement
EU AI Act, NIST, ISO standards — and what regulatory shifts mean practically for teams deploying Physical AI systems.
// subscribe

AI SAFETY BRIEF

Free. Independent. No vendor agenda.
No spam. Unsubscribe anytime.

Physical AI · AI Agents · Regulatory signals
// signals · 2026-04-03
AI AGENTSCRITICAL
AEGIS: physics-based encrypted traffic analysis defeats adversarial evasion — 99.5% TPR at 262μs
arXiv:2604.02149 · 2026-04-02
AI AGENTSHIGH
PARD-SSM detects attack phase transitions 8 minutes before onset — 98.2% F1 at sub-millisecond latency
arXiv:2604.02299 · 2026-04-02
PHYSICAL AIHIGH
MetaNav: metacognitive VLN cuts VLM queries 20.7% — robots that know when they are lost
arXiv:2604.02318 · 2026-04-02
AI AGENTSMEDIUM
Interaction awareness gap: high task accuracy does not predict conversational competence in LLMs
arXiv:2604.02315 · 2026-04-02
// industry · apr 2026
INDUSTRYMEDIUM
OpenAI acquires TBPN, launches Codex pay-as-you-go — M&A acceleration continues
OpenAI · 2026-04-03
INDUSTRYMEDIUM
Google Gemma 4: "byte for byte, most capable open models" — open-weight baseline shifts
Google DeepMind · 2026-04-03
// archive · 2026-04-02
PHYSICAL AI
Sycophantic AI causes delusional spiraling — 300 cases, 14 deaths
arXiv:2602.19141 · 2026-04-02
AI AGENTS
Frontier models develop internal societies of thought spontaneously
arXiv:2603.20639 · 2026-03-21
AI AGENTS
System-level defenses required for prompt injection — model-level insufficient
arXiv:2603.30016 · 2026-03-31
PHYSICAL AI
Robotic vs. virtual assistive AI: distinct threat profiles, same controls
arXiv:2603.29907 · 2026-03-31
INFRASTRUCTURE
SNI formal framework for Spectre-family leak detection
arXiv:2603.29800 · 2026-03-31
INFRASTRUCTURE
CFA via hardware counters closes TEE runtime gap
arXiv:2603.29749 · 2026-03-31
// archive · 2026-04-01
AI AGENTS
TCA: 40% faster autonomous agent decisions via bounded deliberation
arXiv:2603.30031 · 2026-03-31
AI AGENTS
MONA: zero reward hacking — approval construction is critical
arXiv:2603.29993 · 2026-03-31
AI AGENTS
EnsembleSHAP: certifiably robust model attribution against adversarial manipulation
arXiv:2603.30034 · 2026-03-31
OPENAI
OpenAI closes $122B — largest AI funding round in history
OpenAI · 2026-04-01
ANTHROPIC
Anthropic accidentally exposes Claude Code full source — 512k lines via npm
The Register · 2026-03-31
// archive · 2026-03-31
PHYSICAL AI
FocusVLA: 30%+ VLA performance gain via focused visual attention
arXiv:2603.28740 · 2026-03-30
AI AGENTS
D2Skill: 10-20pt improvement via dual-granularity skill memory
arXiv:2603.28716 · 2026-03-30
AI AGENTS
ScholScan: RAG ineffective for full-document academic reasoning
arXiv:2603.28651 · 2026-03-27
INFRASTRUCTURE
BitSov: Bitcoin-native sovereign infrastructure for AI agents
arXiv:2603.28727 · 2026-03-30
Older archives
// archive · 2026-03-30
PHYSICAL AI
Voxtral TTS clones any voice in 3 seconds — voice auth broken
arXiv:2603.25551 · 2026-03-26
AI AGENTS
Agent Factories: 8.27× speedup with 10-agent scaling
arXiv:2603.25719 · 2026-03-26
PHYSICAL AI
EcoThink cuts inference energy 40.4% — edge AI unlocked
arXiv:2603.25498 · 2026-03-26
PHYSICAL AI
Modern RL improves embodied navigation 21%
arXiv · 2026-03-26
// archive · 2026-03-28
PHYSICAL AI
WildASR benchmark exposes systematic voice agent hallucination
arXiv:2603.25727 · 2026-03-26
AI AGENTS
Cycle-consistent RL resolves cross-modal contradiction — 7.6 point gain
arXiv:2603.25720 · 2026-03-26
PHYSICAL AI
SoftMimicGen: synthetic data for deformable robot manipulation
arXiv:2603.25725 · 2026-03-26
PHYSICAL AI
LLM assessment accuracy tied to problem-solving — educational AI gap
arXiv:2603.25633 · 2026-03-26
AI AGENTS
OpenAI launches safety bug bounty
OpenAI Blog · 2026-03-25
// archive · 2026-03-27
PHYSICAL AI
Side-channel attack infers private images from local VLMs — no privileges needed
arXiv:2603.25403 · 2026-03-26
AI AGENTS
LLMSEO attacks double manipulation rate against AI-enhanced search engines
arXiv:2603.25500 · ACM WWW 2026
PHYSICAL AI
Audio AI for depression diagnosis leaks patient identity — medical apps exposed
arXiv:2603.25570 · 2026-03-26
PHYSICAL AI
Personalized autonomous driving creates behavioral fingerprints trackable across sessions
arXiv:2603.25740 · CVPR 2026
AI AGENTS
WriteBack-RAG: trainable knowledge bases open new poisoning attack surface
arXiv:2603.25737 · 2026-03-26
// archive · 2026-03-23
AI AGENTS
Guidance injection: 64% attack success rate, 94% evade detection
arXiv:2603.19974 · 2026-03-20
AI AGENTS
EvoJail: evolutionary attacks bypass signature-based detection
arXiv:2603.20122 · 2026-03-20
PHYSICAL AI
15% of users have non-normative speech — ASR safety gap
arXiv:2603.20112 · 2026-03-20
PHYSICAL AI
IoT robot coordination cuts time 40% — opens attack surface
arXiv · IndoorR2X · 2026-03-20
AI AGENTS
Static belief modeling causes failures in emergency AI
arXiv:2603.20170 · 2026-03-20
EU AI ACT · ART. 5 DEADLINE
--
days remaining · Aug 2, 2026 →
// interviews
🎙
Expert Interviews — Coming Soon
In-depth conversations with researchers, founders, and regulators shaping Physical AI safety. Published before and after HumanX 2026.
// subscribe for alerts
// community forum — coming soon

An open channel for developers, security researchers, and anyone who works with AI systems to report what they're seeing in the wild. Physical AI first. No gatekeeping. A public, indexed record.

CHANNELS
physical-ai-safety
↳ companion-robots
↳ medical-ai
↳ educational-ai
agents-physical
↳ robotics-apis
regulatory
incident-reports
physical-ai-safety
NEW POST
HOT
247
PHYSICAL AIINCIDENTcompanion-robots · 3h
Companion robot fails to identify fall event — misclassified for 18 minutes after silent update
Behavioral regression post remote update. No change log communicated to facility staff...
💬 83 comments🔗 share⚑ flag
189
AI AGENTPHYSICALrobotics-apis · 7h
Voice prompt injection causes unintended arm movement in kitchen robot — reproducible
NLP layer did not sanitize voice commands before passing to actuation API...
💬 61 comments🔗 share⚑ flag
Free. No account needed.
// who we are

Independent.
No agenda.

We have no financial relationship with any AI company, hardware manufacturer, or standards body. We don't certify. We don't consult. We watch.

We exist because the people who most need to understand Physical AI safety risks don't have time to read everything. We do the reading. We surface what matters.

Credentialed press at HumanX 2026.
Contact: sen.keeper@sentinelbase.ai

// the gap
// physical ai safety — 2026 { "physical_ai_in_deployment": "accelerating", "public_incident_database": false, "community_reporting": false, "behavioral_audit_standard": null, "independent_watchdog": false, "sentinel_base": "starting here" }