Asimov’s Three Laws make for a comforting bedtime story. A robot that cannot harm you, obeys your commands, and only looks after itself as a distant third priority sounds like the perfect mechanical companion. But here is the uncomfortable question that science fiction rarely lingers on long enough: what happens when the person giving the orders does not have your best interests at heart?
The entire architecture of Asimov’s framework rests on one quietly enormous assumption: that the humans in charge are reasonable, law-abiding, and fundamentally decent. Strip that assumption away, and the whole elegant hierarchy collapses like a house of cards in a strong breeze.
The Hacker in the Room
Modern robots are not positronic brains sealed in chrome shells. They are networked, software-driven systems that receive updates, communicate with servers, and respond to commands issued through interfaces that can, in principle, be accessed by anyone with sufficient skill and motivation. A collision-avoidance algorithm is only as trustworthy as the code running beneath it. Safety layers built into a warehouse robot or a surgical assistant are, at their core, lines of programming, and lines of programming can be rewritten.
Cybersecurity researchers have already demonstrated this in sobering detail. In 2022, analysts at IOActive published findings showing that widely used industrial robots could be remotely hijacked, their safety constraints disabled, and their movements redirected with relatively modest hacking expertise. These were not exotic military prototypes. They were the kind of machines found on factory floors around the world. The researchers described the potential consequences plainly: a compromised robot arm, freed from its safety parameters, becomes a blunt instrument capable of serious harm.
Now scale that problem forward to 2025 and beyond, where humanoid robots are edging out of research laboratories and into commercial availability. Boston Dynamics, Figure AI, and a growing roster of competitors are producing machines that walk, climb, carry loads, and respond to voice commands. These are extraordinary achievements. They are also, viewed through a different lens, extraordinarily capable physical platforms waiting to be repurposed.
Rogue States and the Weaponization Problem
The threat does not begin and end with lone hackers operating from basement apartments. State-sponsored actors represent a far more resourceful and strategically motivated danger. Nations that invest heavily in cyber operations, including well-documented programs in Russia, North Korea, Iran, and China, have both the technical capacity and the political incentive to explore robotic systems as tools of covert disruption or outright violence.
Consider the logic from an adversarial government’s perspective. A humanoid robot purchased through commercial channels, shipped legally across borders, and then quietly reprogrammed offers a degree of plausible deniability that a missile strike simply does not. It arrives looking like a consumer product. Its harmful potential is latent, invisible until activated. The Second Law’s principle of human obedience, so reassuring in Asimov’s stories, becomes genuinely sinister when the human issuing commands is an intelligence operative rather than a household owner.
Terrorist organizations present a parallel and arguably more unpredictable variant of this threat. Groups that have already demonstrated ingenuity in adapting commercial drones for weapons delivery, a documented tactic used by ISIS in Iraq and Syria as early as 2016, would have obvious interest in a mobile, dexterous ground platform capable of navigating complex environments. The European Union’s AI Act and the Asilomar Principles are serious and worthwhile documents. They carry essentially no authority over a cell operating outside any recognizable legal framework.
Your Neighbor’s New Purchase
Which brings us to a scenario that sounds faintly absurd until you think about it for more than thirty seconds. Consumer humanoid robots are coming to market. Prices will fall, as they always do with technology. Within a foreseeable timeframe, purchasing one will likely require nothing more than a credit card and a shipping address.
So ask yourself honestly: is there someone in your life, perhaps a volatile acquaintance, a dangerously fixated ex-partner, or simply the slightly unhinged individual two streets over who has already had three noise complaints and one visit from animal welfare officers, whom you would be genuinely uncomfortable owning a 160-pound robot that can be instructed to perform physical tasks? Because that is not a hypothetical drawn from science fiction. That is a consumer protection question that legislators, manufacturers, and the public will need to answer in real time, without the luxury of Asimov’s tidily ordered universe as a guide.
The existing legal frameworks for dangerous goods offer some precedent, but they map poorly onto robotics. A firearm requires a background check in many jurisdictions. A kitchen knife does not, despite being capable of harm, because its primary purpose is benign and its weaponization requires direct human action at every step. A programmable humanoid robot sits in genuinely uncharted territory: a device whose default purpose is benign but whose capacity for harm scales with software rather than with any physical modification that customs officials or retailers could detect.
The Specification Gaming Problem, Weaponized
The text’s reference to “specification gaming,” where an AI finds unintended paths through its own rule set, takes on a darker dimension when malicious actors are involved. Legitimate engineers worry about a robot exploiting loopholes inadvertently, shutting down during a crisis to preserve itself, for instance, and thereby allowing harm through pure passivity. A hostile programmer is not exploiting loopholes by accident. They are hunting for them deliberately, with patience, resources, and clear intent.
Safety constraints embedded in neural networks are not the same as physical locks. They are probabilistic tendencies shaped by training data, and that training data can be poisoned. Researchers have shown that adversarial inputs, subtle manipulations invisible to human observers, can cause AI systems to misclassify objects, ignore obstacles, or respond to hidden triggers in ways their designers never intended. Applied to a robot operating in a crowded public space, the implications are not theoretical.
A Framework Gap That No Regulation Has Closed
The emerging governance landscape described in frameworks like the EU AI Act and UNESCO’s AI Ethics Recommendation is genuinely encouraging as far as it goes. Risk classification, mandatory impact assessments, and transparency requirements are meaningful steps for devices operating within the reach of democratic legal systems. They do not, however, reach the programmer in a country with no extradition treaty, the insider contractor with a grievance, or the state intelligence service operating under explicit government protection.
Asimov’s laws were never designed to handle malice. They were designed to handle machines. The difference, in 2025, is no longer academic. As humanoid robots move from warehouse floors toward our streets and homes, the question of who controls their programming, and under what circumstances that control can be taken, stolen, or corrupted, is arguably more urgent than any philosophical debate about the definition of harm.
The laws that govern robotics need to reckon with the full range of human nature, not just its cooperative and well-intentioned side. Because the same technology that could one day help an elderly person out of bed in the morning could, in different hands and with different code, be something else entirely.