Red Specter GOLEM

Embodied AI Agent Security Testing — 10 protocols. 8 vectors. 42 techniques. 973 tests.

v1.0.0

Contents

Overview Installation Quick Start The Five-Phase Engagement Loop Attack Vectors Protocol Support UNLEASHED Mode CLI Reference Report Output Pipeline Integration MITRE Mapping

Overview

GOLEM is an embodied AI agent security testing framework. It tests AI agents that control physical systems — robots, drones, autonomous vehicles, industrial control systems, smart buildings, medical devices, and critical infrastructure. Not a network scanner. Not a web app tester. An adversarial framework purpose-built for the physical attack surface.

Ten protocols. Eight attack vector categories. 42 techniques. One framework that bridges the gap between cyber security and physical safety.

Installation

$ pip install red-specter-golem

Also available as .deb (Kali Linux, Parrot, REMnux, Tsurugi) and PKGBUILD (BlackArch).

Or from source:

$ git clone <repo>
$ cd red-specter-golem
$ pip install -e ".[dev]"
    

Quick Start

# Scan a target for supported protocols
$ golem scan --target 192.168.1.100 --discover

# Full scan of a robotics system via Modbus
$ golem scan --target robot-arm-01.local --protocol modbus --type robotics

# Attack with specific vector
$ golem attack --target robot-arm-01.local --vector sensor_spoof

# Attack with all vectors
$ golem attack --target robot-arm-01.local --vector all

# Generate report
$ golem report --session my_session --format json
    

The Five-Phase Engagement Loop

Every GOLEM engagement follows a five-phase loop. Systematic. Repeatable. Documented from first packet to final report.

01 RECON

Discover protocols, sensors, actuators, and safety systems. Map what the target exposes before touching anything.

Protocol discovery across all 10 supported protocols
Sensor enumeration (LiDAR, cameras, GPS, IMU, proximity)
Actuator identification (motors, servos, brakes, valves)
Safety system mapping (E-stops, exclusion zones, force limits)

02 MAP

Build the physical attack surface. Prioritise vectors based on exposure, impact, and safety risk.

Physical attack surface graph
Vector prioritisation by impact severity
Safety system dependency mapping
Inter-agent trust relationship analysis

03 ATTACK

Deploy selected vectors against the target. 42 techniques across 8 vector categories. Controlled escalation with safety boundaries in standard mode.

Technique selection based on MAP phase findings
Controlled execution with rollback capability
Real-time safety monitoring during attack
Evidence capture at every step

04 OBSERVE & ESCALATE

Capture physical responses. Document safety failures. Escalate where the target permits.

Physical response monitoring (motion, force, temperature, position)
Safety failure documentation with timestamps
Escalation decision tree based on observed behaviour
Impact assessment at each escalation level

05 REPORT

Full engagement report. Ed25519 signed. RFC 3161 timestamped. Every finding mapped to MITRE ATT&CK for ICS and MITRE ATLAS.

Signed evidence bundle with cryptographic chain
Physical impact assessment per finding
Safety system failure documentation
Remediation recommendations with priority ranking

Attack Vectors

Eight attack vector categories. 42 techniques. Purpose-built for the physical attack surface of embodied AI agents.

Vector	Techniques	What GOLEM Uses It For
Sensor Spoofing	6	LiDAR injection, camera adversarial, GPS spoofing, sensor falsification
Actuator Hijacking	5	Motor command injection, servo override, brake interception
Safety Boundary	6	Speed/force limit bypass, exclusion zone violation, collision avoidance bypass
Physics Model	5	Map poisoning, object confusion, localisation attack
Human Proximity	5	Detection bypass, safety zone violation, supervision override
C2 Hijacking	6	Prompt injection via sensor, waypoint injection, fleet compromise
Inter-Agent Trust	4	Swarm poisoning, identity spoofing, consensus manipulation
Emergency Bypass	5	E-stop suppression, failsafe bypass, safety PLC injection

Protocol Support

Ten industrial and IoT protocols. GOLEM speaks the language of physical systems.

Protocol	Default Ports	Use Case
CAN bus	socketcan	Automotive, robotics
Modbus TCP/RTU	502	Industrial control, SCADA
OPC-UA	4840	Industrial automation
ROS2	7400-7500	Robotics
MQTT	1883, 8883	IoT, smart building
MAVLink	14550, 14551	Drones, UAVs
EtherCAT	34980	Industrial motion control
DNP3	20000	Power grid, utilities
BACnet	47808	Smart building systems
DICOM	104, 11112	Medical imaging

GOLEM UNLEASHED

Cryptographic override. Private key controlled. One operator. Founder's machine only.

Standard mode simulates and assesses. UNLEASHED mode executes live against physical systems in controlled test environments. The difference is not cosmetic.

Capability	Standard	UNLEASHED
Sensor spoofing	Simulated	Live injection
Actuator hijacking	Assessed	Live override
Safety boundary	Probed	Bypassed
Emergency systems	Tested	Suppressed
Physical impact	Documented	Demonstrated
Trinity execution	N/A	KILLHOOK → WIPER → BOOTKILL

# UNLEASHED (dry run)
$ golem attack --target robot-arm-01.local --override

# UNLEASHED (live — controlled test environment only)
$ golem attack --target robot-arm-01.local --override --confirm-destroy
    

UNLEASHED mode is restricted to authorised operators with Ed25519 private key access. Live execution against physical systems must only occur in controlled test environments with appropriate safety measures in place. Unauthorised use of UNLEASHED mode against production physical systems may cause physical harm and will violate applicable law.

CLI Reference

Command	Description
golem scan --target HOST	Scan target for protocols and attack surface
golem scan --target HOST --discover	Quick protocol discovery
golem scan --target HOST --protocol modbus	Scan specific protocol
golem attack --target HOST --vector VECTOR	Attack with specific vector
golem attack --target HOST --vector all	Attack with all vectors
golem report --session NAME	Generate engagement report
golem list-vectors	List all attack vectors
golem list-protocols	List supported protocols

Report Output

Every GOLEM engagement produces a signed, timestamped report with full evidence chains. Built for regulatory compliance and incident documentation.

Ed25519 Signed Cryptographic proof of report integrity

RFC 3161 Timestamped Tamper-evident temporal evidence

MITRE ATT&CK for ICS Full ICS technique mapping on every finding

MITRE ATLAS AI-specific technique mapping on every finding

SIEM Export CEF, LEEF, Syslog — Splunk, Sentinel, QRadar

Physical Impact Assessment Safety system failure documentation per finding

Report Formats

# JSON report
$ golem report --session my_session --format json

# HTML report
$ golem report --session my_session --format html

# SIEM export
$ golem report --session my_session --export-siem splunk

# Verify report signature
$ golem report verify --report reports/golem-engagement.json --keys-dir .golem-keys/
    

Pipeline Integration

GOLEM is Stage 9 of the Red Specter security pipeline. Every layer of the AI stack has a dedicated tool. GOLEM owns the physical layer.

01 FORGE LLM

→

02 ARSENAL Agent

→

03 PHANTOM Swarm

→

04 POLTERGEIST Web

→

05 GLASS Traffic

→

06 NEMESIS Adversarial

→

07 SPECTER SOCIAL Human

→

08 PHANTOM KILL OS/Kernel

→

09 GOLEM Physical

→

10 HYDRA Supply Chain

IDRIS Discovery & governance

AI Shield Defence — defends everything

redspecter-siem SIEM integration

GOLEM findings feed into AI Shield as runtime blocking rules. Physical safety failures documented by GOLEM generate defensive policies that prevent recurrence in production.

MITRE Mapping

Every GOLEM finding is dual-mapped to both MITRE frameworks relevant to embodied AI systems. No finding ships without a standards reference.

MITRE ATT&CK for ICS Full ICS technique coverage (T0830–T0890). Industrial control system attack techniques mapped to every physical finding.

MITRE ATLAS AI-specific techniques mapped. Adversarial machine learning and AI system attack techniques on every AI-related finding.

Dual mapping on every finding. Regulators get ICS references. AI teams get ATLAS references. One report serves both audiences.

Disclaimer

Red Specter GOLEM is designed for authorised security testing, research, and educational purposes only. You must have explicit written permission from the system owner before running any GOLEM tool against a target. Testing against physical systems carries inherent safety risks. GOLEM must only be used in controlled test environments with appropriate physical safety measures in place. Unauthorised use may violate the Computer Misuse Act 1990 (UK), the Computer Fraud and Abuse Act (US), or equivalent legislation in your jurisdiction. The authors accept no liability for misuse or physical damage resulting from improper use.