In a wild series of events, Sammy Azdoufai, a software engineer, accidentally turned his PlayStation 5 controller into a tool capable of spying on thousands of homes. He had just wanted to steer his new DJI Romo robot vacuum, but stumbled upon a massive security flaw instead.
Per Fortune, using an AI coding assistant, Azdoufal reverse-engineered how his vacuum communicated with DJI’s remote servers. He managed to extract a security token intended to prove he owned his specific device. What happened next was pretty mind-blowing: the backend servers suddenly treated him as the owner of nearly 7,000 robot vacuums operating in 24 different countries!
With a few quick keystrokes, Azdoufal found he could tap into live camera feeds, activate microphones, and even create 2D floor plans of strangers’ private homes. Thankfully, he did the right thing and responsibly reported the security bug instead of exploiting it.
He was the hero we needed
Millions of Americans have welcomed these internet-connected devices into their personal spaces. As of 2020, about 54 million U.S. households had at least one smart home device installed. Plus, companies like Tesla, Figure, and 1X are racing to introduce sophisticated, humanoid autonomous robots that could literally live in our homes and handle complex chores.
The surveillance capabilities of smart devices have recently become a big national topic. An Amazon Super Bowl ad for its Ring product, which was meant to show a charming rescue of a lost dog, actually highlighted that networked cameras capable of spying on Americans are everywhere. Interestingly, it was the footage from a nest camera that was also key in the search for Nancy Guthrie. Combine that with AI, and you are looking at a cybersecurity nightmare.
The Thales 2026 Data Threat Report says that 70% of organizations think that AI is their top data security risk. Despite that, businesses eagerly embed AI into their daily operations. The core problem here is a concerning lack of visibility and fundamental data control.
Since AI systems constantly take in and act upon information across huge cloud environments, it’s incredibly tough to enforce access privileges. In fact, credential theft is currently the leading attack technique against cloud management infrastructure. Just imagine not only 7,000 robotic vacuum cleaners, but an entire community’s Nest or Ring devices, being controlled by an AI agent instead.
An automated AI system can amplify weaknesses in governance and safety protocols far faster than humans. AI-powered coding tools, like the one Azdoufal used, make it incredibly easy for people with less technical knowledge to uncover and exploit software flaws. However, despite that, only 30% of companies surveyed currently have a dedicated AI security budget.
Without a fundamental shift to gear security to AI, experts warn that we are leaving the door open for the proverbial next software engineer with a video game controller.
Published: Feb 27, 2026 07:59 am