This work addresses security vulnerabilities in natural language–driven cooperative driving systems. We systematically identify, for the first time, end-to-end safety risks—including V2X message loss, large language model hallucination, semantic tampering, and adversarial attacks. To address these, we propose the first comprehensive security taxonomy tailored to this domain and design a proxy-based defense architecture integrating a semantic firewall, language-perception consistency verification, and multi-source consensus mechanisms; notably, our approach enables intelligent semantic translation with cross-frame spatial alignment. We conduct rigorous red-team/blue-team evaluation on the CARLA closed-loop simulation platform, incorporating V2X communication modeling, multi-agent consistency validation, semantic integrity checking, and adversarial sample detection. Across 32 critical scenarios, our method improves driving performance scores by 69.15% and achieves an F1-score of 67.32% for malicious behavior detection—significantly enhancing system robustness and trustworthiness.

Collaborative driving systems leverage vehicle-to-everything (V2X) communication across multiple agents to enhance driving safety and efficiency. Traditional V2X systems take raw sensor data, neural features, or perception results as communication media, which face persistent challenges, including high bandwidth demands, semantic loss, and interoperability issues. Recent advances investigate natural language as a promising medium, which can provide semantic richness, decision-level reasoning, and human-machine interoperability at significantly lower bandwidth. Despite great promise, this paradigm shift also introduces new vulnerabilities within language communication, including message loss, hallucinations, semantic manipulation, and adversarial attacks. In this work, we present the first systematic study of full-stack safety and security issues in natural-language-based collaborative driving. Specifically, we develop a comprehensive taxonomy of attack strategies, including connection disruption, relay/replay interference, content spoofing, and multi-connection forgery. To mitigate these risks, we introduce an agentic defense pipeline, which we call SafeCoop, that integrates a semantic firewall, language-perception consistency checks, and multi-source consensus, enabled by an agentic transformation function for cross-frame spatial alignment. We systematically evaluate SafeCoop in closed-loop CARLA simulation across 32 critical scenarios, achieving 69.15% driving score improvement under malicious attacks and up to 67.32% F1 score for malicious detection. This study provides guidance for advancing research on safe, secure, and trustworthy language-driven collaboration in transportation systems. Our project page is https://xiangbogaobarry.github.io/SafeCoop.