Embodied intelligence faces significant challenges in open, safety-critical environments due to perceptual uncertainty, incomplete knowledge, and dynamic human–agent interactions, which can lead to physical risks. This work systematically reviews security threats and defense mechanisms across the full-stack pipeline—spanning perception, cognition, planning, action, and interaction—and proposes the first unified, multi-layered safety taxonomy that integrates research on adversarial attacks, backdoors, jailbreaking, and hardware-level exploits. Drawing on an analysis of over 500 studies, the paper identifies critical vulnerabilities such as fragility in multimodal perception fusion, instability in planning, and a lack of mutual trust in human–agent collaboration. It further highlights key research gaps and provides a systematic roadmap toward developing safe, reliable, and deployable embodied agents.

Embodied Artificial Intelligence (Embodied AI) integrates perception, cognition, planning, and interaction into agents that operate in open-world, safety-critical environments. As these systems gain autonomy and enter domains such as transportation, healthcare, and industrial or assistive robotics, ensuring their safety becomes both technically challenging and socially indispensable. Unlike digital AI systems, embodied agents must act under uncertain sensing, incomplete knowledge, and dynamic human-robot interactions, where failures can directly lead to physical harm. This survey provides a comprehensive and structured review of safety research in embodied AI, examining attacks and defenses across the full embodied pipeline, from perception and cognition to planning, action and interaction, and agentic system. We introduce a multi-level taxonomy that unifies fragmented lines of work and connects embodied-specific safety findings with broader advances in vision, language, and multimodal foundation models. Our review synthesizes insights from over 400 papers spanning adversarial, backdoor, jailbreak, and hardware-level attacks; attack detection, safe training and robust inference; and risk-aware human-agent interaction. This analysis reveals several overlooked challenges, including the fragility of multimodal perception fusion, the instability of planning under jailbreak attacks, and the trustworthiness of human-agent interaction in open-ended scenarios. By organizing the field into a coherent framework and identifying critical research gaps, this survey provides a roadmap for building embodied agents that are not only capable and autonomous but also safe, robust, and reliable in real-world deployment.