When large language model–driven multi-agent systems control industrial robots, safety failures can lead to severe physical consequences. To address this, this work proposes the first Zero-Trust Policy Model (ZTPM) for agent-based cyber-physical systems, introducing 25 typed policy primitives and a physical impact severity mechanism at the physical execution boundary to enable runtime protection. The framework identifies five novel attack patterns and, through experiments involving 60 trajectories on a UR3e robotic arm platform, demonstrates that execution parameters exhibit model dependency and non-determinism. These findings underscore the necessity and efficacy of policy-level security mechanisms in safeguarding physical operations governed by autonomous agents.

Multi-agent systems powered by large foundation models (LFMs) are increasingly deployed to control industrial robots through natural language, creating deployments in which security failures produce physical consequences. We analyse this threat landscape through Cobot-Claw, a deployed four-agent system for UR3e robotic arm control, and identify five attack classes specific to agentic cyber-physical systems. We propose ZTPM, a Zero Trust Policy Model comprising 25 typed primitives across five enforcement domains with Physical Impact Tiers as a runtime policy dimension. An empirical evaluation across 60 execution traces on two LFM backends provides initial evidence that actuation parameter selection is model-dependent and non-deterministic, motivating the need for policy-level enforcement at the physical actuation boundary.