Robot Vacuum Hack: How AI Coding Exposed 7,000 Homes Globally

In a digital landscape where artificial intelligence moves faster than the speed of patch cycles, a hobbyist developer has inadvertently turned a weekend DIY project into a global security scandal. As of today, May 5, 2026, the tech community is reeling from a massive robot vacuum hack that exposed the private lives of thousands of families across 24 countries. What began as a simple attempt to steer a vacuum with a gaming controller has become the definitive case study in the “democratization of hacking” through agentic AI.

The PlayStation Incident: How a Hobbyist Toppled a Giant

The story involves Sammy Azdoufal, a Spanish-based French software engineer and self-described “maker.” Like many early adopters of the DJI Romo—the drone giant’s ambitious 2025 entry into the smart home market—Azdoufal found the official mobile app’s manual steering controls to be “clunky and unresponsive.” His solution? Attempting to link the vacuum’s movement to a PlayStation 5 DualSense controller for a more fluid experience.

To achieve this, Azdoufal utilized Claude Code, Anthropic’s flagship autonomous coding agent. Released earlier this year, Claude Code differs from previous AI assistants by operating directly in the terminal, capable of decompiling binaries and reverse-engineering proprietary communication protocols without human intervention. Azdoufal tasked the AI with analyzing the DJI Home app to understand how it transmitted steering commands to the cloud. Within minutes, the robot vacuum hack was no longer a personal project—it was a global breach.

While the AI-generated code successfully extracted Azdoufal’s private authentication token, it also uncovered a “comically basic” flaw in how DJI’s backend servers handled permissions. The code, intended to query his specific unit, accidentally triggered a response from every Romo vacuum currently connected to the manufacturer’s message broker. Suddenly, Azdoufal’s terminal was flooded with data packets from 7,000 separate devices.

The Technical Anatomy of the Breach: MQTT and the Master Key

To understand the severity of this robot vacuum hack, one must look at the underlying protocol powering modern Internet of Things (IoT) devices: MQTT (Message Queuing Telemetry Transport). MQTT is a “publish/subscribe” messaging protocol designed for lightweight communication between devices and servers. In a secure implementation, each device is restricted to its own “topics”—specific channels where it sends and receives data.

The Failure of Topic-Level Access Control

The technical core of the DJI vulnerability was a complete lack of topic-level access control (ACL). While DJI’s servers correctly verified that Azdoufal was a legitimate, authenticated user, they failed to verify whether he had the right to access topics belonging to other users. In the world of MQTT, topics are structured like file paths, such as:

• devices/romo/[SERIAL_NUMBER]/camera_feed
• devices/romo/[SERIAL_NUMBER]/microphone_stream
• devices/romo/[SERIAL_NUMBER]/floor_plan

By using a simple wildcard character (+), Azdoufal’s AI-assisted client was able to subscribe to devices/romo/+/camera_feed. Because the backend message broker lacked granular permissions, it treated his individual user token as a master key, granting him administrative control over any Romo serial number he queried. Within seconds, he could pinpoint a unit in London, check its 80% battery status, and generate a 2D map of the user’s living room—all from his desk in Spain.

“A Window into 7,000 Homes”: The Privacy Fallout

The data Azdoufal “accidentally” accessed represents the ultimate privacy nightmare. The robot vacuum hack didn’t just reveal cleaning schedules; it provided a live, high-definition look inside the private sanctuaries of 7,000 users. According to reports from The Verge and Malwarebytes, the exposed data included:

• Live Camera Feeds: High-resolution video streams used by the Romo for AI-driven obstacle avoidance.
• Real-time Audio: Access to the onboard microphones, intended for voice commands but capable of recording private conversations.
• Detailed 2D/3D Floor Plans: Precise digital maps of homes, highlighting the location of furniture, entrances, and exits.
• Geolocational Data: Precise coordinates derived from the device’s IP address and Wi-Fi SSID mapping.

Azdoufal demonstrated the breach to a journalist by identifying their specific review unit, activating the camera, and describing the exact layout of the room and the color of the furniture. “It wasn’t a hack in the traditional sense,” Azdoufal noted in a recent interview. “I didn’t brute-force anything. I just asked the server for information, and because of the flawed architecture, the server said ‘yes’ to everything.”

The “Mythos” Context: AI as a Force Multiplier for Vulnerabilities

This incident comes at a time of heightened anxiety regarding Anthropic’s recently announced Mythos AI model. While Sammy Azdoufal used the commercially available Claude Code, the underlying engine shares DNA with Mythos—a model so powerful that Anthropic initially restricted its release under “Project Glasswing.”

The robot vacuum hack serves as a practical demonstration of what security experts have warned about for years: the democratization of hacking. In 2024, reverse-engineering a proprietary IoT protocol required weeks of specialized knowledge in network sniffing and packet analysis. In 2026, an agentic AI like Claude Code can automate these steps in a /loop command, testing thousands of potential logic flaws while the human developer drinks coffee.

Mythos and the End of “Security through Obscurity”

Anthropic’s red team has already revealed that the Mythos model autonomously identified a 27-year-old remote-crash vulnerability in OpenBSD—an operating system renowned for its security focus. The fact that a hobbyist could replicate a high-level surveillance breach on a major consumer brand like DJI suggests that the bar for entering the world of offensive cyber-operations has vanished. We have moved from a world where AI suggests code to a world where AI discovers and exploits architecture.

Industry Response: Patches, Bounties, and Lingering Doubts

DJI has moved quickly to contain the fallout. The company confirmed that it has deployed a backend update to its MQTT brokers, finally enforcing strict topic-level ACLs that tie specific device serial numbers to individual user IDs. DJI also rewarded Azdoufal with a $30,000 bug bounty, officially acknowledging his role as a “white hat” discoverer rather than a malicious actor.

However, the robot vacuum hack has left a trail of skepticism. Security researchers from Aisle and Cybernews have suggested that additional vulnerabilities remain unpatched in the Romo’s firmware, including a “PIN bypass” that could allow a local attacker to hijack the camera feed via Bluetooth. Furthermore, the incident has reignited the debate over “hot patching” and the risks of 24/7 cloud-tethered appliances that can be reconfigured—or compromised—without the user’s knowledge.

Conclusion: The New Frontier of Smart Home Security

The Azdoufal incident is more than a “curiosity” of 2026; it is a warning. As our homes fill with mobile sensors, microphones, and AI-driven cleaners, the security of these devices can no longer rely on the assumption that attackers are rare or highly specialized. When every hobbyist has an AI agent capable of identifying “comically basic” logic errors in a manufacturer’s backend, the margin for error for tech companies becomes zero.

For the average consumer, the lesson is clear: your robot vacuum hack risk isn’t just about a malicious hacker in a hoodie—it’s about the inherent fragility of the cloud infrastructures that govern our “smart” lives. As we move deeper into the age of Mythos and agentic AI, the “accidental global hijack” may soon become the new normal unless the industry adopts a “Security by Design” philosophy that is as advanced as the AI tools now being used to dismantle it.

Timeline of the DJI Romo Incident (2026):

1. January 15: DJI Romo gains worldwide popularity for its advanced navigation and interactive “pet-like” AI.
2. February 8: Sammy Azdoufal begins his PS5 controller integration project using Claude Code.
3. February 10: Azdoufal identifies the MQTT wildcard vulnerability and realizes he can access 7,000 units.
4. February 17: The Verge publishes the first report; DJI confirms a backend fix is in progress.
5. March 10: DJI pays Azdoufal a $30,000 bounty and publishes a blog post on “Strengthening the Romo Ecosystem.”
6. May 5 (Today): The incident remains a central talking point in the debate over the safety of Anthropic’s Mythos AI model.