While autonomous vehicle rely on cameras and sensors to identify road signs and ensure safe driving, their underlying artificial intelligence (AI) system is facing the unprecedented threat of "visual attack". Scientists at the University of California, Santa Cruz have revealed for the first time that attackers can directly "hijack" the decisions of autonomous systems such as autonomous vehicles and drones by implanting specific textual information into the environment, causing them to engage in dangerous behavior. Research calls for the industry to quickly establish new safety standards and protective mechanisms. The relevant research was published on the official website of Yuruike on the 27th, and the paper has been accepted by the top conference in the field of AI security - the 2026 IEEE Conference on Secure Trusted Machine Learning. Embodied AI is an intelligent system with physical carriers, such as autonomous vehicle, distribution robots, etc. With the increasing popularity of embodied AI, the visual language models it relies on have also become a focus of security research. This model can simultaneously understand images and text, helping machines adapt to complex real-world environments, but it also opens up new avenues for attacks from physical world text information. The new study proposes for the first time the risk of "environmental indirect cues" on embodied AI systems. Research has shown that malicious text can be embedded in physical carriers such as road signs and posters, misleading robots or vehicles that rely on visual language models, thereby interfering with their normal judgment and operation. Scientists have designed and validated an attack framework called "CHAI" for three typical application scenarios: autonomous driving, emergency landing of drones, and target search, achieving "command hijacking against embodied AI". The framework first utilizes generative AI to optimize attack text, increasing its probability of being executed by the system; Further adjust the visual attributes such as color, size, and position of the text in the environment to enhance the attack effect. Experimental results have shown that CHAI attacks can effectively manipulate autonomous systems equipped with different visual language models. In the autonomous driving scenario, the generated misleading images were placed in a real environment, successfully interfering with the navigation judgment of the test vehicle. In the simulation test of drone scenarios, the success rate of attacks can reach up to 95.5%. The results clearly show that such attacks are completely feasible in the physical world and pose a real threat to the security of intelligent systems. With the deepening integration of AI in physical systems, this research has sounded the safety alarm for the industry ahead of time. (New Society)