MYNDRA-LWM · World Model Security Taxonomy

Practitioner Framework · v1.0 · Open Source

MYNDRA-LWM

Large World Model Security Taxonomy

10 attack categories

5 cognitive components

v1.0 · 2026

Open · Citable · Universal

The first open practitioner framework for security risks in autonomous AI systems that build and act on internal models of reality, organized by cognitive architecture component.

Explore the Top 10

Foundation

What are world models?

Understanding why this new class of AI systems requires its own security framework.

Large Language Models have transformed how AI systems process and generate information. They excel at knowledge synthesis, contextual reasoning, and producing coherent responses across virtually any domain, achievements that represent genuine breakthroughs in AI capability.

World model systems extend this foundation in a fundamental direction. Where language models operate primarily in the space of text and token sequences, world model systems build internal simulations of how environments actually behave over time. They do not just describe what might happen next, they model the underlying causal structure that makes prediction possible, then use that model to plan optimal sequences of actions.

This capability shift is what enables a new generation of autonomous systems: robots that plan manipulation tasks by simulating physical outcomes, autonomous vehicles that predict the behavior of other agents before acting, and spacecraft that make long-horizon decisions about orbital maneuvers. The same cognitive architecture that makes these systems capable also introduces a new class of security vulnerabilities, ones that existing frameworks were not designed to address.

MYNDRA-LWM maps this new attack surface systematically, organized around the cognitive architecture that all world model systems share.

Large Language Models

World Models

Predict next token in sequence

Predict next state of environment

Operate in language space

Operate in physical state space

Generate text responses

Plan and execute action sequences

Context window as memory

Persistent belief state over time

Input: text, images, audio

Input: sensors, video, control signals

Deployment: assistants, copilots

Deployment: robots, vehicles, satellites

Causal reasoning

World models learn why things happen, not just that they co-occur. They build internal representations of environment dynamics, enabling genuine causal inference about actions and consequences.

Planning in imagination

Before acting, world model systems simulate thousands of possible futures internally, evaluating predicted outcomes and selecting the optimal action sequence, without touching the real environment.

Temporal grounding

World models are trained on time-series observations from physical environments, sensor streams, video, control logs, creating representations grounded in real-world dynamics across time.

Cognitive Architecture

The five-component stack

Every world model system, regardless of specific architecture or domain, shares this cognitive structure. MYNDRA-LWM organizes attacks by which component they target.

Component 01

Perception

Encodes raw sensory observations, pixels, sensor readings, audio, into compact latent representations.

WM-01 · WM-08

Component 02

World state

Maintains the compressed internal belief about what is true in the environment at the present moment.

WM-02 · WM-06 · WM-09

Component 03

Prediction

Models how world states evolve given actions. The causal dynamics model at the heart of the system.

WM-03 · WM-07

Component 04

Planning

Simulates action sequences internally to identify optimal policies before touching the real environment.

WM-04 · WM-10

Component 05

Action

Executes the selected action in the real environment and receives the resulting observation.

WM-05

MYNDRA-LWM Top 10

The attack surface

Ten categories of attacks targeting the cognitive architecture of world model systems. Click any entry to expand the full definition, attack vector, detection guidance, and mitigation strategies.

6 critical

3 high

1 medium

10 entries shown

All Perception World state Prediction Planning Action

Usage

How to use this taxonomy

MYNDRA-LWM is designed to be practical, universal, and composable with existing security frameworks.

01 · Threat modeling

Map your attack surface

Identify which of the five cognitive components your system exposes. Every exposed component corresponds to specific WM entries that require mitigation. Use the architecture diagram to walk through your system's data flow.

02 · Red teaming

Structure your test plan

Use WM entries as test categories in red team exercises. Each entry's attack vector section provides a concrete methodology. The detection section tells you what signals to monitor during testing to confirm attack success.

03 · Secure design

Build in mitigations

During system design, consult the mitigation sections for each component your architecture includes. Many mitigations are architectural decisions, ensemble strategies and separation of concerns, that are significantly cheaper to implement at design time than after deployment.

Scope

MYNDRA-LWM covers decision-coupled world model systems, architectures where the world model drives autonomous action in the real world. This includes robotic systems, autonomous vehicles, spacecraft with onboard autonomy, and AI agents with persistent world state. Generative video models used solely for human consumption are outside scope. If your system's world model predictions translate directly into physical actions, MYNDRA-LWM applies.