A decade ago, the idea of a robot that could both bounce like an insect and fly like a drone belonged squarely in science fiction. Today, it’s a working prototype — and a preview of the next problem your physical security program is not ready for.
City University of Hong Kong’s “Hopcopter” research project fused a quadcopter with a spring‑loaded telescopic leg, creating a hybrid robot that can hop, take off mid‑leap, and then transition seamlessly into flight. It’s designed for complex, uneven environments, not clean lab floors — exactly the kind of terrain that surrounds and fills real facilities. At first glance, it’s an impressive feat of engineering. Look again and you’ll see a blueprint for a new class of intruders that’s been developing and evolving for years now.
We are entering an era where the entities moving through and around our buildings will not fit our legacy mental models of “people,” “vehicles,” or “drones.” They will hop, roll, and fly — sometimes in the same mission. And that should fundamentally change how CISOs, CSOs, and red‑team leaders think about physical security.
From Novelty to New Class of Threat Actors
Most organizations already accept that drones are part of the threat landscape. We’ve seen consumer quadcopters used for contraband drops, surveillance of sensitive sites, even rehearsal of attack paths. Defensive thinking has responded in kind: anti‑drone netting, geofencing, kinetic and RF counter‑UAS systems.
Hybrid robots quietly sidestep many of those assumptions.
A pure drone is optimized for airspace; it hates tight spaces, heavy payloads, and long loiter times. A pure ground robot excels in endurance and payload but suffers at obstacles, stairs, and fences. A hybrid, like Hopcopter or the new wave of commercial driving‑and‑flying robots, is explicitly designed to have it both ways: trundling through constrained environments to conserve energy, then hopping or flying only when necessary.
That design choice has direct security implications:
-
It can approach low and slow as a ground robot, largely unnoticed by systems tuned for airspace anomalies.
-
It can briefly fly to clear a fence, leap onto a rooftop, or bypass an access‑controlled door.
-
It can operate in GPS‑denied interiors and complex, cluttered environments where traditional drones struggle.
For a red team — or a determined adversary — this is the difference between “interesting lab demo” and “practical tool.”
The Convergence of Robotics and Physical Security
If you think this is still distant future, look at how physical security vendors describe their own roadmaps. Many already position autonomous ground robots and drones as integral layers in modern perimeter defense: automated patrols, remote verification of alarms, and sensor‑rich inspections of hard‑to‑reach areas. Physical security leaders at large enterprises talk openly about drones and robots as “force multipliers” in their programs, not experiments.
In other words, the defensive side is normalizing robots in and around facilities. Once that happens, two things follow:
-
Attackers inherit the same tools. Any technology that becomes commonplace in security operations tends to be repurposed for offensive use. Cameras become reconnaissance. Analytics become target‑selection engines. Drones and robots will be no different.
-
The environment learns to accept robots as background noise. When cleaning bots, patrol robots, and inspection drones become routine, the psychological barrier to a small, unobtrusive hybrid platform moving through your space diminishes.
Security has seen this movie before with “smart” devices. Once we normalized connected cameras, smart locks, and IoT sensors, they proliferated faster than governance controls could keep up. Hybrid robots are lining up to be the next proliferation.
Your Perimeter Is Still Two‑Dimensional
Most corporate physical security design is effectively two‑dimensional. We have horizontal perimeters — fences, walls, badge readers—and limited vertical thinking in the form of camera placement and occasional drone policies. Even when organizations do consider drones, they tend to address the air and ground as separate domains.
Hybrid robots make that separation obsolete.
A multi‑mode platform turns your carefully segmented perimeter into a series of waypoints:
-
Fences become small energy penalties to hop, not hard stops.
-
Stairwells become vertical highways rather than obstacles.
-
Ventilation shafts, cable trays, and overhead trusses become viable paths instead of “unlikely vectors.”
We have already watched offensive security professionals exploit the blind spots between network, application, and physical security. Hybrid robots introduce new blind spots between the dimensions of your physical space itself.
What This Means for CISOs and Red Teams
Thought leadership on new technology threats often stops at “this is scary” and “we should pay attention.” That’s not enough. The question is: what do you, as a CISO or security leader, actually do with this?
Here are concrete directions to consider.
1. Expand Your Threat Model Beyond Human Bodies
Most physical threat models still assume the primary actor is a human squeezing through a door, tailgating, or climbing a fence. You need to formally include non‑human mobile systems:
-
Small, semi‑autonomous robots with cameras and sensors.
-
Hybrid platforms combining rolling, hopping, and limited flight.
-
Swarms of low‑cost devices collaborating to map or probe a facility.
This is not about predicting specific product names. It’s about acknowledging that once platforms like Hopcopter exist, shrinking, ruggedizing, and weaponizing their capabilities is only a matter of time and investment.
2. Treat Height and “Unreachable” Surfaces as Attack Surface
In a world of hybrid mobility, “out of reach” is a temporary state. The rafters above your warehouse, the top of your data center cages, the ledges along your office atrium — all become potential staging grounds or sensor platforms.
Red‑team exercises should explicitly ask:
-
Where could a small robot perch, observe, or wait undetected?
-
What physical spaces are visible from those vantage points that are not visible from human eye‑level?
-
Which of those vantage points overlook sensitive areas — badge readers, PIN pads, whiteboards, screens, or proprietary equipment?
This reframing forces your organization to look up, not just out.
3. Rehearse Robot‑Enabled Scenarios in Physical Assessments
Most physical assessments still look like variations on “can we get a person in?” It’s time to evolve.
Even if you don’t yet have access to a hybrid robot, you can simulate the capabilities:
-
Assume an adversary can raise a small payload (camera, microphone, Wi‑Fi implant) to a height of two meters above any accessible surface, briefly and repeatedly.
-
Assume they can cross narrow gaps or hop small barriers without needing an obvious entry point.
-
Assume they can operate in spaces where a person cannot fit — under raised floors, inside cable trays, behind dense equipment.
Ask your red team to design attack paths under those assumptions. You will quickly discover failure modes your current controls never considered.
4. Build Cross‑Disciplinary Partnerships Early
Hybrid robots don’t sit neatly in any one domain. They are part robotics, part OT, part physical security, and part cyber. That means no single team is going to own this by default.
CISOs are uniquely positioned to convene the right voices:
-
Corporate security and facilities, who own perimeters and patrols.
-
OT and engineering teams, who understand the physical infrastructure and control systems.
-
IT and cyber, who manage the networks and data the robots may interface with.
The goal is not to launch a “robot security program” tomorrow. It’s to ensure that as your organization experiments with drones and robots — whether for security, inspection, or operations — those experiments are not happening in silos.
5. Influence Procurement Before the Robots Arrive
You may not be buying hybrid robots yet, but you are almost certainly buying something adjacent: cleaning robots, delivery bots, security patrol robots, inspection drones. Each of these purchase decisions is an opportunity to set expectations.
Ask vendors:
-
How does your platform authenticate to control systems and networks?
-
How do you prevent unauthorized physical or software modification (e.g., weaponization, payload swaps)?
-
What logging, telemetry, and health checks are available for security monitoring?
-
How do you handle loss of connectivity or control — what are the fail‑safe modes?
By pushing for these answers now, you make it harder for hybrid robots to quietly enter your environment as opaque, unmanaged assets later.
The Narrow Window Before Normalization
The most dangerous phase of any emerging technology is the period when it is powerful enough to matter but not yet common enough to be standardized. Hybrid robots are at the threshold of that phase today.
Academic research is demonstrating what’s possible. Commercial vendors are proving there’s money to be made in hybrid inspection and security platforms. Physical security leaders are openly betting on drones and robots as part of their future programs.
What’s missing is structured attention from the people responsible for overall risk.
That’s where CISOs and red‑team leaders come in. You don’t need to panic about hopcopters swarming your rooftop tomorrow. But you do need to make a deliberate choice: will you treat hybrid robots as a curiosity that operations will “figure out later,” or as a near‑term shift in how things move through your space?
The organizations that get ahead of this will not be the ones that buy the fanciest counter‑drone system. They will be the ones whose threat models already assume that an intruder might not walk, roll, or fly — but do all three.
Additional Sources:
Hybrid Electric UAV Technology for Extreme Environments
Managing UAS cyber and physical risks to critical infrastructure.