ARGOS: Automated Functional Safety Requirement Synthesis for Embodied AI via Attribute-Guided Combinatorial Reasoning

Ensuring functional safety is essential for the deployment of Embodied AI in complex open-world environments. However, traditional Hazard Analysis and Risk Assessment (HARA) methods struggle to scale in this domain. While HARA relies on enumerating risks for finite and pre-defined function lists, Embodied AI operates on open-ended natural language instructions, creating a challenge of combinatorial interaction risks. Whereas Large Language Models (LLMs) have emerged as a promising solution to this scalability challenge, they often lack physical grounding, yielding semantically superficial and incoherent hazard descriptions. To overcome these limitations, we propose a new framework ARGOS (AttRibute-Guided cOmbinatorial reaSoning), which bridges the gap between open-ended user instructions and concrete physical attributes. By dynamically decomposing entities from instructions into these fine-grained properties, ARGOS grounds LLM reasoning in causal risk factors to generate physically plausible hazard scenarios. It then instantiates abstract safety standards, such as ISO 13482, into context-specific Functional Safety Requirements (FSRs) by integrating these scenarios with robot capabilities. Extensive experiments validate that ARGOS produces high-quality FSRs and outperforms baselines in identifying long-tail risks. Overall, this work paves the way for systematic and grounded functional safety requirement generation, a critical step toward the safe industrial deployment of Embodied AI.

💡 Research Summary

The paper addresses the critical challenge of scaling functional safety analysis for embodied AI systems that operate in open‑world environments based on unrestricted natural‑language instructions. Traditional Hazard Analysis and Risk Assessment (HARA) relies on enumerating risks for a finite set of predefined functions, which becomes infeasible when the operational design domain is effectively infinite. Recent attempts to use large language models (LLMs) as “expert surrogates” improve documentation efficiency but suffer from a lack of physical grounding, leading to semantically plausible yet physically incoherent hazard descriptions.

To bridge this gap, the authors propose ARGOS (AttRibute‑Guided cOmbinatorial reaSoning), a two‑stage pipeline that grounds LLM reasoning in concrete physical attributes and then translates the grounded hazards into regulatory‑compliant functional safety requirements (FSRs).

Stage I – Attribute‑Guided Hazard Discovery

1. Semantic parsing: An input instruction (e.g., “deliver hot soup while a child is playing”) is parsed with spaCy to extract semantic units.
2. Attribute injection: Each unit is embedded with a BGE model and matched against a curated rule base of physical constraints (mass, friction, acceleration limits, etc.) using a similarity threshold (τ = 0.7). The resulting attribute set A_injected encodes the physical properties relevant to the scenario.
3. Combinatorial risk inference: The seed scenario together with A_injected is fed to an LLM via a carefully designed prompt. The model performs a combinatorial deduction over up to k = 3 risk factors, producing a detailed hazard description H_desc that explicitly links physical causes (e.g., child’s high lateral acceleration, robot’s emergency‑stop latency) to effects (fluid sloshing, scalding).

Stage II – Scenario‑Anchored Requirement Synthesis

1. Constraint‑guided synthesis: H_desc is combined with a Robot Capability List (payload, sensor range, actuator limits) and the relevant clauses of ISO 13482.
2. FSR generation: The LLM, now conditioned on both the hazard narrative and the hardware/regulatory constraints, outputs functional safety requirements that are physically realizable (e.g., “limit gripper force to ≤ 0.8 MPa during emergency stop to prevent fluid ejection”).

The authors evaluate ARGOS on a curated dataset of 48 seed scenarios expanded to 365 hazard instances. In Stage I, human judges and an LLM‑as‑judge metric show that ARGOS outperforms vanilla LLM and physics‑aware chain‑of‑thought baselines by 15‑22 % across accuracy, physical consistency, and long‑tail risk detection. Latent semantic topology analysis confirms that ARGOS captures a richer, less redundant set of hazards. In Stage II, an ablation study demonstrates that removing either attribute injection or regulatory conditioning degrades FSR quality, confirming the necessity of both components.

Key contributions are: (1) the first automated framework that synthesizes functional safety requirements directly from unconstrained natural‑language commands; (2) a shift from label‑to‑label statistical mapping to explicit attribute‑based deduction, mitigating the symbol grounding problem; (3) extensive empirical validation showing superior performance in both hazard discovery and requirement generation, especially for rare but severe risk scenarios.

Limitations include the upfront cost of building the rule base, computational overhead of exhaustive k‑factor combinatorial exploration, and sensitivity to prompt design. Future work aims to automate rule‑base updates, integrate large‑scale simulation for validation, and extend the approach to multi‑robot, multi‑task settings.

Overall, ARGOS provides a scalable, physically grounded pathway to generate high‑quality safety documentation for embodied AI, paving the way for safer deployment of robots in homes, care facilities, and other open‑world contexts.