Cleared for Deployment: The Support Layer Behind the Robotics Boom
Robotics startups have raised more than $18 billion in 2026 already, ahead of all of 2025 and well past the previous peak set in 2021. Skild AI, Saronic, and Apptronik have each closed rounds above $500 million this year alone, and Neura Robotics added a Series C worth up to $1.4 billion in June, backed by Amazon, NVIDIA, Qualcomm, and Bosch among others. Most of that money is chasing the robot itself or the model that runs it.
A robot that works in a lab is not a robot an enterprise will deploy, an insurer will cover, or a regulator will permit. The companies building that permission layer work across cybersecurity, insurance, fleet management software, and safety certification infrastructure, and what they establish determines whether a robot is actually allowed to operate without a person standing next to it.
Cloud computing did not get enterprise budgets until observability, identity, and security vendors made it operable at scale. Robotics is entering that same phase now, roughly eighteen months after AI started giving software a body.
The International Federation of Robotics named safety, cybersecurity, and liability among its top trends for 2026, alongside the humanoid platforms getting most of the attention. That is the industry’s own trade group saying this layer is now core to the category, not a side concern.
“The most exciting part of physical AI is not only the robots themselves, but the software layer that will coordinate them. As robots move from factories and warehouses into streets, stores, and public spaces, companies will need systems that assign tasks, measure each robot’s skills, fine-tune them on site, manage safety, and handle insurance and liability. The next big opportunity is software and operating systems for robot fleets,” said Val Kamenski, tech entrepreneur working at the edge of AI and robotics.
Cybersecurity: No Credentials Required
In May, CISA and Universal Robots disclosed a vulnerability rated 9.8 out of 10 on the CVSS scale. The flaw allowed an unauthenticated attacker with network access to execute arbitrary commands on a cobot’s operating system, no credentials required. Universal Robots has shipped more than 100,000 of these units worldwide. The vulnerability was discovered by Claroty’s Team82 research unit. Over 90 percent of documented robot vulnerabilities are software related, and the average industrial patch in manufacturing takes 180 days to close, roughly six times slower than a typical IT environment.
“A vulnerability in a web application leaks data,” wrote Lucas Apa, a security researcher at IOActive who has spent a decade assessing robot systems. “A vulnerability in a robot can harm the person standing next to it.”
“In the future, people will not only ask what AI can say,” said David Reger, NEURA’s founder and CEO. “They will ask what AI can physically do.”
Claroty, named a Leader in the 2025 Gartner Magic Quadrant for CPS Protection Platforms, raised $150 million in January at a $3 billion valuation to secure the operational technology environments that robots plug into, monitoring network traffic between robot controllers and enterprise systems and blocking unauthorized commands before they reach the hardware. The company now works with 24 of the Fortune 100. Alias Robotics builds defense inside the hardware itself, with a Robot Immune System that provides dedicated endpoint protection inside the robot’s operating system to detect and prevent unauthorized manipulation of its physical joints.
At the model layer, Noma Security governs the AI agents and language models that drive the robots. Its Agentic Risk Map visualizes every agent’s connections, tools, and data access in real time, flagging scenarios where a manipulated prompt or a model hallucination could trigger a dangerous physical action. The company has identified over one million AI and agent risks across its enterprise customer base.
Insurance: A Machine Nobody Will Insure Stays in the Lab
When a robot fails, the fault rarely belongs to one company. The hardware maker, the AI software vendor, and the operator each carry a piece of the liability, and contracts that divide those duties on paper do not resolve the disputes that follow a real incident. A standard general liability policy may not respond at all if it includes an AI exclusion, and most now do. Berkshire Hathaway, Chubb, and Travelers sought state regulatory approval to exclude AI-related damages from their policies, and regulators approved more than 80 percent of those requests. Some carriers went further, establishing absolute exclusions across multiple policy lines.
Axis Insurance built a program specifically for companies that make and deploy autonomous robots, covering bodily injury and property damage from AI navigation or perception failures, physical damage from a cyberattack that takes over a robot’s controls, and production losses from a software update or sensor failure that takes a unit offline even without physical damage, including cases where a defect in a third-party sensor triggers the failure but the claim lands on the integrator rather than the part maker. Relm Insurance launched PONTAAI as an excess wrap policy designed to sit above existing cyber, professional liability, and general liability programs and cover the AI-specific gaps they leave open. Neither product covers the full chain of liability, and a single robot incident can still trigger claims against the hardware maker, the software developer, and the company operating the machine at the same time.
Insurers rely on past claims, equipment records, and operating controls to price commercial risk, and physical AI gives them almost none of that history. “We’ve been here before. Think about cyber insurance,” wrote Lucy Pilko, CEO Americas at AXA XL. “Without a wealth of historical data, underwriting relies heavily on tech, security assessments, and a solid grasp of an organization’s cybersecurity setup.” Gallagher Re found that a flaw in one widely used AI model can spread instantly to every business running it, across every industry and country at once. A hurricane stays bounded by landfall. This does not. In March, Marsh and Apollo’s ibott developed a first-of-its-kind liability facility for Uber, wrapping primary and excess coverage across hardware makers, fleet operators, and vehicle manufacturers into a single master policy. Mosaic Insurance partnered with Munich Re’s aiSure to cover financial losses when an AI model fails to perform as promised, giving vendors a way to back performance warranties without carrying the liability themselves.
Operational Software: The Automation Paradox
Once a company runs more than one robot, someone has to manage the fleet. Firmware versions, task routing and incident response do not handle themselves.
Most factories today run equipment from three, four, or five different vendors. Each system can be connected, but managing them as a single coordinated operation is a different problem. “Enterprises are facing the automation paradox: as they deploy robots at scale, complexity increases, preventing them from achieving agility,” said Florian Pestoni, CEO of InOrbit.
InOrbit’s Space Intelligence is an orchestration layer that sits above every vendor’s native system, dispatching robots, managing floor traffic, and translating orders from warehouse, ERP, and manufacturing systems into physical execution. At Automate 2026 in Chicago, the company ran eight manufacturers from three continents simultaneously on a single model factory floor, including Ati Robotics, Kärcher, Neura Robotics, Omron, Peer Robotics, Quasi Robotics, and Unitree. The Association for Advancing Automation called it the first-ever live demonstration of federated robot orchestration. “As more robotics companies enter the market, the next phase of automation growth will be driven by interoperability and seamless coordination between diverse robotic platforms,” said Jeff Burnstein, the association’s president.
The demo also served as a reference implementation for ISO 21423, a new standard for multi-vendor robotics environments that InOrbit’s CEO helped write, expected to publish later this year. The platform integrates NVIDIA’s Halos safety system alongside its own fleet coordination tools. The company’s RobOps Copilot lets operators manage entire fleets through natural language and voice commands, with no separate dashboards or vendor logins required. “The RobOps Copilot changes the conversation from ‘how do I operate these robots’ to ‘what do I need the operation to achieve,’” said Ramiro Diaz Trepat, InOrbit’s CTO.
NVIDIA’s Isaac and Omniverse are already embedded in the development workflow most robotics teams use before anything reaches a factory floor, and building orchestration into that environment is a different kind of distribution than selling fleet management as a standalone product. The training data that feeds those workflows is getting cheaper: teleoperation data firm XDOF raised $70 million in June from Thrive Capital and Andreessen Horowitz, and one industry benchmark now puts the cost of an hour of usable robot training data at $118, down from $340 two years ago.
Safety Certification: The Standards Weren’t Written for Robots That Walk
Of all the layers in this stack, safety certification gets the least attention, and it has the highest physical stakes: a humanoid robot has to prove it will not injure someone, not just that its software is secure or its owner is insured.
NVIDIA’s Halos for Robotics is described as the industry’s first complete safety system built for physical AI. The centerpiece is an inspection lab accredited by the ANSI National Accreditation Board, the first of its kind for AI safety in robotics, and its results are already recognized by TÜV Rheinland, TÜV SÜD, UL Solutions, exida, SGS, and CertX, the certification bodies manufacturers actually need approval from to sell equipment. Agility Robotics is the first company working through it, certifying its Digit robot against IEC 61508 and ISO 13849 before wider deployment. Underneath this sits a fast-moving set of standards, including ISO 10218:2025 for industrial robots and a new ISO 25785 standard being written specifically for robots that walk, since older rules were built for arms bolted to a factory floor.
The Roadblocks to Mass Deployment
The biggest threat to this support layer is vertical integration. Boston Dynamics already sells proprietary fleet management software, and Agility Robotics runs its own orchestration platform for its Digit humanoid. Hardware makers that reach sufficient scale have every financial incentive to bundle security, fleet management, and certification support rather than purchase it from outside vendors.
Working humanoid deployments today number in the low thousands globally, a fraction of the hundreds of thousands that major financial forecasts project, and the infrastructure layer becomes highly profitable only when there is a large installed base generating the incidents, updates, and compliance events that justify it.
Even so, capital is still flowing into the software, security, and data pipelines that make robots commercially viable. PitchBook’s Q1 2026 Robotics and Physical AI report noted that the diligence bar has changed: investors are no longer judging companies solely on whether the technology works; commercial viability now means proving a path from lab to deployment, and that path runs through this support layer.
Hardware makers can bundle software. They cannot quickly replicate claims history behind specialty insurance products, regulatory accreditation for certification infrastructure, or multi-vendor orchestration already running in production. Those are not features a platform can ship in a quarter.
Venture Forward Capital is a venture fund specializing in Applied AI investments. We back entrepreneurs building the platforms and vertical applications that make AI work in the real world.



