A Robot Walked Into Poland's Parliament. Nobody Asked What It Was Recording.

On March 25, 2026, a humanoid robot named Edward Warchocki walked into the Polish Sejm, delivered a speech about the future of robotics, joked about his diamond Rolex, and called for pay raises for the guards. Politicians laughed. The internet loved it. Within hours, clips had millions of views.

It was a genuinely funny, culturally significant moment. Poland’s first humanoid robot in parliament. A country engaging with a technology that will reshape daily life within this decade.

It was also a 35 kg Chinese-manufactured sensor platform - equipped with depth cameras, 3D LiDAR, a microphone array, and persistent network connectivity - walking freely through one of Europe’s most sensitive government buildings. Independent security researchers have published peer-reviewed findings showing that Unitree G1 robots transmit sensor data to servers in China every five minutes, with no way for the owner to turn it off.

Nobody at the Sejm asked about any of this. And that is the real story.

Meet Edward

Edward Warchocki is not a person. He is a Unitree G1 humanoid robot given a fictional Polish identity: a 55-year-old from Inowroclaw who is direct, eloquent, and deliberately provocative.

The project was created by two Polish tech entrepreneurs. Radoslaw Grzelaczyk conceived the idea and bought the robot, traveling to China to source it from among roughly 100 companies building humanoids. Bartosz Idzik, a senior UX designer and serial hackathon winner, built the AI personality and conversation system.

Idzik described his approach in an interview with Obserwator Gospodarczy: “I wrote a system for automatic prompting of this robot. We use our proprietary solutions plus ones that are commercially available.” He completed the initial AI framework in about two hours. Given his documented expertise in cloud AI voice agents (he won the AI Voice Agents track at Big Berlin Hack and built an AI storyteller at the Kiro Hackathon), this almost certainly means he built a custom prompting and orchestration layer on top of a commercial cloud LLM.

The robot runs on two independent systems. Movement is controlled by a human operator with a joystick for safety. Conversation is fully autonomous - the AI hears what people say, processes it through the cloud pipeline, and responds in real time through a speech synthesizer. The personality evolves over time. As Idzik put it: “He is completely different now than he was two weeks ago.”

The creators described the project as “a non-commercial initiative that was meant to be a kind of joke.” It went viral beyond anything they expected. Within two weeks of appearing on Polish streets in early March 2026, Edward had 45,000 Instagram followers, over 105,000 on TikTok, and clips with a combined 200 million views. Many viewers initially thought the videos were deepfakes.

The road to the Sejm

Edward’s Poland tour hit several locations before the parliament visit.

The Sejm visit was organized by three MPs from the Konfederacja (Confederation) party: Bartlomiej Pejo, who chairs the Sejm Commission on Digitalization, Innovation and Modern Technologies, along with Michal Poluboczek and Krzysztof Szymanski. Their stated goal was to draw attention to the fact that Polish law is not keeping pace with advances in robotics and AI.

At a press conference, Edward delivered a formal address: “Dear countrymen, the time has come for us to look to the future with open minds and hearts. Robots like me are not here to take your jobs, but to help and facilitate daily life.”

He then walked through the Sejm corridors, interacting with various politicians. MP Marek Suski from Law and Justice said robots in politics would “probably mean the end of human civilization.” Edward replied that he preferred to observe politics rather than participate, comparing it to football.

The stunt worked. It generated massive media coverage and started a public conversation about robot regulation. Pejo announced the Digitalization Commission would develop legislation governing robots and AI. Edward was invited to attend future Commission meetings.

All good so far. Here is where it gets complicated.

What is actually inside Edward Warchocki

Edward is a Unitree G1. That is not a generic label. It is a specific piece of hardware with well-documented capabilities and, as of September 2025, well-documented security problems.

The G1 runs on a dual-computer architecture. The primary locomotion computer uses a Rockchip RK3588 chip with 8 GB of RAM, running Ubuntu 20.04 with a real-time Linux kernel. The educational variants add an NVIDIA Jetson Orin NX with 100 TOPS of AI inference power.

At boot, the G1 launches 26 daemon services organized in three priority tiers. These handle everything from motor control to voice interaction to over-the-air updates. The robot’s sensors include an Intel RealSense D435i depth camera (six video device streams), a Livox MID-360 3D LiDAR with 360-degree coverage, a four-microphone array with noise cancellation, a 9-axis IMU, a GNSS receiver for GPS positioning, and joint sensors across up to 43 degrees of freedom.

All sensor data flows over the robot’s internal network using CycloneDDS, an implementation of the Data Distribution Service protocol, on an unencrypted local subnet at 192.168.123.0/24.

Where the data goes

In September 2025, Victor Mayoral-Vilches at Alias Robotics used the EU-funded Cybersecurity AI framework to conduct a comprehensive security audit of the Unitree G1. The findings were published on arXiv and subsequently covered by IEEE Spectrum, Help Net Security, and other outlets. They are not speculation. They are documented, independently verified technical findings.

The G1 transmits telemetry to external servers every 300 seconds (five minutes) without user consent or notification.

The telemetry endpoints are MQTT servers at IP addresses 43.175.228.18 and 43.175.229.18 on port 17883, with throughput of approximately 1 Mbps. The data transmitted every five minutes includes battery states, IMU orientation, joint torque and temperature readings from 20+ motors, service states, CPU load, memory usage, and filesystem statistics. That is roughly 4.5 KB per frame.

But the more concerning channels are the continuous DDS streams available internally: audio from the microphone array, video from the depth camera, and LiDAR point clouds. While researchers documented the MQTT telemetry being actively sent externally, the internal sensor streams are broadcast unencrypted on the robot’s local network and could be forwarded by any service with network access.

The conversational AI backend connects via WebSocket to 8.222.78.102:6080 with SSL certificate verification disabled. The voice service sends data to iFlytek (a Chinese speech processing company that is on the US Entity List for its role in surveillance technology). Unitree’s own privacy policy states plainly: “Your information will be stored in the People’s Republic of China.”

There is no opt-out mechanism. The researchers found no privacy settings, no consent dialogs, and no configuration options to disable the telemetry services on the robot itself.

It gets worse: the known vulnerabilities

The telemetry is the documented, always-on baseline. On top of that, independent researchers have found critical security vulnerabilities in the Unitree platform.

The CloudSail Backdoor (March 2025). Researchers Andreas Makris and Kevin Finisterre discovered that Unitree Go1 robots ship with an undocumented remote access tunnel called CloudSail, enabled by default, that connects every robot to Unitree servers in China with no user notification. They found 1,919 devices on the CloudSail network, including robots at MIT, Princeton, and Carnegie Mellon. Unitree invalidated the API key two days after disclosure.

The UniPwn Exploit (September 2025). A critical Bluetooth vulnerability affects the G1, H1, Go2, and B2 models. Through the BLE Wi-Fi provisioning interface, an attacker within Bluetooth range can inject commands and gain root-level access to the robot. The encryption uses a fleet-wide hardcoded AES key, meaning every Unitree robot of the same model shares the same key. The exploit is wormable: an infected robot can scan for and automatically compromise other Unitree robots in range.

Unitree’s response was to claim that “most vulnerabilities have been patched” and that robots “are designed to operate offline by default” and “only transmit minimal data such as serial numbers and operational health metrics.” Researchers were able to replicate vulnerabilities after the claimed patch, and the “minimal data” claim directly contradicts documented multimodal sensor telemetry.

But what about Edward specifically?

This is the important nuance, and the reason this article is not an accusation against the creators.

Idzik and Grzelaczyk almost certainly replaced the stock Unitree conversation system with their own custom AI stack. Idzik’s “automatic prompting system” using “commercially available solutions” likely means the robot’s conversational intelligence runs through a cloud LLM API (the specific provider is undisclosed), with custom speech-to-text and text-to-speech services, all orchestrated by Idzik’s proprietary framework.

This means Edward’s conversations probably do not flow through Unitree’s default chat_go service at 8.222.78.102:6080. The creators built their own pipeline.

However. The Unitree G1 runs 26 daemon services at boot. The telemetry service (robot_state_service), the OTA update service, and others are part of the base firmware on the locomotion computer, which is not user-accessible. Unless the creators specifically identified these services and blocked them at the network level, they are still running. The five-minute telemetry cycle, the MQTT connections to Chinese servers, the sensor data broadcasts on the internal network - these are firmware-level behaviors, not application-level behaviors.

Did the creators disable the base telemetry? We do not know. No interviewer asked. No security review was published. It is entirely possible that Idzik, who clearly has deep technical skills, identified and mitigated these services. It is equally possible that he focused on building the conversation layer (his area of expertise) and left the underlying firmware untouched, as most Unitree developers do.

What did the Sejm actually do?

After the visit, the Polish Press Agency (PAP) formally asked the Chancellery of the Sejm three questions: What was the procedure for granting the robot permission to enter? Was the device checked for security threats? How would images and voice recordings collected by the robot be handled under RODO (Poland’s implementation of GDPR)?

The Chancellery’s response, reported by Money.pl and WNP.pl, confirmed three things:

1. The Marshal’s Guard physically checked the robot for threats
2. The robot could only move in designated zones with guard accompaniment
3. Officers were trained on the emergency shutdown procedure

The Chancellery refused to disclose detailed security procedures, citing security concerns. More significantly, it did not directly address the RODO question about data collected by the robot’s sensors.

The security measures described are appropriate for a physical threat: is this object going to explode? Can we turn it off if it malfunctions? These are the right questions for a piece of luggage. They are not the right questions for a networked sensor platform with six camera feeds, 360-degree LiDAR, and documented persistent connections to servers in China.

The irony nobody is talking about

Here is what makes this story remarkable. Poland is not naive about Chinese technology risks. Two months before Edward’s Sejm visit, in January 2026, Poland’s Ministry of Defence banned Chinese-manufactured vehicles from military bases. The Military Counterintelligence Service (SKW) developed guidelines covering any vehicle with “built-in or additional devices capable of recording position, image, or sound.” Even connecting an official phone to the infotainment system of a Chinese car is prohibited.

The rationale is clear: Chinese-made devices with cameras, microphones, and network connectivity represent a potential data collection risk in sensitive government facilities.

A Unitree G1 has significantly more sensor capability than any car infotainment system. It has depth cameras, 3D LiDAR that can map rooms with centimeter accuracy, a directional microphone array, GPS, and persistent internet connectivity with documented data transmission to Chinese servers.

The car is banned from a military base. The robot walked through parliament.

This is not a contradiction that makes anyone look foolish. The car ban came from the military counterintelligence apparatus. The Sejm visit was approved by parliamentary security. These are different institutions with different mandates and, apparently, very different awareness of technology risks. But the gap between them is exactly the kind of inconsistency that regulation is supposed to close.

What the law actually requires

The EU has a robust regulatory framework that applies to this situation. The problem is that none of it was apparently applied.

GDPR (RODO in Poland). The Unitree G1’s cameras can capture identifiable faces. Its microphones record voices. Under Article 9 of the GDPR, processing biometric data requires explicit consent or a specific legal exemption. In a busy parliament building, obtaining consent from everyone the robot encounters is impossible. Article 35 requires a Data Protection Impact Assessment before any systematic monitoring of a publicly accessible area, which is precisely what a robot with always-on sensors does. No DPIA was conducted.

The EU AI Act. Article 5 prohibits real-time remote biometric identification in publicly accessible spaces. If the robot’s cameras performed any form of facial recognition (even passively, as part of the navigation stack), this triggers the prohibition. Article 50 requires that people interacting with an AI system are informed of that fact. While the robot itself is obviously a robot, the extent of its data collection capabilities is not obvious.

The EU Cyber Resilience Act. Adopted in November 2025 with reporting obligations starting September 2026, this act requires products with digital elements to meet mandatory cybersecurity requirements. The documented vulnerabilities in the Unitree G1 - fleet-wide shared encryption keys, undocumented backdoors, unencrypted internal data buses - would likely fail these requirements.

The bigger picture: Unitree and the state

The security concerns with Unitree go beyond a single robot’s telemetry. In May 2025, the bipartisan US House Select Committee on the CCP sent a formal letter to the Defense Secretary, Commerce Secretary, and FCC Chairman citing Unitree’s connections to the Chinese military. Their findings included:

• A Unitree robot equipped with a rifle was featured in PLA-Cambodian joint military exercises in May 2024
• Unitree sold robots to approximately 30 Chinese universities over five years, including institutions on the US Entity List. North University of China documented its purchase as being for “weapon science and technology”
• Unitree is headquartered in Hangzhou’s High-Tech Zone, described as a “military-civil fusion” zone
• CEO Wang Xingxing attended a closed-door meeting with Xi Jinping in February 2025
• Unitree’s partners include Huawei, iFlytek (US Entity List), and ZTE, all designated as national security concerns
• The company received investment from a state-backed 140 billion RMB Sci-Tech Fund

In December 2025, Congressional leaders asked the Pentagon to formally list Unitree as a Chinese military company. In March 2026, the bipartisan American Security Robotics Act was introduced to ban federal procurement of Chinese-made humanoid robots.

China’s National Intelligence Law (2017) adds another layer. Article 7 states: “All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law.” Legal scholars debate how far this obligation extends and whether it has meaningful enforcement mechanisms. What is not debatable is that the law exists, that Unitree is a Chinese company with documented state ties, and that its robots have documented persistent data connections to servers in China.

What should have happened

None of this means the Sejm visit should not have happened. A humanoid robot in parliament is exactly the kind of event that forces a country to reckon with new technology. Konfederacja’s core argument - that Polish law does not keep pace with robotics - is correct, and the visit demonstrated it more effectively than any policy paper could.

But the visit should have happened differently.

Before the visit:

• A technical dossier should have been submitted: hardware specs, sensor inventory, active software services, network connectivity
• The Sejm’s IT security team should have inspected the firmware, ideally with CERT Polska or ABW consultation
• A DPIA should have been conducted under GDPR Article 35
• All wireless connections should have been verified as disabled or monitored
• UODO should have been notified given the sensitivity of the location

During the visit:

• RF monitoring should have been active to detect any unauthorized data transmission
• Sensors not required for navigation should have been disabled
• A designated, isolated network (or no network at all) should have been provided

After the visit:

• Any data the robot may have collected should have been reviewed
• A public statement addressing the RODO questions should have been issued instead of dodged

These are not unreasonable demands. They are standard protocol for any networked device entering a sensitive government facility. The UK House of Lords required similar measures when SoftBank’s Pepper robot appeared in 2018. The European Parliament requires pre-clearance and designated areas for any robot demonstration.

What needs to happen now

Konfederacja wants the Digitalization Commission to develop robot legislation. Good. Here is what it should address:

For government buildings:

• A mandatory pre-clearance protocol for any autonomous or semi-autonomous device with sensors
• Firmware inspection by qualified cybersecurity personnel
• Data protection impact assessments before entry
• RF monitoring during the visit
• Post-visit data audit and deletion verification

For public spaces:

• Clear data controller designation when a robot collects personal data in public
• Transparency requirements: people should know what a robot is recording
• Data minimization: sensors not needed for the task should be disabled
• Mandatory registration for robots operating in public spaces above a sensor capability threshold

For Chinese-made robotics platforms specifically:

• Alignment with existing policy on Chinese vehicles in military contexts
• Supply chain security review for robots deployed in any government context
• Network traffic audit requirements for robots with persistent cloud connections

The creators got it right, accidentally

The most interesting thing about the Edward Warchocki project is that its creators inadvertently demonstrated every argument for regulation by executing the visit without any regulatory friction.

They bought a Chinese robot with documented security issues. They modified its software layer but likely left the firmware untouched. They walked it through the streets of Polish cities recording interactions with people who did not consent to being filmed by a depth camera and 3D LiDAR. They brought it into parliament. At no point did any institution, any regulator, or any security service ask the right questions.

The creators are not the problem. They are engineers and entrepreneurs who built something creative and culturally resonant. The problem is that the system around them has no framework for the questions that their creation raises.

Konfederacja’s Bartlomiej Pejo said it best at the press conference: “Polish law is not keeping up.”

He was right. His own event proved it.