diff --git a/README.md b/README.md
index 7ad954d..2425a7d 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,7 @@ This repository accompanies our survey on **World Action Models (WAMs)** — the
   - [Evaluation](#evaluation)
 - [Training Data](#training-data)
 - [Evaluation](#evaluation)
+- [Safety](#safety)
 
 ## Tag Legend
 ### World Action Model tags
@@ -630,6 +631,17 @@ This repository accompanies our survey on **World Action Models (WAMs)** — the
 
 
 
+## Safety
+
+Safety considerations across the embodied AI pipeline that World Action Models inherit: perception robustness, cognitive jailbreak, planning manipulation, action-level adversarial control, and agentic cascading risks.
+
+- **Embodied AI Safety Survey**: "Safety in Embodied AI: A Survey of Risks, Attacks, and Defenses", arXiv 2026.
+  [[📄 Paper](https://arxiv.org/pdf/2605.02900)] [[🌍 Webpage](https://x-zheng16.github.io/Awesome-Embodied-AI-Safety/)] [[💻 Code](https://github.com/x-zheng16/Awesome-Embodied-AI-Safety)] [[🌟 Blog](https://github.com/x-zheng16/Awesome-Embodied-AI-Safety#-news)]
+
+  First unified safety framework for embodied AI, covering 500+ papers across 5 layers (Perception, Cognition, Planning, Action and Interaction, Agentic) and 18 subcategories. Capability-Risk Duality: each layer of the embodied pipeline represents a capability expansion that introduces corresponding new vulnerabilities; inner-layer vulnerabilities cascade to outer layers. Relevant to WAM design as it characterizes the threat surface that joint video-action generators, autoregressive predictors, and diffusion planners inherit at every layer they integrate.
+
+
+
 ## 👋 Citation
 
 If you find this survey or repository helpful for your research, please consider citing our paper: