The Video Game Data Bet
General Intuition is making a move that sounds like a joke until you actually sit down and think about it. The company wants to train foundation models for physical AI—robotics, self-driving cars, embodied agents—on millions of hours of video game data. Not simulated environments with perfect physics engines. Not carefully curated datasets from research labs. Real gameplay footage, the kind you'd pull from Medal, their platform that generates billions of clips yearly.
Here's why this matters for anyone responsible for security posture in an enterprise that's starting to deploy physical AI systems: the approach fundamentally changes what we need to worry about.
Pim de Witte, the CEO and co-founder, put it bluntly in a TechCrunch interview. He says robotics is about to have its ChatGPT moment. And he's not wrong, at least from a security perspective. When you can train a model on virtual data and then deploy it in the real world with minimal fine-tuning, you're collapsing the timeline between research and production. That's a problem for security teams who are still figuring out how to monitor traditional AI systems, let alone embodied agents moving around office spaces.
The company just closed a $320 million Series A at a $2.3 billion valuation, led by Vinod Khosla. That kind of money signals serious belief in the thesis. But it also means more companies will be racing to deploy physical AI faster, and faster deployments tend to mean weaker security postures.
How the Training Actually Works
Let me break down what General Intuition is doing, because the technical approach reveals a lot about where the security risks will emerge.
The core idea is that video games are essentially physics simulators with action labels. When you press a button in Rocket League, the game responds with a specific physical outcome. General Intuition maps those controller inputs to gameplay events, creating what they call "action-labeled video." The model learns spatial-temporal reasoning—not just what objects look like, but how they move and interact when you apply force.
Their MIRA model is the proof of concept. Trained on 10,000 hours of Rocket League data, it runs in real-time at 20 frames per second. You feed it the keys a player pressed, and it predicts what happens next in the game world. Collaborators include Kyutai and Epic Games, which tells you this isn't some garage operation.
But here's where it gets interesting from a security angle. De Witte claims that after training on this virtual data, you only need minutes of real-world robotics data to fine-tune the model. They demonstrated this with a quadrupedal robot—no LiDAR, no depth sensors, just a front-facing camera. They dropped dynamic objects and people into an office environment and the robot navigated zero-shot.
Eight minutes of real-world data. That's the pitch.
The Security Implications Nobody's Talking About
Let me be direct: this technology changes the threat landscape for physical AI deployments, and most security teams aren't ready.
When you can train a foundation model on virtual data and deploy it with minimal real-world fine-tuning, you're removing one of the biggest bottlenecks to physical AI adoption. That means more robots, more autonomous vehicles, more embodied agents in enterprise environments. And each one of those represents a new attack surface.
Think about it from an incident response perspective. Traditional cloud security incident response playbooks are designed for software systems—compromised credentials, lateral movement through networks, data exfiltration. But what happens when you have a physical robot in your office that's been compromised? What's the containment procedure for a quadrupedal agent that can move around your facility?
The playbooks need to account for physical AI scenarios. You need procedures for isolating compromised embodied agents, securing their sensor inputs, preventing unauthorized physical actions. This isn't theoretical—General Intuition's demo showed robots navigating dynamic office environments with people walking around. Those same environments are where enterprises will deploy these systems.
And let's not forget the data angle. If you're training models on gameplay data from Medal, you're dealing with massive datasets that might contain sensitive information. What about the real-world fine-tuning data? That eight minutes of office footage could capture proprietary information, employee movements, security camera feeds. The data handling requirements for physical AI training datasets are going to be significantly different from traditional ML pipelines.
Why Your Cloud Security Incident Response Playbook Needs Physical AI Coverage
Here's where I get specific. If you're a security & compliance analyst responsible for enterprise AI deployments, your cloud security incident response playbook needs sections on physical AI scenarios. Not as an afterthought. As a core component.
Consider this: General Intuition's approach means companies can deploy physical AI systems much faster than before. Faster deployment means less time for security review. Less security review means more vulnerabilities in production systems. And when those systems are physical—when they can move, manipulate objects, interact with people—the consequences of a breach are exponentially worse.
Your playbook needs to address:
Sensor Security: Physical AI systems rely on cameras, LiDAR, depth sensors. If an attacker can spoof or manipulate those inputs, they control the robot's perception of reality. That's a far more dangerous scenario than compromising a software system.
Physical Containment: Traditional incident response isolates compromised systems by cutting network access. But a robot with local processing can still move around your facility. You need procedures for physical containment—emergency stops, geofencing, remote shutdown capabilities.
Data Classification: The training data for physical AI systems—especially the real-world fine-tuning data—is going to be highly sensitive. Office footage, employee movements, facility layouts. Your data classification policies need to account for physical AI training datasets.
Vendor Risk: General Intuition isn't building robots. They're building the foundation models that empower others to build robots. That means you'll be dealing with multiple vendors in the physical AI supply chain, each with their own security posture. Your vendor risk assessments need to account for this new layer.
The Microsoft 365 integration angle is worth considering too. If physical AI systems need to interact with enterprise collaboration platforms—scheduling meetings, accessing documents, communicating with team members—the attack surface expands significantly. A compromised robot with access to your 365 environment could be used for social engineering, information gathering, or even physical access control bypass.
This isn't about being alarmist. It's about recognizing that the technology is moving faster than our security frameworks can adapt. General Intuition's $2.3 billion valuation tells you where the industry is heading. Your incident response playbooks need to get there first.
The Road Ahead
De Witte's vision is clear: General Intuition isn't going to build a self-driving car company. They're going to make it ten times easier for the next person to build one. That's a platform play, and platform plays tend to create ecosystem-wide security challenges.
The company distinguishes between "play" and "work"—exploration versus constrained contests. That's a useful framework for security teams too. Play is where you test, experiment, learn. Work is where you deploy with constraints and controls. The security posture for each needs to be different.
What's striking is how quickly this technology is moving. Eight minutes of real-world data to fine-tune a foundation model trained on millions of hours of virtual data. That's not just fast—it's disruptive. It means the gap between research and production is collapsing, and security teams need to close that gap too.
The funding round suggests General Intuition will continue to push this technology forward. More companies will adopt physical AI. More deployments will happen. And more security incidents will follow if we don't adapt our incident response playbooks now.
The question isn't whether physical AI will become mainstream. It's whether your security posture can keep up.