The point: Barely perceptible acoustic signals embedded in audio files can covertly manipulate AI speech models into data exfiltration or network access, while conventional security mechanisms fail to detect 70–93 percent of attacks.
Security researchers have developed an attack method that uses barely perceptible acoustic modifications to force AI voice assistants to execute unwanted actions. The technique, presented at the IEEE Symposium on Security and Privacy, works through conference calls and video transmissions and bypasses existing defense mechanisms.
Researchers from Zhejiang University, the National University of Singapore, and Nanyang Technological University have developed AudioHijack – a form of audio prompt injection. The method injects tiny acoustic modifications imperceptible to the human ear into audio files, which are perceived as natural background noise by people but are interpreted by the AI system’s neural network as concrete program commands.
In testing against 13 open-source audio AI systems (including Qwen2-Audio, GLM-4-Voice, Phi-4-Multimodal, Voxtral-Mini, Kimi-Audio) as well as commercial systems from Microsoft Azure and Mistral AI, the attack method achieved success rates between 79 and 96 percent. Tested actions included web searches, downloading files from controlled sources, and unauthorized forwarding of user data via email.
For a real-world business scenario: An employee attends a Zoom call where background music is playing. The attendees perceive no anomaly, but an active transcription service decodes the hidden instructions. While the visible conversation continues, the AI assistant covertly searches the network for sensitive files or forwards business information to email addresses controlled by the attacker.
Conventional defense mechanisms prove largely ineffective. Training models to recognize suspicious audio prompts reduced the success rate by only 7 percent. Checking planned actions against the user’s original intent blocked 28 percent of attacks.
Source: www.it-daily.net · Published June 1, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.